Publications

Books

1. N. C. Rowe, and J. Rrushi, "Introduction to Cyber Deception", 1st edition, Springer, September 2016.  [PDF of Flier]

Journals

1. J. Rrushi, "DNIC Architectural Developments for 0-Knowledge Detection of OPC Malware", IEEE Transactions on Dependable and Secure Computing, September 2018. [PDF]

2. J. Rrushi, "Plaintext Side-channels in TLS Ciphertext", Journal of Computer Virology and Hacking Techniques, vol. 13, issue 1, pp. 13-27, February 2017. [PDF] 

3. J. Rrushi, "NIC Displays to Thwart Malware Attacks Mounted from within the OS", Journal of Computers & Security, vol. 61, issue C, pp. 59-71, August 2016. [PDF]  

4. S. Zonouz, J. Rrushi, and S. McLaughlin, "Automated PLC Code Analytics for Detection of Industrial Control Malware", IEEE Security and Privacy, vol.12, no. 6, pp. 40-47, Nov.-Dec. 2014. [PDF]

5. J. Rrushi, and A. A. Ghorbani, "A Mathematical Exploitation of Simulated Uniform Scanning Botnet Propagation Dynamics for Early Stage Detection and Management", Journal of Computer Virology and Hacking  Techniques, pp. 29-51, vol. 10, issue 1, February 2014. [PDF]

6. J. Rrushi, "An Exploration of Defensive Deception in Industrial Communication Networks", International Journal of Critical Infrastructure Protection, Vol. 4, Issue 1, pp. 66-75, August 2011. [PDF]

7. J. Rrushi, "Anomaly Detection via Statistical Learning in Industrial Communication Networks", International Journal of Information and Computer Security, Vol. 4, No. 4, pp. 295-315, October 2011. [PDF]

8. J. Rrushi, "A Bayesian Theory of Confirmation for Intrusion Report Fusion in Process Control Networks", International Journal of Critical Computer-based Systems, Vol. 2, No. 2, pp. 162-180, April 2011. [PDF]

9. J. Rrushi, E. Mokhtari, and A. Ghorbani, "Estimating Botnet Virulence within Mathematical Models of Botnet Propagation Dynamics", Journal of Computers & Security, Vol. 30, Issue 8, pp. 791-802, November 2011. [PDF]

10. R. S. Alharthi, E. Aloufi, I. Alrashdi, A. Alqazzaz, M. A. Zohdy, and J. Rrushi, “Protecting location privacy for crowd workers in spatial crowdsourcing using a novel dummy-based mechanism”, IEEE Access, vol. 8, pp. 114608-114622, 2020.

Note: Five additional journal papers are currently under review, some authored alone, others with students and colleagues.

Conferences and Workshops

1. J. Rrushi, “A Quest for the Physics of Cyberspace”, USENIX Enigma, San Francisco, California, USA, February 2021.

2. M. Yahya, N. Sharaf, J. Rrushi, H. Tay, B. Liu, and K. Xu, “Physics Reasoning for Intrusion Detection in Industrial Networks”, In Proceedings of the IEEE International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications, December 2020.

3. Y. Alagrash, H. Badih, and J. Rrushi, “Malware Detection via Machine Learning and Recognition of Non Stationary Tasks”, In Proceedings of the IEEE International Conference on Dependable, Autonomic and Secure Computing, Calgary, Canada, August 2020.

4. H. Badih, Y. Alagrash, and J. Rrushi, “A Blockchain and Defensive Deception Co-design for Webcam Spyware Detection”, In Proceedings of the IEEE International Conference on Dependable, Autonomic and Secure Computing, Calgary, Canada, August 2020.

5. A. H. Badih, B. Bond, and J. Rrushi, “On Second-Order Detection of Webcam Spyware”, In Proceedings of the International Conference on Information and Computer Technologies, Silicon Valley, CA, USA, March 2020.

6. Y. Alagrash, N. Mohan, S. Rani Gollapalli, and J. Rrushi, “Machine Learning and Recognition of User Tasks for Malware Detection”, In Proceedings of the IEEE International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications, Los Angeles, California, USA, December 2019.

7. S. Sutton, B. Bond, S. Tahiri, and J. Rrushi, “Countering Malware Via Decoy Processes with Improved Resource Utilization Consistency”, In Proceedings of the IEEE International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications, Los Angeles, California, USA, December 2019.

8. J. Rrushi, “Honeypot Evader: Activity-guided Propagation versus Counter-evasion via Decoy OS Activity”, In Proceedings of the 14th IEEE International Conference on Malicious and Unwanted Software, Nantucket, Massachusetts, USA, October 2019.

9. S. M. Sutton, G. Michilli, and J. Rrushi, “Redirecting Malware's Target Selection with Decoy Processes”, IFIP WG 13 Conference on Data and Applications Security and Privacy (DBSec 2019), Charleston, SC, USA, July 2019.

