Dr Mohammad Shojafar


Senior Lecturer (Associate Prof.) in Network Security
+44 (0)1483 689480
08 CII 01

Biography

Areas of specialism

Network Security and Privacy; Green Networking; Adversarial Machine Learning; Applied Cryotography

Research

Research interests

Research projects

Indicators of esteem

  • EU Horizon Marie Curie 2019: PRISENODE  (PI)

     

    Supervision

    Postgraduate research supervision

    My publications

    Highlights

    M. Shojafar, N. Cordeschi, E. Baccarelli, "Energy-efficient Adaptive Resource Management for Real-time Vehicular Cloud Services", IEEE Transactions on Cloud Computing(TCC), Vol. 7, Iss. 1, pp. 196-209, March 2019.

    R. Taheri, M. Shojafar, M. Alazab, R. Tafazolli, "FED-IIoT: A Robust Federated Malware Detection Architecture in Industrial IoT"IEEE Transactions on Industrial Informatics(TII), Vol. PP, Iss. 99, pp. 1-11, December 2020.

    Publications

    Volunteer computing is an Internet-based distributed computing system in which volunteers share their extra available resources to manage large-scale tasks. However, computing devices in a Volunteer Computing System (VCS) are highly dynamic and heterogeneous in terms of their processing power, monetary cost, and data transferring latency. To ensure both the high Quality of Service (QoS) and low cost for different requests, all of the available computing resources must be used efficiently. Task scheduling is an NP-hard problem that is considered one of the main critical challenges in a heterogeneous VCS. Due to this, in this paper, we design two task scheduling algorithms for VCSs, named Min-CCV and Min-V. The main goal of the proposed algorithms is jointly minimizing the computation, communication and delay violation cost for the Internet of Things (IoT) requests. Our extensive simulation results show that proposed algorithms are able to allocate tasks to volunteer fog/cloud resources more efficiently than the state-of-the-art. Specifically, our algorithms improve the deadline satisfaction task rates by around 99.5% and decrease the total cost between 15 to 53% in comparison with the genetic-based algorithm.

    This book presents the latest advances in machine intelligence and big data analytics to improve early warning of cyber-attacks, for cybersecurity intrusion detection and monitoring, and malware analysis. Cyber-attacks have posed real and wide-ranging threats for the information society. Detecting cyber-attacks becomes a challenge, not only because of the sophistication of attacks but also because of the large scale and complex nature of today’s IT infrastructures. It discusses novel trends and achievements in machine intelligence and their role in the development of secure systems and identifies open and future research issues related to the application of machine intelligence in the cybersecurity field. Bridging an important gap between machine intelligence, big data, and cybersecurity communities, it aspires to provide a relevant reference for students, researchers, engineers, and professionals working in this area or those interested in grasping its diverse facets and exploring the latest advances on machine intelligence and big data analytics for cybersecurity applications. .

    Yassine Maleh, Imed Romdhani, MOHAMMAD SHOJAFAR, Mamoun Alazab (2020)Blockchain for Cybersecurity and Privacy: Architectures, Challenges, and Applications CRC Press

    Blockchain technology is defined as a decentralized system of distributed registers that are used to record data transactions on multiple computers. The reason this technology has gained popularity is that you can put any digital asset or transaction in the blocking chain, the industry does not matter. Blockchain technology has infiltrated all areas of our lives, from manufacturing to healthcare and beyond. Cybersecurity is an industry that has been significantly affected by this technology and may be more so in the future. Blockchain for Cybersecurity and Privacy: Architectures, Challenges, and Applications is an invaluable resource to discover the blockchain applications for cybersecurity and privacy. The purpose of this book is to improve the awareness of readers about blockchain technology applications for cybersecurity and privacy. This book focuses on the fundamentals, architectures, and challenges of adopting blockchain for cybersecurity. Readers will discover different applications of blockchain for cybersecurity in IoT and healthcare. The book also includes some case studies of the blockchain for e-commerce online payment, retention payment system, and digital forensics. The book offers comprehensive coverage of the most essential topics, including: Blockchain architectures and challenges Blockchain threats and vulnerabilities Blockchain security and potential future use cases Blockchain for securing Internet of Things Blockchain for cybersecurity in healthcare Blockchain in facilitating payment system security and privacy This book comprises a number of state-of-the-art contributions from both scientists and practitioners working in the fields of blockchain technology and cybersecurity. It aspires to provide a relevant reference for students, researchers, engineers, and professionals working in this particular area or those interested in grasping its diverse facets and exploring the latest advances on the blockchain for cybersecurity and privacy.

    Saeed Javanmardi, MOHAMMAD SHOJAFAR, Reza Mohammadi, Amin Nazari, Valerio Persico, Antonio Pescapè (2021)FUPE: A security driven task scheduling approach for SDN-based IoT–Fog networks, In: Journal of information security and applications60 Elsevier Ltd

    Fog computing is a paradigm to overcome the cloud computing limitations which provides low latency to the users’ applications for the Internet of Things (IoT). Software-defined networking (SDN) is a practical networking infrastructure that provides a great capability in managing network flows. SDN switches are powerful devices, which can be used as fog devices/fog gateways simultaneously. Hence, fog devices are more vulnerable to several attacks. TCP SYN flood attack is one of the most common denial of service attacks, in which a malicious node produces many half-open TCP connections on the targeted computational nodes so as to break them down. Motivated by this, in this paper, we apply SDN concepts to address TCP SYN flood attacks in IoT–fog networks . We propose FUPE, a security-aware task scheduler in IoT–fog networks. FUPE puts forward a fuzzy-based multi-objective particle swarm Optimization approach to aggregate optimal computing resources and providing a proper level of security protection into one synthetic objective to find a single proper answer. We perform extensive simulations on IoT-based scenario to show that the FUPE algorithm significantly outperforms state-of-the-art algorithms. The simulation results indicate that, by varying the attack rates, the number of fog devices, and the number of jobs, the average response time of FUPE improved by 11% and 17%, and the network utilization of FUPE improved by 10% and 22% in comparison with Genetic and Particle Swarm Optimization algorithms, respectively.

    (2021)TEL: Low-Latency Failover Traffic Engineering in Data Plane, In: IEEE eTransactions on network and service managementpp. 1-14 IEEE

    Modern network applications demand low-latency traffic engineering in the presence of network failure, while preserving the quality of service constraints like delay and capacity. Fast Re-Route (FRR) mechanisms are widely used for traffic re-routing purposes in failure scenarios. Control plane FRR typically computes the backup forwarding rules to detour the traffic in the data plane when the failure occurs. This mechanism could be computed in the data plane with the emergence of programmable data planes. In this paper, we propose a system (called TEL) that contains two FRR mechanisms, namely, and . The first one computes backup forwarding rules in the control plane, satisfying max-min fair allocation. The second mechanism provides FRR in the data plane. Both algorithms require minimal memory on programmable data planes and are well-suited with modern line rate match-action forwarding architectures (e.g., PISA). We implement both mechanisms on P4 programmable software switches (e.g., BMv2 and Tofino) and measure their performance on various topologies. The obtained results from a datacenter topology show that our FRR mechanism can improve the flow completion time up to 4.6xb-7.3x (i.e., small flows) and 3.1x-12x (i.e., large flows) compared to recirculation-based mechanisms, such as F10, respectively.

    This title encourages both researchers and practitioners to share and exchange their experiences and recent studies between academia and industry to highlight and discuss the recent development and emerging trends cybercrime and computer digital forensics in the Cloud of Things; to propose new models, practical solutions, and technological advances related to cybercrime and computer digital forensics in the Cloud of Things; and to discuss new cybercrime and computer digital forensics models, prototypes, and protocols for the Cloud of Things environment.

    (2021)Cryptanalysis of a Honeyword System in the IoT Platform, In: IEEE internet of things journalpp. 1-1 IEEE

    Password is one of the most well-known authentication methods in accessing many Internet of Things (IoT) devices. The usage of passwords, however, inherits several drawbacks and emerging vulnerabilities in the IoT platform. However, many solutions have been proposed to tackle these limitations. Most of these defense strategies suffer from a lack of computational power and memory capacity and do not have immediate cover in the IoT platform. Motivated by this consideration, the goal of this paper is fivefold. First, we analyze the feasibility of implementing a honeyword-based defense strategy to prevent the latest developed server-side threat on the IoT domain's password. Second, we perform thorough cryptanalysis of a recently developed honeyword-based method to evaluate its advancement in preventing the threat and explore the best possible way to incorporate it in the IoT platform. Third, we verify that we can add a honeyword-based solution to the IoT infrastructure by ensuring specific guidelines. Forth, we propose a generic attack model, namely matching attack utilizing the compromised password-file to perform the security check of any legacy-UI approach for meeting the all essential flatness security criterion. Last, we compare the matching attack's performance with the corresponding one of a benchmark technological methods over the legacy-UI model and confirm that our attack has 5%~22% more vulnerable than others.

