Simin Nadjm-Tehrani

Bio: Simin Nadjm-Tehrani is an academic researcher from Linköping University. The author has contributed to research in topics: Formal verification & Routing protocol. The author has an hindex of 26, co-authored 161 publications receiving 3379 citations. Previous affiliations of Simin Nadjm-Tehrani include University of Luxembourg.

Crowdroid: behavior-based malware detection system for Android

Abstract: The sharp increase in the number of smartphones on the market, with the Android platform posed to becoming a market leader makes the need for malware analysis on this platform an urgent issue.In this paper we capitalize on earlier approaches for dynamic analysis of application behavior as a means for detecting malware in the Android platform. The detector is embedded in a overall framework for collection of traces from an unlimited number of real users based on crowdsourcing. Our framework has been demonstrated by analyzing the data collected in the central server using two types of data sets: those from artificial malware created for test purposes, and those from real malware found in the wild. The method is shown to be an effective means of isolating the malware and alerting the users of a downloaded malware. This shows the potential for avoiding the spreading of a detected malware to a larger community.

Mobility Models for UAV Group Reconnaissance Applications

Abstract: In MANET research the mobility of the nodes is often described using standard synthetic models. Given a particular application, e.g. networks of unmanned aerial vehicles (UAVs) performing a cooperative task, the use of a standard synthetic mobility model can result in incorrect conclusions, as the movement pattern can impact the networking performance of the system. In this paper we present the criteria that characterize desirable mobility properties for the movement of UAVs in a reconnaissance scenario, and provide two mobility models for the scenario. In the first mobility model the UAVs move independently and randomly, and in the second model pheromones guide their movement. The random model is very simple but it achieves mediocre results. The pheromone model has very good scanning properties, but it has problems with respect to network connectivity. The study shows that there in an inherent conflict between the two goals of maximum coverage by frequent rescanning and adequate communication connectivity.

Geographical Routing With Location Service in Intermittently Connected MANETs

Abstract: Combining mobile platforms such as manned or unmanned vehicles and peer-assisted wireless communication is an enabler for a vast number of applications. A key enabler for the applications is the routing protocol that directs the packets in the network. Routing packets in fully connected mobile ad hoc networks (MANETs) has been studied to a great extent, but the assumption on full connectivity is generally not valid in a real system. This case means that a practical routing protocol must handle intermittent connectivity and the absence of end-to-end connections. In this paper, we propose a geographical routing algorithm called location-aware routing for delay-tolerant networks (LAROD), enhanced with a location service, location dissemination service (LoDiS), which together are shown to suit an intermittently connected MANET (IC-MANET). Because location dissemination takes time in IC-MANETs, LAROD is designed to route packets with only partial knowledge of geographic position. To achieve low overhead, LAROD uses a beaconless strategy combined with a position-based resolution of bids when forwarding packets. LoDiS maintains a local database of node locations, which is updated using broadcast gossip combined with routing overhearing. The algorithms are evaluated under a realistic application, i.e., unmanned aerial vehicles deployed in a reconnaissance scenario, using the low-level packet simulator ns-2. The novelty of this paper is the illustration of sound design choices in a realistic application, with holistic choices in routing, location management, and the mobility model. This holistic approach justifies that the choice of maintaining a local database of node locations is both essential and feasible. The LAROD-LoDiS scheme is compared with a leading delay-tolerant routing algorithm (spray and wait) and is shown to have a competitive edge, both in terms of delivery ratio and overhead. For spray and wait, this case involved a new packet-level implementation in ns-2 as opposed to the original connection-level custom simulator.

Opportunistic DTN routing with window-aware adaptive replication

Abstract: This paper presents ORWAR, a resource-efficient protocol for opportunistic routing in delay-tolerant networks. Our approach exploits the context of mobile nodes (speed, direction of movement and radio range) to estimate the size of a contact window. This knowledge is exploited to make better forwarding decisions and to minimize the probability of partially transmitted messages. As well as optimizing the use of bandwidth during overloads it helps to reduce energy consumption since partially transmitted messages are useless and waste transmission power. Another feature of the algorithm is the use of a differentiation mechanism based on message utility. This allows allocating more resources for high utility messages. More precisely, messages are replicated in the order of highest utility first, and removed from the buffers in the reverse order. To illustrate the benefit of such a scheme the global accumulated utility is used as a system-wide performance metric. Simulations illustrate the benefit of our model and show that ORWAR provides lower overhead and higher delivery rate, as well as higher accumulated utility compared to a number of well-known algorithms (including Maxprop and SprayAndWait).

