Welcome!
I am a Computing and Information Systems Ph.D. Candidate in the department of Software and Information Systems at UNC Charlotte under the supervision of Dr. Weichao Wang.
My research interest lies on the intersection of Cybersecurity, AI, IoT, Cyber Physical Systems (CPS), and Data Provenance. In my doctoral research, I primarily focus on the design and development of AI-driven autonomous IoT security system that defends against agile attackers at runtime. My research work delves into the modeling of trigger-action IoT attacks and the development of Markov-based probabilistic defense mechanisms. Leveraging Reinforcement Learning and Deep Learning technologies, my research aims to tackle the dynamic nature of cyber threats.
Teaching Experience
- Instructor on Record experience:
- ITIS 6200: Principles of Information Security and Privacy (Cybersecurity MS core course) (Fall 2023)
- ITIS 3200: Introduction to Information Security and Privacy (Cybersecurity BS core course) (Spring 2022)
- Graduate Teaching Assistant (GTA) experience:
- ITIS 6167: Network Security (Fall 2020, Fall 2019)
- ITIS 6320: Cloud Data Storage (Fall 2020, Fall 2019)
- ITSC 3155: Software Engineering (Summer-I 2020)
- ITIS 3320: Introduction to Software Testing and Assurance (Fall 2021, Spring 2021, Spring 2020)
- ITSC 2175: Logic and Algorithms (Summer-II 2021)
- ITSC 3135: Web-based Application Design and Development (Summer-I 2021)
Publications
-
M. M. Alam , I. Jahan, and W. Wang, "IoTWarden: A Deep Reinforcement Learning Based Real-time Defense System to Mitigate Trigger-action IoT Attacks," 2024 IEEE Wireless Communications and Networking Conference (WCNC) , 2024. (Accepted)
Preprint
ResearchGate
Bibtex
Slides
-
M. M. Alam , M. S. I. Sajid, W. Wang and J. Wei, "IoTMonitor: A Hidden Markov Model-based Security System to Identify Crucial Attack Nodes in Trigger-action IoT Platforms," 2022 IEEE Wireless Communications and Networking Conference (WCNC) , 2022, pp. 1695-1700, doi: 10.1109/WCNC51071.2022.9771878.
Conference
Author's Copy
ResearchGate
Bibtex
Slides
-
Alam, Md Morshed & Wang, Weichao. (2021). "A comprehensive survey on data provenance: State-of-the-art approaches and their deployments for IoT security enforcement," Journal of Computer Security , 2021, vol. 29, no. 4, pp. 423-446, doi:
10.3233/JCS-200108.
Journal Copy
Preprint
ResearchGate
Bibtex
Research Projects
-
Project Name: POMDP-based Real-time Defense System for IoT Attack Mitigation
- Developed an AI-driven autonomous security framework for IoT to defend against remote injection attacks considering that attackers are capable to alter attack strategies at runtime.
- Utilized POMDP to model the decision-making process of an intelligent defense agent taking real-time optimal defense actions in a non-stationary, partially observable smart home environment.
- Implemented Deep Recurrent Q-Network (DRQN) using TensorFlow and OpenAI Gym to train a Reinforcement Learning (RL) model yielding optimal defense actions at each timestep.
- Evaluating the performance of the security framework in simulated trigger-action IoT platforms.
-
Project Name: Deep Reinforcement Learning (DRL) based IoT Security System (Github project)
- Designed a DRL-based real-time security system for trigger-action IoT platforms to optimally counter the progression of a remote injection attack maximizing the total security gain.
- Implemented Deep Q-Networks (DQN) using TensorFlow, OpenAI Gym, and Python to obtain optimal action policies for a defense agent dictated by a Markov Decision Process (MDP).
- Engineered Recurrent Neural Network (RNN) based generative models to learn and predict underlying sequential data patterns from IoT event traces with over 99% accuracy.
-
Project Name: Hidden Markov Model (HMM) based IoT Attack Analysis System (Github project)
- Developed an HMM-based attack analysis system for trigger-action IoT platforms to generate attack graphs from event traces and perform security analysis to detect IoT devices most likely to be impersonated by attackers to inject fake event conditions to hubs to perform a remote injection attack.
- Performed large-scale time-series analysis over IoT event traces collected from a smart home environment and extracted hidden optimal data sequences with over 90% accuracy.
- Implemented predictive algorithms to forecast data anomalies through statistical inference from gigabytes of data.
-
Project Name: Data Provenance Based Cyber Resilience of Linux Systems
- Investigated methods of collecting whole-system data provenance in kernel space, including the deployment of trusted computing base, tracepoints, and provenance hooks
- Analyzed online provenance reduction systems built upon garbage collection or system call aggregation techniques as well as real-time provenance analysis approaches based on the generation of low-level provenance graphs
- Surveyed the state-of-the-art data provenance approaches used for security enforcement (especially in the IoT domain) and published a comprehensive review paper in the Journal of Computer Security
-
Project Name: Live Service Migration on Mobile Edge Clouds
- Investigated live and interruption-free service migration scenarios from one edge cloud to another and studied scenarios having minimal service downtime during the migration
- Examined data offloading techniques to shift most of the computations on the network edge by reducing the payload on the end devices
-
Project Name: Privacy-preserving Location-based Service
- Explored scenarios of predicting the trajectories of user movements while taking location-based service and utilized k-anonymity model to experiment the anonymity of these trajectories.
Professional Services
- Technical Program Committee Member:
- Peer Reviewer:
- IEEE INFOCOM (2021, 2022)
- IOS Journal of Computer Security (2021 - Present) (Link)
- 2nd International Conference on Sustainable Technologies for Industry 4.0 (STI 2020) (Link)