    (2019)Identification of Android malware using refined system calls, In: Concurrency and computation31(20)

    Summary The ever increasing number of Android malware has always been a concern for cybersecurity professionals. Even though plenty of anti‐malware solutions exist, we hypothesize that the performance of existing approaches can be improved by deriving relevant attributes through effective feature selection methods. In this paper, we propose a novel two‐step feature selection approach based on Rough Set and Statistical Test named as RSST to extract refined system calls, which can effectively discriminate malware from benign apps. By refined set of system call, we mean the existence of highly relevant calls that are uniformly distributed thought target classes. Moreover, an optimal attribute set is created, which is devoid of redundant system calls. To address the problem of higher dimensional attribute set, we derived suboptimal system call space by applying the proposed feature selection method to maximize the separability between malware and benign samples. Comprehensive experiments conducted on three datasets resulted in an accuracy of 99.9%, Area Under Curve (AUC) of 1.0, with 1% False Positive Rate (FPR). However, other feature selectors (Information Gain, CFsSubsetEval, ChiSquare, FreqSel, and Symmetric Uncertainty) used in the domain of malware analysis resulted in the accuracy of 95.5% with 8.5% FPR. Moreover, the empirical analysis of RSST derived system calls outperformed other attributes such as permissions, opcodes, API, methods, call graphs, Droidbox attributes, and network traces.

    Ali Shahidinejad, Mostafa Ghobaei-Arani, Alireza Souri, MOHAMMAD SHOJAFAR, Saru Kumari (2021)Light-Edge: A Lightweight Authentication Protocol for IoT Devices in an Edge-Cloud Environment, In: IEEE consumer electronics magazinepp. 1-1 IEEE

    Due to the ever-growing use of active Internet devices, the Internet has achieved good popularity at present. The smart devices could connect to the Internet and communicate together that shape the Internet of Things (IoT). Such smart devices are generating data and are connecting to each other through edge-cloud infrastructure. Authentication of the IoT devices plays a critical role in the success of the integration of IoT, edge, and cloud computing technologies. The complexity and attack resistance of the authentication protocols are still the main challenges. Motivated by this, this paper introduces a lightweight authentication protocol for IoT devices named Light-Edge using a three-layer scheme, including IoT device layer, trust center at the edge layer, and cloud service providers. The results show the superiority of the proposed protocol against other approaches in terms of attack resistance, communication cost, and time cost.

    ‪Farooq Hoseiny‬, Sadoon Azizi, MOHAMMAD SHOJAFAR, RAHIM TAFAZOLLI (2021)Joint QoS-aware and Cost-efficient Task Scheduling for Fog-Cloud Resources in a Volunteer Computing System, In: ACM Transactions on Internet Technology Association for Computing Machinery (ACM)

    Volunteer computing is an Internet based distributed computing in which volunteers share their extra available resources to manage large-scale tasks. However, computing devices in a Volunteer Computing System (VCS) are highly dynamic and heterogeneous in terms of their processing power, monetary cost, and data transferring latency. To ensure both of the high Quality of Service (QoS) and low cost for different requests, all of the available computing resources must be used efficiently. Task scheduling is an NP-hard problem that is considered as one of the main critical challenges in a heterogeneous VCS. Due to this, in this paper, we design two task scheduling algorithms for VCSs, named Min-CCV and Min-V. The main goal of the proposed algorithms is jointly minimizing the computation, communication and delay violation cost for the Internet of Things (IoT) requests. Our extensive simulation results show that proposed algorithms are able to allocate tasks to volunteer fog/cloud resources more efficiently than the state-of-the-art. Specifically, our algorithms improve the deadline satisfaction task rates around 99.5% and decrease the total cost between 15 to 53% in comparison with the genetic-based algorithm.

    Z-H Zhou, MOHAMMAD SHOJAFAR, Mamoun Alazab, Jemal Abawajy, FF Li (2021)AFED-EF: An Energy-efficient VM Allocation Algorithm for IoT Applications in a Cloud Data Center, In: IEEE Transactions on Green Communications and Networkingpp. 1-1 IEEE

    Cloud Data Centers (CDCs) have become a vital computing infrastructure for enterprises. However, CDCs consume substantial energy due to the increased demand for computing power, especially for the Internet of Things (IoT) applications. Although a great deal of research in green resource allocation algorithms have been proposed to reduce the energy consumption of the CDCs, existing approaches mostly focus on minimizing the number of active Physical Machines (PMs) and rarely address the issue of load fluctuation and energy efficiency of the Virtual Machine (VM) provisions jointly. Moreover, existing approaches lack mechanisms to consider and redirect the incoming traffics to appropriate resources to optimize the Quality of Services (QoSs) provided by the CDCs. We propose a novel adaptive energy-aware VM allocation and deployment mechanism called AFED-EF for IoT applications to handle these problems. The proposed algorithm can efficiently handle the fluctuation of load and has good performance during the VM allocation and placement. We carried out extensive experimental analysis using a real-world workload based on more than a thousand PlanetLab VMs. The experimental results illustrate that AFED-EF outperforms other energy-aware algorithms in energy consumption, Service Level Agreements (SLA) violation, and energy efficiency.

    Ke Wang, Chien-Ming Chen, Zhuoyu Tie, MOHAMMAD SHOJAFAR, Sachin Kumar, Saru Kumari (2021)Forward Privacy Preservation in IoT enabled Healthcare Systems, In: IEEE transactions on industrial informaticspp. 1-1 IEEE

    IoT-enabled smart healthcare systems has the characteristics of heterogeneous fusion, cross domain, collaborative autonomy, dynamic change and open interconnection, but they bring huge challenges in privacy issues. We proposed a scheme of forward privacy preserving for IoT-enabled healthcare systems, which mainly includes a searchable encryption scheme to achieve privacy preserving and searchable function. Our scheme uses trapdoor permutation to change the status counter, and it makes the adversary difficult to determine the valid status counter of inserted record with only the public key of the client. Our mechanism can solve the problem of verifying the correctness of the search results in the top-k search scenario with only part of the search results. The formal security analysis proves that our scheme achieves forward privacy preservation which can guarantee the privacy of healthcare data. Besides, performance evaluation shows our scheme are efficient and secure to preserve privacy of IoT-enabled healthcare systems.

    (2019)Energy-Efficient Adaptive Resource Management for Real-Time Vehicular Cloud Services, In: IEEE transactions on cloud computing7(1)pp. 196-209 IEEE Computer Society

    Providing real-time cloud services to Vehicular Clients (VCs) must cope with delay and delay-jitter issues. Fog computing is an emerging paradigm that aims at distributing small-size self-powered data centers (e.g., Fog nodes) between remote Clouds and VCs, in order to deliver data-dissemination real-time services to the connected VCs. Motivated by these considerations, in this paper, we propose and test an energy-efficient adaptive resource scheduler for Networked Fog Centers (NetFCs). They operate at the edge of the vehicular network and are connected to the served VCs through Infrastructure-to-Vehicular (I2V) TCP/IP-based single-hop mobile links. The goal is to exploit the locally measured states of the TCP/IP connections, in order to maximize the overall communication-plus-computing energy efficiency, while meeting the application-induced hard QoS requirements on the minimum transmission rates, maximum delays and delay-jitters. The resulting energy-efficient scheduler jointly performs: (i) admission control of the input traffic to be processed by the NetFCs; (ii) minimum-energy dispatching of the admitted traffic; (iii) adaptive reconfiguration and consolidation of the Virtual Machines (VMs) hosted by the NetFCs; and, (iv) adaptive control of the traffic injected into the TCP/IP mobile connections. The salient features of the proposed scheduler are that: (i) it is adaptive and admits distributed and scalable implementation; and, (ii) it is capable to provide hard QoS guarantees, in terms of minimum/maximum instantaneous rates of the traffic delivered to the vehicular clients, instantaneous rate-jitters and total processing delays. Actual performance of the proposed scheduler in the presence of: (i) client mobility; (ii) wireless fading; and, (iii) reconfiguration and consolidation costs of the underlying NetFCs, is numerically tested and compared against the corresponding ones of some state-of-the-art schedulers, under both synthetically generated and measured real-world workload traces.

