Page Not Found
Page not found. Your pixels are in another canvas.
Sitemap
A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.
Pages
M. Ikram
M. Ikram
Page not in menu
This is a page not in th emain menu
Posts
Future Blog Post
Published:
This post will show up by default. To disable scheduling of future posts, edit config.yml and set future: false.
Blog Post number 4
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
Blog Post number 3
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
Blog Post number 2
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
Blog Post number 1
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
publications
A Decade of Mal-Activity Reporting: A Retrospective Analysis of Internet Malicious Activity Blacklists
Published in Asia Computer and Communication Security Conference (CCS), 2019
Abstract: This paper focuses on reporting of Internet malicious activity (ormal-activity in short) by public blacklists with the objective of pro-viding a systematic characterization of what has been reportedover the years, and more importantly, the evolution of reportedactivities. Using an initial seed of 22 blacklists, covering the periodfrom January 2007 to June 2017, we collect more than 51 millionmal-activity reports involving 662K unique IP addresses worldwide.Leveraging the Wayback Machine, antivirus (AV) tool reports andseveral additional public datasets (e.g., BGP Route Views and Inter-net registries) we enrich the data with historical meta-informationincluding geo-locations (countries), autonomous system (AS) num-bers and types of mal-activity. Furthermore, we use the initiallylabelled dataset of approx. 1.57 million mal-activities (obtained from pub-lic blacklists) to train a machine learning classifier to classify theremaining unlabeled dataset of approx. 44 million mal-activities obtainedthrough additional sources. We make our unique collected dataset(and scripts used) publicly available for further research.
Recommended citation: Benjamin Zi Hao Zhao, Muhammad Ikram, Hassan Asghar, Mohamed Ali Kaafar, Abdelberi Chaabane, and Kanchana Thilakarathna, "A Decade of Mal-Activity Reporting: A Retrospective Analysis of Internet Malicious Activity Blacklists", In Asia Computer and Communication Security Conference (CCS), 2019. https://internetmaliciousactivity.github.io
Decentralized Control: A Case Study of Russia
Published in Network and Distributed Systems Security (NDSS), 2020
Abstract: Although past censorship research has largely fo-cused on blocking in highly centralized networks such as China’s, censorship in decentralized networks is on the rise. It was long thought that large-scale censorship on decentralized networks with thousands of ISPs was prohibitively difficult. Our in-depth investigation of the mechanisms underlying decentralized infor-mation control in Russia shows that such large-scale censorship can be achieved in decentralized networks through inexpensive commodity equipment. This new form of information control presents a host of problems for censorship measurement, in-cluding difficulty identifying censored content, requiring measurements from diverse perspectives, and variegated censorshipmechanisms that require significant effort to identify in a robust manner.
Recommended citation: Reethika Ramesh, Ram Sundara Raman, Matthew Bernhard, Victor Ongkowijaya, Leonid Evdokimov, Anne Edmundson, Steven Sprecher, Muhammad Ikram, and Roya Ensafi, "Decentralized Control: A Case Study of Russia", In Network and Distributed Systems Security (NDSS), 2020. https://imikr4m.github.io/files/ndss20-decentralized-control.pdf
Measuring and Analysing the Chain of Implicit Trust: A Study of Third-party Resources Loading
Published in In ACM Transaction on Privacy and Security (TOPS), 2020
Abstract: The web is a tangled mass of interconnected services, whereby websites import a range of external resourcesfrom various third-party domains. The latter can also load further resources hosted on other domains. Foreach website, this creates a dependency chain underpinned by a form of implicit trust between the first-partyand transitively connected third-parties. The chain can only be loosely controlled as first-party websitesoften have little, if any, visibility on where these resources are loaded from. This paper performs a large-scalestudy of dependency chains in the web, to find that around 50% of first-party websites render content thatthey do not directly load. Although the majority (84.91%) of websites have short dependency chains (below 3levels), we find websites with dependency chains exceeding 30. Using VirusTotal, we show that 1.2% of thesethird-parties are classified as suspicious – although seemingly small, this limited set of suspicious third-partieshave remarkable reach into the wider ecosystem. We find that 73% of websites under-study load resourcesfrom suspicious third-parties, and 24.8% of first-party webpages contain at least three third-parties classifiedas suspicious in their dependency chain. By running sandboxed experiments, we observe a range of activitieswith the majority of suspicious JavaScript codes downloading malware.
Recommended citation: Muhammad Ikram, Rahat Masood, Gareth Tyson, Mohamed Ali Kaafar, Roya Ensafi, "Measuring and Analysing the Chain of Implicit Trust: A Study of Third-party Resources Loading", ACM Transaction on Privacy and Security (TOPS), 2020. https://wot19submission.github.io
Vetting and Analyzing Network Services of iOS Apps
Published in Usenix Security Symposium, 2020
This paper is about the number 3. The number 4 is left for future work.
Recommended citation: Zhushou Tang, Ke Tang, Minhui Xue, Yuan Tian, Sen Chen, Muhammad Ikram, Tielei Wang, Haojin Zhu, "iOS, Your OS, Everybodys OS: Vetting and Analyzing Network Services of iOS Apps", Usenix Security, 2020. https://www.usenix.org/conference/usenixsecurity20/presentation/tang
teaching
COMP333–Algorithm Theory and Design
Undergraduate course, Macquarie University, Computing Department, 2019
I co-taught with Dr. Daniel Sutantyo
COMP2310–Digital Forensics
Undergraduate Course, Macquarie University, Computing Department, 2020
I co-taught with Dr. Alireza Jolfaei.
COMP8325–Application of AI in Cybersecurity
Graduate Course, Macquarie University, Computing Department, 2020
I co-taught with Dr. Xuyun Zhang.