A Taxonomy for Management and Optimization of Multiple Resources in Edge Computing

Abstract: Edge computing is promoted to meet increasing performance needs of data-driven services using computational and storage resources close to the end devices at the edge of the current network. To achieve higher performance in this new paradigm, one has to consider how to combine the efficiency of resource usage at all three layers of architecture: end devices, edge devices, and the cloud. While cloud capacity is elastically extendable, end devices and edge devices are to various degrees resource-constrained. Hence, an efficient resource management is essential to make edge computing a reality. In this work, we first present terminology and architectures to characterize current works within the field of edge computing. Then, we review a wide range of recent articles and categorize relevant aspects in terms of 4 perspectives: resource type, resource management objective, resource location, and resource use. This taxonomy and the ensuing analysis are used to identify some gaps in the existing research. Among several research gaps, we found that research is less prevalent on data, storage, and energy as a resource and less extensive towards the estimation, discovery, and sharing objectives. As for resource types, the most well-studied resources are computation and communication resources. Our analysis shows that resource management at the edge requires a deeper understanding of how methods applied at different levels and geared towards different resource types interact. Specifically, the impact of mobility and collaboration schemes requiring incentives are expected to be different in edge architectures compared to the classic cloud solutions. Finally, we find that fewer works are dedicated to the study of nonfunctional properties or to quantifying the footprint of resource management techniques, including edge-specific means of migrating data and services.

DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket.

Abstract: Malicious applications pose a threat to the security of the Android platform. The growing amount and diversity of these applications render conventional defenses largely ineffective and thus Android smartphones often remain unprotected from novel malware. In this paper, we propose DREBIN, a lightweight method for detection of Android malware that enables identifying malicious applications directly on the smartphone. As the limited resources impede monitoring applications at run-time, DREBIN performs a broad static analysis, gathering as many features of an application as possible. These features are embedded in a joint vector space, such that typical patterns indicative for malware can be automatically identified and used for explaining the decisions of our method. In an evaluation with 123,453 applications and 5,560 malware samples DREBIN outperforms several related approaches and detects 94% of the malware with few false alarms, where the explanations provided for each detection reveal relevant properties of the detected malware. On five popular smartphones, the method requires 10 seconds for an analysis on average, rendering it suitable for checking downloaded applications directly on the device.

The theory of hybrid automata

Abstract: We summarize several recent results about hybrid automata. Our goal is to demonstrate that concepts from the theory of discrete concurrent systems can give insights into partly continuous systems, and that methods for the verification of finite-state systems can be used to analyze certain systems with uncountable state spaces.

The art of Prolog

Abstract: ly, this program guesses nondeterministically the correct permutation via permutation(Xs,Ys), and ordered checks that the permutation is actually ordered. Operationally, the behavior is as follows. A query involving sort is reduced to a query involving permutation and ordered. A failure-driven loop ensues. A permutation of the list is generated by permutation and tested by ordered. If the permuted list is not ordered, the execution backtracks to the permutation goal, which generates another permutation to be tested. Eventually an ordered permutation is generated and the computation terminates. Permutation sort is a highly inefficient sorting algorithm, requiring time super-exponential in the size of the list to be sorted. Pushing the tester into the generator, however, leads to a reasonable algorithm. The generator for permutation sort, permutation, selects an arbitrary element and recursively permutes the rest of the list. The tester, ordered, verifies that the first two elements of the permutation are in order, then recursively checks the rest. If we view the combined recursive permutation and ordered goals as a recursive sorting process, we have the basis for insertion sort, Program 3.21. To sort a list, sort the tail of the list and insert the head of the list into its correct place in the order. The arbitrary selection of an element has been replaced by choosing the first element. Another example of the advantage of intertwining generating and testing can be seen with programs solving the N queens problem. The N queens problem requires the placement of N pieces on an Nby-N rectangular board so that no two pieces are on the same line: horizontal, vertical, or diagonal. The original formulation called for 8 queens to be placed on a chessboard, and the criterion of not being on the same line corresponds to two queens not attacking each other under the rules of chess. Hence the problem's name. 253 Nondeterministic Programming