    (2018)An efficient routing protocol for the QoS support of large‐scale MANETs, In: International journal of communication systems31(1)pp. e3384-n/a

    Summary The hierarchical routing algorithm is categorized as a kind of routing method using node clustering to create a hierarchical structure in large‐scale mobile ad hoc network (LMANET). In this paper, we proposed a new hierarchical clustering algorithm (HCAL) and a corresponded protocol for hierarchical routing in LMANET. The HCAL is designed based on a cost metric in the form of the link expiration time and node's relative degree. Correspondingly, the routing protocol for HCAL adopts a reactive protocol to control the existing cluster head (CH) nodes and handle proactive nodes to be considered as a cluster in LMANET. Hierarchical clustering algorithm jointly utilizes table‐driven and on‐demand routing by using a combined weight metric to search dominant set of nodes. This set is composed by link expiration time and node's relative degree to establish the intra/intercommunication paths in LMANET. The performance of the proposed algorithm and protocol is numerically evaluated in average end‐to‐end delay, number of CH per round, iteration count between the CHs, average CH keeping time, normalized routing overhead, and packet delivery ratio over a number of randomly generated benchmark scenarios. Furthermore, to corroborate the actual effectiveness of the HCAL algorithm, extensive performance comparisons are carried out with some state‐of‐the‐art routing algorithms, namely, Dynamic Doppler Velocity Clustering, Signal Characteristic‐Based Clustering, Dynamic Link Duration Clustering, and mobility‐based clustering algorithms. In this paper, we proposed a hybrid hierarchical clustering algorithm (HCAL) for large‐scale ad hoc networks (LMANET) and a protocol for hierarchical routing related to it (HCAL‐R) based on the cost metric in the forms of the link expiration time and node's relative degree. Remarkable features of the HCAL algorithm are that (1) its implementation is distributed over the available mobile nodes and (2) it is capable to adapt to the (possibly, complex) network size with the high‐speed nodes over the LMANET. Both these features are attained by equipping each routing path by a cost metric function in cluster head (CH) election that acquires context information by the environment (eg, current state of the CHs and the keeping time of the CHs).

    MOHAMMAD SHOJAFAR, ZAHRA POORANIAN, Mohammad Reza Meybodi, Mukesh Singhal (2015)ALATO: An efficient intelligent algorithm for time optimization in an economic grid based on adaptive stochastic Petri net, In: Journal of intelligent manufacturing26(4)pp. 641-658
    (2019)Joint Energy Efficient and QoS-Aware Path Allocation and VNF Placement for Service Function Chaining, In: IEEE eTransactions on network and service management16(1)pp. 374-388 IEEE

    Service function chaining (SFC) allows the forwarding of traffic flows along a chain of virtual network functions (VNFs). Software defined networking (SDN) solutions can be used to support SFC to reduce both the management complexity and the operational costs. One of the most critical issues for the service and network providers is the reduction of energy consumption, which should be achieved without impacting the Quality of Service. In this paper, we propose a novel resource allocation architecture which enables energy-aware SFC for SDN-based networks, considering also constraints on delay, link utilization, server utilization. To this end, we formulate the problems of VNF placement, allocation of VNFs to flows, and flow routing as integer linear programming (ILP) optimization problems. Since the formulated problems cannot be solved (using ILP solvers) in acceptable timescales for realistic problem dimensions, we design a set of heuristic to find near-optimal solutions in timescales suitable for practical applications. We numerically evaluate the performance of the proposed algorithms over a real-world topology under various network traffic patterns. Our results confirm that the proposed heuristic algorithms provide near-optimal solutions (at most 14% optimality-gap) while their execution time makes them usable for real-life networks.

    ZAHRA POORANIAN, MOHAMMAD SHOJAFAR, Jemal Abawajy, A Abraham (2015)An efficient meta-heuristic algorithm for grid computing, In: Journal of combinatorial optimization30(3)pp. 413-434
    Enzo Baccarelli, Paola G Vinueza Naranjo, Michele Scarpiniti, MOHAMMAD SHOJAFAR, Jemal Abawajy (2017)Fog of Everything: Energy-Efficient Networked Computing Architectures, Research Challenges, and a Case Study, In: IEEE access5pp. 9882-9910 IEEE

    Fog computing (FC) and Internet of Everything (IoE) are two emerging technological paradigms that, to date, have been considered standing-alone. However, because of their complementary features, we expect that their integration can foster a number of computing and network-intensive pervasive applications under the incoming realm of the future Internet. Motivated by this consideration, the goal of this position paper is fivefold. First, we review the technological attributes and platforms proposed in the current literature for the standing-alone FC and IoE paradigms. Second, by leveraging some use cases as illustrative examples, we point out that the integration of the FC and IoE paradigms may give rise to opportunities for new applications in the realms of the IoE, Smart City, Industry 4.0, and Big Data Streaming, while introducing new open issues. Third, we propose a novel technological paradigm, the Fog of Everything (FoE) paradigm, that integrates FC and IoE and then we detail the main building blocks and services of the corresponding technological platform and protocol stack. Fourth, as a proof-of-concept, we present the simulated energy-delay performance of a small-scale FoE prototype, namely, the V-FoE prototype. Afterward, we compare the obtained performance with the corresponding one of a benchmark technological platform, e.g., the V-D2D one. It exploits only device-to-device links to establish inter-thing "ad hoc" communication. Last, we point out the position of the proposed FoE paradigm over a spectrum of seemingly related recent research projects.

    MOHAMMAD SHOJAFAR, ZAHRA POORANIAN, Paola G. Vinueza Naranjo, Enzo Baccarelli (2017)FLAPS: bandwidth and delay-efficient distributed data searching in Fog-supported P2P content delivery networks, In: The Journal of supercomputing73(12)pp. 5239-5260 Springer US

    Due to the growing interest for multimedia contents by mobile users, designing bandwidth and delay-efficient distributed algorithms for data searching over wireless (possibly, mobile) “ad hoc” Peer-to-Peer (P2P) content Delivery Networks (CDNs) is a topic of current interest. This is mainly due to the limited computing-plus-communication resources featuring state-of-the-art wireless P2P CDNs. In principle, an effective means to cope with this limitation is to empower traditional P2P CDNs by distributed Fog nodes. Motivated by this consideration, the goal of this paper is twofold. First, we propose and describe the main building blocks of a hybrid (e.g., mixed infrastructure and “ad hoc”) Fog-supported P2P architecture for wireless content delivery, namely, the Fog-Caching P2P architecture. It exploits the topological (possibly, time varying) information locally available at the serving Fog nodes, in order to speed up the data searching operations performed by the served peers. Second, we propose a bandwidth and delay-efficient, distributed and adaptive probabilistic search algorithm, that relies on the learning automata paradigm, e.g., the Fog-supported Learning Automata Adaptive Probabilistic Search (FLAPS) algorithm. The main feature of the FLAPS algorithm is the exploitation of the local topology information provided by the serving Fog nodes and the current status of the collaborating peers, in order to run a suitably distributed reinforcement algorithm for the adaptive discovery of peer-to-peer and peer-to-fog minimum-hop routes. The performance of the proposed FLAPS algorithm is numerically evaluated in terms of Success Rate, Hit-per-Query, Message-per-Query, Response Delay and Message Duplication Factor over a number of randomly generated benchmark CDN topologies. Furthermore, in order to corroborate the actual effectiveness of the FLAPS algorithm, extensive performance comparisons are carried out with some state-of-the-art searching algorithms, namely the Adaptive Probabilistic Search, Improved Adaptive Probabilistic Search and the Random Walk algorithms.

    Saeed Javanmardi, MOHAMMAD SHOJAFAR, Valerio Persico, Antonio Pescapè (2020)FPFTS: A joint fuzzy particle swarm optimization mobility‐aware approach to fog task scheduling algorithm for Internet of Things devices, In: Software, practice & experience
    Meysam Ghahramani, Reza Javidan, MOHAMMAD SHOJAFAR, Rahim Taheri, Mamoun Alazab, RAHIM TAFAZOLLI (2021)RSS: An Energy-Efficient Approach for Securing IoT Service Protocols Against the DoS Attack, In: IEEE Internet of Things Journal8(5)pp. 3619-3635 IEEE

    Authentication protocols are powerful tools to ensure confidentiality as an important feature of Internet of Things (IoT). The Denial-of-Service (DoS) attack is one of the significant threats to availability , as another essential feature of IoT, which deprives users of services by consuming the energy of IoT nodes. On the other hand, computational intelligence algorithms can be applied to solve such issues in the network and cyber domains. Motivated by this, this article links these concepts. To do so, we analyze two lightweight authentication protocols, present a DoS attack inspired by users' misbehavior and suggest a solution called received signal strength, which is easy to compute, applicable for resisting against different kinds of vulnerabilities in Internet protocols, and feasible for practical implementations. We implement it on two scenarios for locating attackers, investigate the effects of IoT devices' internal error on locating, and propose an optimization problem to finding the exact location of attackers, which is efficiently solvable for computational intelligence algorithms, such as TLBO. Besides, we analyze the solutions for unreliable results of accurate devices and provide a solution to detect attackers with less than 12-cm error and the false alarm probability of 0.7%.

