I am a Master student at the Department of Computer Science department at Colorado State University, Fort Collins, CO, USA. My advisor is Dr. Indrakshi Ray, a distinguished professor in cybersecurity.
My research focuses on software security and cyber-security. Currently, I am developing an automatic framework for detecting phishing websites called Fresh-Phish. Also, I am working on cyber-security of vehicles especially heavy vehicles and commercial vehicles. In addition, I am working as a Java developer in CURL project with Colorado University at Denver. In the following, you can see more details:
My research focuses on developing an automatic framework for detecting phishing websites called Fresh-Phish. new techniques for specification, validation, and verification of software and access control systems. Specifically, I am interested in the following areas of software and system development:
1- Automatic detection of phishing websites: Fresh-Phish framework
Denizens of the Internet are coming under a barrage of phishing attacks of increasing frequency and sophistication. Emails accompanied by authentic looking websites are ensnaring users who, unwittingly, hand over their credentials compromising both their privacy and security. Methods such as the blacklisting of these phishing websites become untenable and cannot keep pace with the explosion of fake sites. Detection of nefarious websites must become automated and be able to adapt to this ever-evolving form of social engineering.
I develop an open-source framework, called “Fresh-Phish”, for creating current machine learning data for phishing websites. Using 30 different website features that we query using python, we build a large labeled dataset and analyze several machine learning classifiers against this dataset to determine which is the most accurate. We analyze not just the accuracy of the technique, but also how long it takes to train the model. You can find more information about this project on its website.
2- Security of heavy vehicles
Using electronic systems in modern automotive has been increased during last decades. Although it increases the safety and security with using complicated technologies like Anti-Lock Braking System (ABS) or Air-Bags, more adversaries are encouraged to attack the vehicles. Safety of driver and passenger are at the risk more than before. SAE J1939 is a standard for exchanging messages in heavy duty vehicle and make working devices from different vendors and manufacturers possible.
I am working to introduce a database-integrated approach to decipher messages on the Controller Area Network (CAN) bus based on SAE J1939. Also, I am trying to simulate attacks on this network and use Machine Learning algorithm to discriminate malicious from normal messages. You can find more information about this project on its website.
Areas of Interest:
- Information and application security
- Software Engineering and Software Testing
- Applied machine learning
- Database, and Access Control
- H. Shirazi, B. Bezawada, I. Ray. “Kn0w Thy Doma1n Name”: Unbiased Phishing Detection Using Domain Name Based Features.” Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies. ACM, 2018.
- H. Shirazi, K. Haefner, I. Ray, “Improving Auto-Detection of Phishing Websites using Fresh-Phish Framework.” IJMDEM 9.1 (2018): 51-64. Web. 10 May. 2018. doi:10.4018/IJMDEM.2018010104
- H. Shirazi, K. Haefner, I. Ray, “Fresh-Phish: A Framework for Auto-Detection of Phishing Websites“, IEEE International Conference on Information Reuse and Integration, 2017, San Diego USA.
- S. Mukherjee, H. Shirazi, I. Ray, J. Daily and R. Gamble. “Demonstrating Practical Denial-of-Service Attacks in Embedded Networks of Commercial Vehicles“, ICISS, 2016, Jaipur, India.
- J. Daily, R. Gamble, S. Moffitt, C. Raines, P. Harris, J. Miran, I. Ray, S. Mukherjee, H. Shirazi, J. Johnson, “Towards a Cyber Assurance Testbed for Heavy Vehicle Electronic Controls,” SAE Int. J. Commer. Veh. 9(2):339-349, 2016.
- S. Mukherjee, I. Ray, I. Ray, T. Ong, S. Hossein, and M. G. Kahn. “Attribute-Based Access Control for Healthcare Resources“, ABAC@CODASPY, Scottsdale 2017.
- M. R. Keyvanpour, H. Homayouni, and H. Shirazi, “A Classification Framework for Automatic Test Case Generation Techniques for web applications”, International Journal of Information Processing and Management (IJIPM), vol. 4, no. 3, pp. 26-39, 2013.
- M. R. Keyvanpour, H. Homayouni, and H. Shirazi, “Automatic Software Test Case Generation: An Analytical Classification Framework”, International Journal of Software Engineering and Its Applications, vol. 6, no. 4, 2012.
- H. Shirazi, H. Rashidi, and H. Homayouni, “The Effects of Data Compression on Performance of Service-Oriented Architecture (SOA)”, International Journal of Emerging Trends Technology in Computer Science (IJETTCS), vol. 1, no. 2, pp. 265-270, 2012.
- M. R. Keyvanpour, H. Homayouni, and H. Shirazi, “Automatic Software Test Case Generation”, Journal of Software Engineering, vol. 5, no. 3, pp. 91-101, 2011
- H. Shirazi, B. Bezawada, I. Ray. “Kn0w Thy Doma1n Name”: Unbiased Phishing Detection Using Domain Name Based Features.” , research symposium of CS department of Colorado State University, 2017- Best poster award.