    Rahim Taheri, MOHAMMAD SHOJAFAR, Mamoun Alazab, RAHIM TAFAZOLLI (2020)FED-IIoT: A Robust Federated Malware Detection Architecture in Industrial IoT, In: IEEE transactions on industrial informaticspp. 1-1 IEEE

    The sheer volume of IIOT malware is one of the most serious security threats in today's interconnected world, with new types of advanced persistent threats and advanced forms of obfuscations. This paper presents a robust Federated Learning-based architecture called Fed-IIoT for detecting Android malware applications in IIoT. Fed-IIoT consists of two parts: i) participant side, where the data are triggered by two dynamic poisoning attacks based on a generative adversarial network (GAN) and Federated Generative Adversarial Network (FedGAN). While ii) server-side, aim to monitor the global model and shape a robust collaboration training model, by avoiding anomaly in aggregation by GAN network (A3GAN) and adjust two GAN-based countermeasure algorithms. One of the main advantages of Fed-IIoT is that devices can safely participate in the IIoT and efficiently communicate with each other, with no privacy issues. We evaluate our solution through experiments on various features using three IoT datasets. The results confirm the high accuracy rates of our attack and defence algorithms and show that the A3GAN defensive approach preserves the robustness of data privacy for Android mobile users and is about 8% higher accuracy with existing state-of-the-art solutions.

    Middleboxes have become a vital part of modern networks by providing services such as load balancing, optimization of network traffic, and content filtering. A sequence of middleboxes comprising a logical service is called a Service Function Chain (SFC). In this context, the main issues are to maintain an acceptable level of network path survivability and a fair allocation of the resource between different demands in the event of faults or failures. In this paper, we focus on the problems of traffic engineering, failure recovery, fault prevention, and SFC with reliability and energy consumption constraints in Software Defined Networks (SDN). These types of deployments use Fog computing as an emerging paradigm to manage the distributed small-size traffic flows passing through the SDN-enabled switches (possibly Fog Nodes). The main aim of this integration is to support service delivery in real-time, failure recovery, and fault-awareness in an SFC context. Firstly, we present an architecture for Failure Recovery and Fault Prevention called FRFP; this is a multi-tier structure in which the real-time traffic flows pass through SDN-enabled switches to jointly decrease the network side-effects of flow rerouting and energy consumption of the Fog Nodes. We then mathematically formulate an optimization problem called the Optimal Fog-Supported Energy-Aware SFC rerouting algorithm (OFES) and propose a near-optimal heuristic called Heuristic OFES (HFES) to solve the corresponding problem in polynomial time. In this way, the energy consumption and the reliability of the selected paths are optimized, while the Quality of Service (QoS) constraints are met and the network congestion is minimized. In a reliability context, the focus of this work is on fault prevention; however, since we use a reallocation technique, the proposed scheme can be used as a failure recovery scheme. We compare the performance of HFES and OFES in terms of energy consumption, average path length, fault probability, network side-effects, link utilization, and Fog Node utilization. Additionally, we analyze the computational complexity of HFES. We use a real-world network topology to evaluate our algorithm. The simulation results show that the heuristic algorithm is applicable to large-scale networks.

    The widespread adoption of smartphones dramatically increases the risk of attacks and the spread of mobile malware, especially on the Android platform. Machine learning-based solutions have been already used as a tool to supersede signature-based anti-malware systems. However, malware authors leverage features from malicious and legitimate samples to estimate statistical difference in-order to create adversarial examples. Hence, to evaluate the vulnerability of machine learning algorithms in malware detection, we propose five different attack scenarios to perturb malicious applications (apps). By doing this, the classification algorithm inappropriately fits the discriminant function on the set of data points, eventually yielding a higher misclassification rate. Further, to distinguish the adversarial examples from benign samples, we propose two defense mechanisms to counter attacks. To validate our attacks and solutions, we test our model on three different benchmark datasets. We also test our methods using various classifier algorithms and compare them with the state-of-the-art data poisoning method using the Jacobian matrix. Promising results show that generated adversarial samples can evade detection with a very high probability. Additionally, evasive variants generated by our attack models when used to harden the developed anti-malware system improves the detection rate up to 50% when using the generative adversarial network (GAN) method.

    Mohammad M Tajiki, Behzad Akbari, MOHAMMAD SHOJAFAR, Nader Mokari (2017)Joint QoS and Congestion Control Based on Traffic Prediction in SDN, In: Applied sciences7(12)
    Meysam Ghahramani, Reza Javidan, MOHAMMAD SHOJAFAR (2020)A secure biometric-based authentication protocol for global mobility networks in smart cities, In: The Journal of supercomputing76(11)pp. 8729-8755

    Smart city is an important concept in urban development. The use of information and communication technology to promote quality of life and the management of natural resources is one of the main goals in smart cities. On the other hand, at any time, thousands of mobile users send a variety of information on the network, and this is the main challenge in smart cities. To overcome this challenge and collect data from roaming users, the global mobility network (GLOMONET) is a good approach for information transfer. Consequently, designing a secure protocol for GLOMONET is essential. The main intention of this paper is to provide a secure protocol for GLOMONET in smart cities. To do this, we design a protocol that is based on Li et al.’s protocol, which is not safe against our proposed attacks. Our protocol inherits all the benefits of the previous one; it is entirely secure and does not impose any more communication overhead. We formally analyze the protocol using BAN logic and compare it to similar ones in terms of performance and security, which shows the efficiency of our protocol. Our proposed protocol enables mobile users and foreign agents to share a secret key in 6.1 ms with 428 bytes communication overhead, which improves the time complexity of the previous protocol to 53%.

    Paola G. Vinueza Naranjo, ZAHRA POORANIAN, MOHAMMAD SHOJAFAR, M Conti, Rajkumar Buyya (2019)FOCAN: A Fog-supported smart city network architecture for management of applications in the Internet of Everything environments, In: Journal of parallel and distributed computing132pp. 274-283 Elsevier Inc

    Smart city vision brings emerging heterogeneous communication technologies such as Fog Computing (FC) together to substantially reduce the latency and energy consumption of Internet of Everything (IoE) devices running various applications. The key feature that distinguishes the FC paradigm for smart cities is that it spreads communication and computing resources over the wired/wireless access network (e.g., proximate access points and base stations) to provide resource augmentation (e.g., cyberforaging) for resource- and energy-limited wired/wireless (possibly mobile) things. Motivated by these considerations, this paper presents a Fog-supported smart city network architecture called Fog Computing Architecture Network (FOCAN), a multi-tier structure in which the applications are running on things thatjointly compute, route, and communicate with one another through the smart city environment. FOCAN decreases latency and improves energy provisioning and the efficiency of services among things with different capabilities. In particular, three types of communications are defined between FOCAN devices – interprimary, primary, and secondary communication –to manage applications in a way that meets the quality of service standards for the Internet of Everything. One of the main advantages of the proposed architecture is that the devices can provide the services with low energy usage and in an efficient manner. Simulation results for a selected case study demonstrate the tremendous impact of the FOCAN energy-efficient solution on the communication performance of various types of things in smart cities. •Present a generalized multi-tiered smart city architecture utilizes FC for devices.•Develop an FC-supported resource allocation model to cover FNs/device components.•Provide various types of communications between the components.•Evaluate the performance of the solution for an FC platform on real datasets.

    Rahim Taheri, Meysam Ghahramani, Reza Javidan, MOHAMMAD SHOJAFAR, ZAHRA POORANIAN, M Conti (2020)Similarity-based Android malware detection using Hamming distance of static binary features, In: Future generation computer systems105pp. 230-247 Elsevier B.V

    In this paper, we develop four malware detection methods using Hamming distance to find similarity between samples which are first nearest neighbors (FNN), all nearest neighbors (ANN), weighted all nearest neighbors (WANN), and k-medoid based nearest neighbors (KMNN). In our proposed methods, we can trigger the alarm if we detect an Android app is malicious. Hence, our solutions help us to avoid the spread of detected malware on a broader scale. We provide a detailed description of the proposed detection methods and related algorithms. We include an extensive analysis to assess the suitability of our proposed similarity-based detection methods. In this way, we perform our experiments on three datasets, including benign and malware Android apps like Drebin, Contagio, and Genome. Thus, to corroborate the actual effectiveness of our classifier, we carry out performance comparisons with some state-of-the-art classification and malware detection algorithms, namely Mixed and Separated solutions, the program dissimilarity measure based on entropy (PDME) and the FalDroid algorithms. We test our experiments in a different type of features: API, intent, and permission features on these three datasets. The results confirm that accuracy rates of proposed algorithms are more than 90% and in some cases (i.e., considering API features) are more than 99%, and are comparable with existing state-of-the-art solutions. •We prove the similar results achievement of using Hamming distance with others.•We propose four scenarios for malware detection using Hamming distances.•We obtain the maximum achievable accuracy with the Hamming distance as a threshold.•We evaluate our methods using three standard datasets and various features.•We compare our malware detection methods against three cutting-edge solutions.

    Hossein Soleimani, Stefano Tomasin, Tohid Alizadeh, (2017)Cluster-head based feedback for simplified time reversal prefiltering in ultra-wideband systems, In: Physical communication25pp. 100-109 Elsevier B.V

    Time-reversal prefiltering (TRP) technique for impulse radio (IR) ultra wide-band (UWB) systems requires a large amount of feedback to transmit the channel impulse response from the receiver to the transmitter. In this paper, we propose a new feedback design based on vector quantization. We use a machine learning algorithm to cluster the estimated channels into several groups and to select the channel cluster heads (CCHs) for feedback. In particular, CCHs and their labels are recorded at both side of the UWB transceivers and the label of the most similar CCH to the estimated channel is fed back to the transmitter. Finally, the TRP is applied using the feedback CCH. The proposed digital feedback provides three main advantages: (1) it significantly reduces the dedicated bandwidth required for feedback; (2) it considerably improves the speed of transceivers; and, (3) it is robust to noise in the feedback channel since few bytes are required to send the codes that can be heavily error protected. Numerical results on standard UWB channel models are discussed, showing the advantage of the proposed solution.

    Hiwa Omer Hassan, Sadoon Azizi, MOHAMMAD SHOJAFAR (2020)Priority, network and energy-aware placement of IoT-based application services in fog-cloud environments, In: IET communications14(13)pp. 2117-2129 The Institution of Engineering and Technology

    Fog computing is a decentralised model which can help cloud computing for providing high quality-of-service (QoS) for the Internet of Things (IoT) application services. Service placement problem (SPP) is the mapping of services among fog and cloud resources. It plays a vital role in response time and energy consumption in fog–cloud environments. However, providing an efficient solution to this problem is a challenging task due to difficulties such as different requirements of services, limited computing resources, different delay, and power consumption profile of devices in fog domain. Motivated by this, in this study, we propose an efficient policy, called MinRE, for SPP in fog–cloud systems. To provide both QoS for IoT services and energy efficiency for fog service providers, we classify services into two categories: critical services and normal ones. For critical services, we propose MinRes, which aims to minimise response time, and for normal ones, we propose MinEng, whose goal is reducing the energy consumption of fog environment. Our extensive simulation experiments show that our policy improves the energy consumption up to 18%, the percentage of deadline satisfied services up to 14% and the average response time up to 10% in comparison with the second-best results.

    Middleboxes have become a vital part of modern networks by providing services such as load balancing, optimization of network traffic, and content filtering. A sequence of middleboxes comprising a logical service is called a Service Function Chain (SFC). In this context, the main issues are to maintain an acceptable level of network path survivability and a fair allocation of the resource between different demands in the event of faults or failures. In this paper, we focus on the problems of traffic engineering, failure recovery, fault prevention, and SFC with reliability and energy consumption constraints in Software Defined Networks (SDN). These types of deployments use Fog computing as an emerging paradigm to manage the distributed small‐size traffic flows passing through the SDN‐enabled switches (possibly Fog Nodes). The main aim of this integration is to support service delivery in real‐time failure recovery in an SFC context. First, we present an architecture for Failure Recovery called FRFP; this is a multi‐tier structure in which the real‐time traffic flows pass through SDN‐enabled switches to jointly decrease the network side‐effects of flow rerouting and energy consumption of the Fog Nodes. We then mathematically formulate an optimization problem called the Optimal Fast Failure Recovery algorithm (OFFR) and propose a near‐optimal heuristic called Heuristic HFFR to solve the corresponding problem in polynomial time. In this way, the reliability of the selected paths are optimized, while the network congestion is minimized.

    (2018)Joint Minimization of the Energy Costs From Computing, Data Transmission, and Migrations in Cloud Data Centers, In: IEEE Transactions on Green Communications and Networking2(2)pp. 580-595 IEEE

    We propose a novel model, called joint computing, data transmission and migration energy costs (JCDME), for the allocation of virtual elements (VEs), with the goal of minimizing the energy consumption in a software-defined cloud data center (SDDC). More in detail, we model the energy consumption by considering the computing costs of the VEs on the physical servers, the costs for migrating VEs across the servers, and the costs for transferring data between VEs. In addition, JCDME introduces a weight parameter to avoid an excessive number of VE migrations. Specifically, we propose three different strategies to solve the JCDME problem with an automatic and adaptive computation of the weight parameter for the VEs migration costs. We then evaluate the considered strategies over a set of scenarios, ranging from a small sized SDDC up to a medium-sized SDDC composed of hundreds of VEs and hundreds of servers. Our results demonstrate that JCDME is able to save up to an additional 7% of energy with respect to previous energy-aware algorithms, without a substantial increase in the solution complexity.

    Bushra Jamil, MOHAMMAD SHOJAFAR, I Ahmed, Atta Ullah, Kashif Munir, Humaira Ijaz (2020)A job scheduling algorithm for delay and performance optimization in fog computing, In: Concurrency and computation32(7)
    Samaher Al-Janabi, Ibrahim Al-Shourbaji, Shahaboddin Shamshirband (2017)Survey of main challenges (security and privacy) in wireless body area networks for healthcare applications, In: Egyptian informatics journal18(2)pp. 113-122 Elsevier B.V

    Wireless Body Area Network (WBAN) is a new trend in the technology that provides remote mechanism to monitor and collect patient’s health record data using wearable sensors. It is widely recognized that a high level of system security and privacy play a key role in protecting these data when being used by the healthcare professionals and during storage to ensure that patient’s records are kept safe from intruder’s danger. It is therefore of great interest to discuss security and privacy issues in WBANs. In this paper, we reviewed WBAN communication architecture, security and privacy requirements and security threats and the primary challenges in WBANs to these systems based on the latest standards and publications. This paper also covers the state-of-art security measures and research in WBAN. Finally, open areas for future research and enhancements are explored.

    Raja Wasim Ahmad, Abdullah Gani, Siti Hafizah Ab Hamid, MOHAMMAD SHOJAFAR, Abdelmuttlib Ibrahim Abdalla Ahmed, SA Madani, Kashif Saleem, Joel J.P.C Rodrigues (2017)A survey on energy estimation and power modeling schemes for smartphone applications, In: International journal of communication systems30(11)

    Summary In the last decade, the rising trend in the popularity of smartphones motivated software developers to increase application functionality. However, increasing application functionality demands extra power budget that as a result, decreases smartphone battery lifetime. Optimizing energy critical sections of an application creates an opportunity to increase battery lifetime. Smartphone application energy estimation helps investigate energy consumption behavior of an application at diversified granularity (eg, coarse and fine granular) for optimal battery resource use. This study explores energy estimation and modeling schemes to highlight their advantages and shortcomings. It classifies existing smartphone application energy estimation and modeling schemes into 2 categories, ie, code analysis and mobile components power model–based estimation owing to their architectural designs. Moreover, it further classifies code analysis–based modeling and estimation schemes in simulation‐based and profiling‐based categories. It compares existing energy estimation and modeling schemes based on a set of parameters common in most literature to highlight the commonalities and differences among reported literature. Existing application energy estimation schemes are low‐accurate, resource expensive, or non‐scalable, as they consider marginally accurate smart battery's voltage/current sensors, low‐rate power capturing tools, and labor‐driven lab‐setting environment to propose power models for smartphone application energy estimation. Besides, the energy estimation overhead of the components power model–based estimation schemes is very high as they physically run the application on a smartphone for energy profiling. To optimize smartphone application energy estimation, we have highlighted several research issues to help researchers of this domain to understand the problem clearly. As shown in figure, this paper discusses energy estimation methods and techniques for energy estimation of smartphone applications. It estimates energy consumption of applications based on smartphone components power models or source code energy models. It proposes taxonomies and highlights open research issues. It concludes that energy estimation is a resource expensive task owing to high profiling overhead.

    (2018)An Approach to Balance Maintenance Costs and Electricity Consumption in Cloud Data Centers, In: IEEE transactions on sustainable computing3(4)pp. 274-288 IEEE

    We target the problem of managing the power states of the servers in a Cloud Data Center (CDC) to jointly minimize the electricity consumption and the maintenance costs derived from the variation of power (and consequently of temperature) on the servers' CPU. More in detail, we consider a set of virtual machines (VMs) and their requirements in terms of CPU and memory across a set of Time Slot (TSs). We then model the consumed electricity by taking into account the VMs processing costs on the servers, the costs for transferring data between the VMs, and the costs for migrating the VMs across the servers. In addition, we employ a material-based fatigue model to compute the maintenance costs needed to repair the CPU, as a consequence of the variation over time of the server power states. After detailing the problem formulation, we design an original algorithm, called Maintenance and Electricity Costs Data Center (MECDC), to solve it. Our results, obtained over several scenarios from a real CDC, show that MECDC largely outperforms two reference algorithms, which instead either target the load balancing or the energy consumption of the servers.

    Pei Wang, Chien-Ming Chen, Saru Kumari, MOHAMMAD SHOJAFAR, RAHIM TAFAZOLLI, Yi Liu (2020)HDMA: Hybrid D2D Message Authentication Scheme for 5G-Enabled VANETs, In: IEEE transactions on intelligent transportation systemspp. 1-10 IEEE

    The fifth-generation (5G) mobile communication technology with higher capacity and data rate, ultra-low device to device (D2D) latency, and massive device connectivity will greatly promote the development of vehicular ad hoc networks (VANETs). Meantime, new challenges such as security, privacy and efficiency are raised. In this article, a hybrid D2D message authentication (HDMA) scheme is proposed for 5G-enabled VANETs, in which a novel group signature-based algorithm is used for mutual authentication between vehicle to vehicle (V2V) communication. In addition, a pre-computed lookup table is adopted to reduce the computation overhead of modular exponentiation operation. Security analysis shows that HDMA is robust to resist various security attacks, and performance analysis also points out that, the authentication overhead of HDMA is more efficient than some traditional schemes with the help of the pre-computed lookup table in V2V and vehicle to infrastructure (V2I) communication.

    Sadoon Azizi, MOHAMMAD SHOJAFAR, Jemal Abawajy, Rajkumar Buyya (2020)GRVMP: A Greedy Randomized Algorithm for Virtual Machine Placement in Cloud Data Centers, In: IEEE systems journalpp. 1-12 IEEE

    Cloud computing efficiency greatly depends on the efficiency of the virtual machines (VMs) placement strategy used. However, VM placement has remained one of the major challenging issues in cloud computing mainly because of the heterogeneity in both virtual and physical machines (PMs), the multidimensionality of the resources, and the increasing scale of the cloud data centers (CDCs). An inefficiency in VM placement strategy has a significant influence on the quality of service provided, the amount of energy consumed, and the running costs of the CDCs. To address these issues, in this article, we propose a greedy randomized VM placement (GRVMP) algorithm in a large-scale CDC with heterogeneous and multidimensional resources. GRVMP inspires the "power of two choices" model and places VMs on the more power-efficient PMs to jointly optimize CDC energy usage and resource utilization. The performance of GRVMP is evaluated using synthetic and real-world production scenarios (Amazon EC2) with several performance matrices. The results of the experiment confirm that GRVMP jointly optimizes power usage and the overall wastage of resource utilization. The results also show that GRVMP significantly outperforms the baseline schemes in terms of the performance metrics used.

    Seyed Farhad Aghili, Hamid Mala, MOHAMMAD SHOJAFAR, Pedro Peris-Lopez (2019)LACO: Lightweight Three-Factor Authentication, Access Control and Ownership Transfer Scheme for E-Health Systems in IoT, In: Future generation computer systems96pp. 410-424 Elsevier B.V

    The use of the Internet of Things (IoT) in the electronic health (e-health) management systems brings with it many challenges, including secure communications through insecure radio channels, authentication and key agreement schemes between the entities involved, access control protocols and also schemes for transferring ownership of vital patient information. Besides, the resource-limited sensors in the IoT have real difficulties in achieving this goal. Motivated by these considerations, in this work we propose a new lightweight authentication and ownership transfer protocol for e-health systems in the context of IoT (LACO in short). The goal is to propose a secure and energy-efficient protocol that not only provides authentication and key agreement but also satisfies access control and preserves the privacy of doctors and patients. Moreover, this is the first time that the ownership transfer of users is considered. In the ownership transfer phase of the proposed scheme, the medical server can change the ownership of patient information. In addition, the LACO protocol overcomes the security flaws of recent authentication protocols that were proposed for e-health systems, but are unfortunately vulnerable to traceability, de-synchronization, denial of service (DoS), and insider attacks. To avoid past mistakes, we present formal (i.e., conducted on ProVerif language) and informal security analysis for the LACO protocol. All this ensures that our proposed scheme is secure against the most common attacks in IoT systems. Compared to the predecessor schemes, the LACO protocol is both more efficient and more secure to use in e-health systems. •We present several serious security attacks against Zhang et al. scheme (called ZZTL). Our proposed attacks include user traceability, de-synchronization, DoS and insider attacks.•In order to increase the security level offered by ZZTL protocol, we fix all security faults found in this scheme.•We propose a new architecture involving three main entities. We also provide the access control mechanism during the authentication phase.•We also consider the situation where the current doctor of the patient wants to transfer her/his privileges to a new doctor (ownership transfer).•The security of the proposed scheme is examined from a formal (ProVerif language) and informal point of view.•The efficiency of our proposal is higher than the predecessor schemes. Therefore our scheme can be used for resource-constrained sensors in IoT systems.

    MOHAMMAD SHOJAFAR, Claudia Canali, Riccardo Lancellotti, Jemal Abawajy (2020)Adaptive Computing-Plus-Communication Optimization Framework for Multimedia Processing in Cloud Systems, In: IEEE transactions on cloud computing8(4)pp. 1162-1175 IEEE Computer Society

    A clear trend in the evolution of network-based services is the ever-increasing amount of multimedia data involved. This trend towards big-data multimedia processing finds its natural placement together with the adoption of the cloud computing paradigm, that seems the best solution to cope with the demands of a highly fluctuating workload that characterizes this type of services. However, as cloud data centers become more and more powerful, energy consumption becomes a major challenge both for environmental concerns and for economic reasons. An effective approach to improve energy efficiency in cloud data centers is to rely on traffic engineering techniques to dynamically adapt the number of active servers to the current workload. Towards this aim, we propose a joint computing-plus-communication optimization framework exploiting virtualization technologies, called MMGreen . Our proposal specifically addresses the typical scenario of multimedia data processing with computationally intensive tasks and exchange of a big volume of data. The proposed framework not only ensures users the Quality of Service (through Service Level Agreements), but also achieves maximum energy saving and attains green cloud computing goals in a fully distributed fashion by utilizing the DVFS-based CPU frequencies. To evaluate the actual effectiveness of the proposed framework, we conduct experiments with MMGreen under real-world and synthetic workload traces. The results of the experiments show that MMGreen may significantly reduce the energy cost for computing, communication and reconfiguration with respect to the previous resource provisioning strategies, respecting the SLA constraints.

    S Singh, Pradip Kumar Sharma, Byungun Yoon, MOHAMMAD SHOJAFAR, Gi Hwan Cho, In-Ho Ra (2020)Convergence of blockchain and artificial intelligence in IoT network for the sustainable smart city, In: Sustainable cities and society63 Elsevier Ltd

    •A study on convergence of Blockchain-AI for sustainable smart city.•Presents the security issues and challenges based on various dimensions.•Discusses the blockchain security enhancement solutions, and summarizing key points.•Summarize the open issues and research direction: new security suggestions, future guidelines. In the digital era, the smart city can become an intelligent society by utilizing advances in emerging technologies. Specifically, the rapid adoption of blockchain technology has led a paradigm shift to a new digital smart city ecosystem. A broad spectrum of blockchain applications promise solutions for problems in areas ranging from risk management and financial services to cryptocurrency, and from the Internet of Things (IoT) to public and social services. Furthermore, the convergence of Artificial Intelligence (AI) and blockchain technology is revolutionizing the smart city network architecture to build sustainable ecosystems. However, these advancements in technologies bring both opportunities and challenges when it comes to achieving the goals of creating a sustainable smart cities. This paper provides a comprehensive literature review of the security issues and problems that impact the deployment of blockchain systems in smart cities. This work presents a detailed discussion of several key factors for the convergence of Blockchain and AI technologies that will help form a sustainable smart society. We discuss blockchain security enhancement solutions, summarizing the key points that can be used for developing various blockchain-AI based intelligent transportation systems. Also, we discuss the issues that remain open and our future research direction, this includes new security suggestions and future guidelines for a sustainable smart city ecosystem.

    (2019)Recent advances in cloud data centers toward fog data centers, In: Concurrency and computation31(8)pp. e5164-n/a

    In recent years, we have witnessed tremendous advances in cloud data centers (CDCs) from the point of view of the communication layer. A recent report from Cisco Systems Inc demonstrates that CDCs, which are distributed across many geographical locations, will dominate the global data center traffic flow for the foreseeable future. Their importance is highlighted by a top‐line projection from this forecast that by 2019, more than four‐fifths of total data center traffic will be Cloud traffic. The geographical diversity of the computing resources in CDCs provides several benefits, such as high availability, effective disaster recovery, uniform access to users in different regions, and access to different energy sources. Although Cloud technology is currently predominant, it is essential to leverage new agile software technologies, agile processes, and agile applications near to both the edge and the users; hence, the concept of Fog has been developed.Fog computing (FC) has emerged as an alternative to traditional Cloud computing to support geographically distributed latency‐sensitive and QoS‐aware IoT applications while reducing the burden on data centers used in traditional Cloud computing. In particular, FC with features that can support heterogeneity and real‐time applications (eg, low latency, location awareness, and the capacity to process a large number of nodes with wireless access) is an attractive solution for delay‐ and resource‐constrained large‐scale applications. The distinguishing feature of the FC paradigm is that a set of Fog nodes (FNs) spreads communication and computing resources over the wireless access network to provide resource augmentation to resource‐limited and energy‐limited wireless (possibly mobile) devices. The joint management of Fog and Internet of Technology (IoT) paradigms can reduce the energy consumption and operating costs of state‐of‐the‐art Fog‐based data centers (FDCs). An FDC is dedicated to supervising the transmission, distribution, and communication of FC. As a vital component of the Internet of Everything (IoE) environment, an FDC is capable of filtering and processing a considerable amount of incoming data on edge devices, by making the data processing architecture distributed and thereby scalable. An FDC therefore provides a platform for filtering and analyzing the data generated by sensors utilizing the resources of FNs.Increasing interest is emerging in FDCs and CDCs that allow the delivery of various kinds of agile services and applications over telecommunication networks and the Internet, including resource provisioning, data streaming/transcoding, analysis of high‐definition videos across the edge of the network, IoE application analysis, etc. Motivated by these issues, this special section solicits original research and practical contributions that advance the use of CDCs/FDCs in new technologies such as IoT, edge networks, and industries. Results obtained from simulations are validated in terms of their boundaries by experiments or analytical results. The main objectives of this special issue are to provide a discussion forum for people interested in Cloud and Fog networking and to present new models, adaptive tools, and applications specifically designed for distributed and parallel on‐demand requests received from (mobile) users and Cloud applications.These papers presented in this special issue provide insights in fields related to Cloud and Fog/edge architecture, including parallel processing of Cloudlets/Foglets, the presentation of new emerging models, performance evaluation and improvements, and developments in Cloud/Fog applications. We hope that readers can benefit from the insights in these papers, and contribute to these rapidly growing areas.

    Shvan Omer, Sadoon Azizi, MOHAMMAD SHOJAFAR, RAHIM TAFAZOLLI (2021)A Priority, Power and Traffic-aware Virtual Machine Placement of IoT Applications in Cloud Data Centers, In: Journal of systems architecture115

    Recent telecommunication paradigms, such as big data, Internet of Things (IoT), ubiquitous edge computing (UEC), and machine learning, are encountering with a tremendous number of complex applications that require different priorities and resource demands. These applications usually consist of a set of virtual machines (VMs) with some predefined traffic load between them. The efficiency of a cloud data center (CDC) as prominent component in UEC significantly depends on the efficiency of its VM placement algorithm applied. However, VM placement is an NP-hard problem and thus there exist practically no optimal solution for this problem. In this paper, motivated by this, we propose a priority, power and traffic-aware approach for efficiently solving the VM placement problem in a CDC. Our approach aims to jointly minimize power consumption, network consumption and resource wastage in a multi-dimensional and heterogeneous CDC. To evaluate the performance of the proposed method, we compared it to the state-of-the-art on a fat-tree topology under various experiments. Results demonstrate that the proposed method is capable of reducing the total network consumption up to 29%, the consumption of power up to 18%, and the wastage of resources up to 68%, compared to the second-best results.

    (2019)Optimal management of reusable functional blocks in 5G superfluid networks, In: International journal of network management29(1)pp. e2045-n/a

    Summary We consider the problem of managing a 5G network composed of virtualized entities, called reusable functional blocks (RFBs), as proposed by the Horizon 2020 SUPERFLUIDITY project. The RFBs are used to decompose network functions and services and are deployed on top of physical nodes, in order to realize the 5G functionalities. After formally modeling the RFBs in a 5G network, as well as the physical nodes hosting them, we formulate the problem of managing the 5G network through the RFBs, in order to satisfy different key performance indicators to users. In particular, we focus either on the maximization of the amount of downlink throughput sent to users or on the minimization of the number of powered‐on physical nodes. We then consider different scenarios to evaluate the proposed formulations. Our results show that, when an RFB‐based approach is put into place, a high level of flexibility and dynamicity is achieved. In particular, the RFBs can be shared, moved, and rearranged based on the network conditions. As a result, the downlink throughput can be extremely high, ie, more than 150 Mbps per user on average when the throughput maximization is pursued and more than 100 Mbps on average when the goal is the minimization of the number of powered‐on physical nodes. We consider the management of a 5G network composed of virtualized entities, called reusable functional blocks (RFBs), which are used to decompose network functions and services and are deployed on top of physical nodes, in order to realize the 5G functionalities. We then evaluate the performance of an RFB‐based 5G network, showing that the downlink throughput can be extremely high, ie, more than 150 [Mbps] per user on average when the throughput maximization is pursued.

    Luca Chiaraviglio, Michael Zink (2018)CECT: Computationally Efficient Congestion-avoidance and Traffic Engineering in Software-defined Cloud Data Centers, In: Cluster computing21(4)pp. 1881-1897

    The proliferation of cloud data center applications and network function virtualization (NFV) boosts dynamic and QoS dependent traffic into the data centers network. Currently, lots of network routing protocols are requirement agnostic, while other QoS-aware protocols are computationally complex and inefficient for small flows. In this paper, a computationally efficient congestion avoidance scheme, called CECT, for software-defined cloud data centers is proposed. The proposed algorithm, CECT, not only minimizes network congestion but also reallocates the resources based on the flow requirements. To this end, we use a routing architecture to reconfigure the network resources triggered by two events: 1) the elapsing of a predefined time interval, or, 2) the occurrence of congestion. Moreover, a forwarding table entries compression technique is used to reduce the computational complexity of CECT. In this way, we mathematically formulate an optimization problem and define a genetic algorithm to solve the proposed optimization problem. We test the proposed algorithm on real-world network traffic. Our results show that CECT is computationally fast and the solution is feasible in all cases. In order to evaluate our algorithm in term of throughput, CECT is compared with ECMP (where the shortest path algorithm is used as the cost function). Simulation results confirm that the throughput obtained by running CECT is improved up to 3x compared to ECMP while packet loss is decreased up to 2x.

    Enzo Baccarelli, Nicola Cordeschi, Alessandro Mei, Massimo Panella, MOHAMMAD SHOJAFAR, Julinda Stefa (2016)Energy-efficient dynamic traffic offloading and reconfiguration of networked data centers for big data stream mobile computing: review, challenges, and a case study, In: IEEE network30(2)pp. 54-61 IEEE

    Big data stream mobile computing is proposed as a paradigm that relies on the convergence of broadband Internet mobile networking and real-time mobile cloud computing. It aims at fostering the rise of novel self-configuring integrated computing-communication platforms for enabling in real time the offloading and processing of big data streams acquired by resource-limited mobile/wireless devices. This position article formalizes this paradigm, discusses its most significant application opportunities, and outlines the major challenges in performing real-time energy-efficient management of the distributed resources available at both mobile devices and Internet-connected data centers. The performance analysis of a small-scale prototype is also included in order to provide insight into the energy vs. performance tradeoff that is achievable through the optimized design of the resource management modules. Performance comparisons with some state-of-the-art resource managers corroborate the discussion. Hints for future research directions conclude the article.

    (2017)Q: Energy and delay-efficient dynamic queue management in TCP/IP virtualized data centers, In: Computer communications102pp. 89-106 Elsevier B.V

    The emerging utilization of Software-as-a-Service (SaaS) Fog computing centers as an Internet virtual computing commodity is raising concerns over the energy consumptions of networked data centers for the support of delay-sensitive applications. In addition to the energy consumed by the servers, the energy wasted by the network devices that support TCP/IP reliable inter-Virtual Machines (VMs) connections is becoming a significant challenge. In this paper, we propose and develop a framework for the joint characterization and optimization of TCP/IP SaaS Fog data centers that utilize a bank of queues for increasing the fraction of the admitted workload. Our goal is two-fold: (i) we maximize the average workload admitted by the data center; and, (ii) we minimize the resulting networking-plus-computing average energy consumption. For this purpose, we exploit the Lyapunov stochastic optimization approach, in order to design and analyze an optimal (yet practical) online joint resource management framework, which dynamically performs: (i) admission control; (ii) dispatching of the admitted workload; (iii) flow control of the inter-VM TCP/IP connections; (iv) queue control; (v) up/down scaling of the processing frequencies of the instantiated VMs; and, (vi) adaptive joint consolidation of both physical servers and TCP/IP connections. The salient features of the resulting scheduler (e.g., the Q* scheduler) are that: (i) it admits distributed and scalable implementation; (ii) it provides deterministic bounds on the instantaneous queue backlogs; (iii) it avoids queue overflow phenomena; and, (iv) it effectively tracks the (possibly unpredictable) time-fluctuations of the input workload, in order to perform joint resource consolidation without requiring any a prioriinformation and/or forecast of the input workload. Actual energy and delay performances of the proposed scheduler are numerically evaluated and compared against the corresponding ones of some competing and state-of-the-art schedulers, under: (i) Fast - Giga - 10Giga Ethernet switching technologies; (ii) various settings of the reconfiguration-consolidation costs; and, (iii) synthetic, as well as real-world workloads. The experimental results support the conclusion that the proposed scheduler can achieve over 30% energy savings.

    Ke Wang, XUBO LIU, Chien-Ming Chen, Saru Kumari, MOHAMMAD SHOJAFAR, Mohammed Alamgir Hossain (2020)Voice-Transfer Attacking on Industrial Voice Control Systems in 5G-Aided IIoT Domain, In: IEEE transactions on industrial informaticspp. 1-1 IEEE

    At present, specific voice control has gradually become an important means for 5G-IoT-aided industrial control systems. However, the security of specific voice control system needs to be improved, because the voice cloning technology may lead to industrial accidents and other potential security risks. In this paper, we propose a transductive voice transfer learning method to learn the predictive function from the source domain and fine-tune in the target domain adaptively. The target learning task and source learning task are both synthesizing speech signals from the given audio while the data sets of both domains are different. By adding different penalty values to each instances and minimizing the expected risk, an optimal precise model can be learned. Many details of the experimental results show that our method can effectively synthesize the speech of the target speaker with small samples.

    Rahim Taheri, Reza Javidan, MOHAMMAD SHOJAFAR, ZAHRA POORANIAN, Ali Miri, M Conti (2020)On defending against label flipping attacks on malware detection systems, In: Neural computing & applications32(18)pp. 14781-14800

    Label manipulation attacks are a subclass of data poisoning attacks in adversarial machine learning used against different applications, such as malware detection. These types of attacks represent a serious threat to detection systems in environments having high noise rate or uncertainty, such as complex networks and Internet of Thing (IoT). Recent work in the literature has suggested using the K-nearest neighboring algorithm to defend against such attacks. However, such an approach can suffer from low to miss-classification rate accuracy. In this paper, we design an architecture to tackle the Android malware detection problem in IoT systems. We develop an attack mechanism based on silhouette clustering method, modified for mobile Android platforms. We proposed two convolutional neural network-type deep learning algorithms against this Silhouette Clustering-based Label Flipping Attack. We show the effectiveness of these two defense algorithms—label-based semi-supervised defense and clustering-based semi-supervised defense—in correcting labels being attacked. We evaluate the performance of the proposed algorithms by varying the various machine learning parameters on three Android datasets: Drebin, Contagio, and Genome and three types of features: API, intent, and permission. Our evaluation shows that using random forest feature selection and varying ratios of features can result in an improvement of up to 19% accuracy when compared with the state-of-the-art method in the literature.

    Ke Wang, P. Xu, Chien-Ming Chen, Saru Kumari, MOHAMMAD SHOJAFAR, Mamoun Alazab (2020)Neural Architecture Search for Robust Networks in 6G-enabled Massive IoT Domain, In: IEEE internet of things journalpp. 1-1 IEEE

    6G technology enables AI-based massive IoT to manage network resources and data with ultra high speed, responsive network and wide coverage. However, many artificial intelligence-enabled internet of things (AIoT) systems are vulnerable to adversarial example attacks. Therefore, designing robust deep learning models that can be deployed on resource-constrained devices has become an important research topic in the field of 6G-enabled AIoT. In this paper, we propose a method for automatically searching for robust and efficient neural network structures for AIoT systems. By introducing a skip connection structure, a feature map with reduced front-end influence can be used for calculations during the classification process. Additionally, a novel type of of dense connected search space is proposed. By relaxing this space, it is possible to search for network structures efficiently. In addition, combined with adversarial training and model delay constraints, we propose a multi-objective gradient optimization method to realize the automatic searching of network structures. Experimental results demonstrate that our method is effective for AIoT systems and superior to state-of-the-art neural architecture search algorithms.

    ZAHRA POORANIAN, MOHAMMAD SHOJAFAR, SK Garg, Rahim Taheri, RAHIM TAFAZOLLI (2020)LEVER: Secure Deduplicated Cloud Storage with Encrypted Two-Party Interactions in Cyber-Physical Systems, In: IEEE transactions on industrial informaticspp. 1-1 IEEE

    Cloud envisioned Cyber-Physical Systems (CCPS) is a practical technology that relies on the interaction among cyber elements like mobile users to transfer data in cloud computing. In CCPS, cloud storage applies data deduplication techniques aiming to save data storage and bandwidth for real-time services. In this infrastructure, data deduplication eliminates duplicate data to increase the performance of the CCPS application. However, it incurs security threats and privacy risks. In this area, several types of research have been done. Nevertheless, they are suffering from a lack of security, high performance, and applicability. Motivated by this, we propose a message Lock Encryption with neVer-decrypt homomorphic EncRyption (LEVER) protocol between the uploading CCPS user and cloud storage to reconcile the encryption and data deduplication. Interestingly, LEVER is the first brute-force resilient encrypted deduplication with only cryptographic two-party interactions

    Zheng Chu, Pei Xiao, Mohammad Shojafar, De Mi, Juquan Mao, Wanming Hao (2020)Intelligent Reflecting Surface Assisted Mobile Edge Computing for Internet of Things, In: IEEE Wireless Communications Letterspp. 1-1 IEEE

    This paper studies the impact of an intelligent reflecting surface (IRS) on computational performance in a mobile edge computing (MEC) system. Specifically, an access point (AP) equipped with an edge server provides MEC services to multiple internet of thing (IoT) devices that choose to offload a portion of their own computational tasks to the AP with the remaining portion being locally computed. We deploy an IRS to enhance the computational performance of the MEC system by intelligently adjusting the phase shift of each reflecting element. A joint design problem is formulated for the considered IRS assisted MEC system, aiming to optimize its sum computational bits and taking into account the CPU frequency, the offloading time allocation, transmit power of each device as well as the phase shifts of the IRS. To deal with the non-convexity of the formulated problem, we conduct our algorithm design by finding the optimized phase shifts first and then achieving the jointly optimal solution of the CPU frequency, the transmit power and the offloading time allocation by considering the Lagrange dual method and Karush-Kuhn-Tucker (KKT) conditions. Numerical evaluations highlight the advantage of the IRS-assisted MEC system in comparison with the benchmark schemes.

    (2020)Similarity-based Android malware detection using Hamming distance of static binary features, In: Future generation computer systems105pp. 230-247 Elsevier B.V

    In this paper, we develop four malware detection methods using Hamming distance to find similarity between samples which are first nearest neighbors (FNN), all nearest neighbors (ANN), weighted all nearest neighbors (WANN), and k-medoid based nearest neighbors (KMNN). In our proposed methods, we can trigger the alarm if we detect an Android app is malicious. Hence, our solutions help us to avoid the spread of detected malware on a broader scale. We provide a detailed description of the proposed detection methods and related algorithms. We include an extensive analysis to assess the suitability of our proposed similarity-based detection methods. In this way, we perform our experiments on three datasets, including benign and malware Android apps like Drebin, Contagio, and Genome. Thus, to corroborate the actual effectiveness of our classifier, we carry out performance comparisons with some state-of-the-art classification and malware detection algorithms, namely Mixed and Separated solutions, the program dissimilarity measure based on entropy (PDME) and the FalDroid algorithms. We test our experiments in a different type of features: API, intent, and permission features on these three datasets. The results confirm that accuracy rates of proposed algorithms are more than 90% and in some cases (i.e., considering API features) are more than 99%, and are comparable with existing state-of-the-art solutions. •We prove the similar results achievement of using Hamming distance with others.•We propose four scenarios for malware detection using Hamming distances.•We obtain the maximum achievable accuracy with the Hamming distance as a threshold.•We evaluate our methods using three standard datasets and various features.•We compare our malware detection methods against three cutting-edge solutions.

    Bushra Jamil, MOHAMMAD SHOJAFAR, I Ahmed, Atta Ullah, Kashif Munir, Humaira Ijaz (2020)A job scheduling algorithm for delay and performance optimization in fog computing, In: Concurrency and computation32(7)