10. R. Klein, T. Barkley, W. Clizbe, J. Bateman, and J. Rrushi, "Model-driven Timing Consistency for Active Malware Redirection", In Proceedings of the 13th IEEE International Conference on Malicious and Unwanted Software, Nantucket, Massachusetts, USA, October 2018. [PDF] [Presentation]

11. J. Rrushi, "Timing Performance Profiling of Substation Control Code for IED Malware Detection", ACSAC Industrial Control System Security Workshop, Orlando, Florida, USA, December 2017. [PDF] [Presentation]    

12. J. Rrushi, "Phantom I/O Projector: Entrapping Malware on Machines in Production", In Proceedings of the 12th IEEE International Conference on Malicious and Unwanted Software, Fajardo, Puerto Rico, USA, October 2017. [PDF]

13. R. Vergaray, and J. Rrushi, "On Sustaining Prolonged Interaction with Attackers", In Proceedings of the 15th IEEE International Conference on Dependable, Autonomic and Secure Computing, Orlando, Florida, USA, November 2017. [PDF]

14. J. Halvorsen, and J. Rrushi, "Target Discovery Differentials for 0-Knowledge Detection of ICS Malware", In Proceedings of the 15th IEEE International Conference on Dependable, Autonomic and Secure Computing, Orlando, Florida, USA, November 2017. [PDF]

15. J. Rrushi, "Defending Electrical Substations against 0-day Malware", In Proceedings of the 15th IEEE International Conference on Dependable, Autonomic and Secure Computing, Orlando, Florida, USA, November 2017. [PDF]

16. S. Simms, M. Maxwell, S. Johnson, and J. Rrushi, "Keylogger Detection Using a Decoy Keyboard", In Proceedings of the IFIP WG 11.3 Conference on Data and Applications Security and Privacy, Philadelphia, PA, USA, July 2017. [PDF] [Poster]

17. M. Leierzapf, and J. Rrushi, "Network Forensic Analysis of Electrical Substation Automation Traffic", In Proceedings of the IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Arlington, VA, USA, March 2017. [PDF of author copy] [Published version]

18. J. Rrushi, Hassan Farhangi, Clay Howey, Kelly Carmichael, and Joey Dabell, "A Quantitative Evaluation of the Target Selection of Havex ICS Malware Plugin", ACSAC Industrial Control Systems Security Workshop, Los Angeles, California, USA, December 2015. [PDF] [Presentation]

19. E. Sohl, C. Fielding, T. Hanlon, and J. Rrushi (Western) and H. Farhangi, C. Howey, K. Carmichael, J. Dabell (BCIT), “A Field Study of Digital Forensics of Intrusions in the Electrical Power Grid”, In Proceedings of the ACM Workshop on Cyber-Physical Systems Security and Privacy, Denver, Colorado, USA, October 2015. [PDF]

20. J. Rrushi and P. A. Nelson, “Big Data Computing for Digital Forensics of Computer Intrusions in the Electrical Power Grid”, In Proceedings of the 2nd International Workshop on Information Integration in Cyber-Physical Systems, San Francisco, California, USA, August 2015. [PDF]

21. J. Rrushi, H. Farhangi, R. Nikolic, C. Howey, K. Carmichael, and A. Palizban, ”By-design Vulnerabilities in the ANSI C12.22 Protocol Specification”, In Proceedings of the ACM Symposium on Applied Computing, Smart Grid track, Salamanca, Spain, April 2015. [PDF]

22. J. Rrushi, "Data Interception through Broken Concurrency in Kernel Land", In Proceedings of the IEEE Symposium on Cyber Space Safety and Security, Paris, France, August 2014. [PDF]

23. J. Rrushi, "A Steganographic Approach to Localizing Botmasters", In Proceedings of the 8th IEEE International Symposium on Security and Multimodality in Pervasive Environment, Victoria, Canada, May 2014. [PDF]

24. J. Rrushi, E. Mokhtari, and A. Ghorbani, "A Statistical Approach to Botnet Virulence Estimation", In Proceedings of the ACM Symposium on Information, Computer, and Communications Security, Hong Kong, China, March 2011. [PDF] [Poster]

25. J. Rrushi, "Exploiting Physical Process Internals for Network Intrusion Detection in Process Control Networks", 6th American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, Knoxville, Tennessee, USA, April 2009. 

26. J. Rrushi, and K.D. Kang, "An Estimation-Inspection Algorithm for Anomaly Detection in Process Control Networks", In Proceedings of the 3rd International Conference on Critical Infrastructure Protection, Dartmouth College Hanover, New Hampshire, USA, March 2009. [PDF]

27. J. Rrushi, and K.D. Kang, "CyberRadar: A Regression Analysis Approach to the Identification of Cyber-Physical Mappings in Process Control Systems", In Proceedings of the 3rd ACM/IEEE Workshop on Embedded Systems Security, Atlanta, Georgia, USA, October 2008. [PDF]

28. J. Rrushi, and K.D. Kang, "Mirage Theory: A Deception Approach to Intrusion Detection in Process Control Networks", NATO Symposium on Information Assurance for Emerging and Future Military Systems, Ljubljana, Slovenia, October 2008.

29. C. Bellettini, and J. Rrushi, "A Product Machine Model for Anomaly Detection of Interposition Attacks on Cyber-Physical Systems", In Proceedings of the 23rd International Information Security Conference, Italy, September 2008.

30. J. Rrushi, "Detecting Cyber Attacks on Nuclear Power Plants, In Proceedings of the 2nd International Conference on Critical Infrastructure Protection, George Mason University, Arlington, Virginia, USA, March 2008.

31. C. Bellettini, and J. Rrushi, "Combating Memory Corruption Attacks on SCADA Devices", In Proceedings of the 2nd International Conference on Critical Infrastructure Protection, George Mason University, Arlington, Virginia, USA, March 2008.

32. J. Rrushi, "Using Deception to Facilitate Intrusion Detection in Nuclear Power Plants", In Proceedings of the 3rd International Conference on Information Warfare and Security, Peter Kiewit Institute, University of Nebraska Omaha, USA, April 2008.

33. J. Rrushi, "Detecting Attacks in Power Plant Interfacing Substations through Probabilistic Validation of Attack-Effect Bindings", In Proceedings of the SCADA Security Scientific Symposium, Miami, USA, January 2008.

34. C. Bellettini, and J. Rrushi, "Vulnerability Analysis of SCADA Protocol Binaries through Detection of Memory Access Taintedness", In Proceedings of the 8th IEEE SMC Information Assurance Workshop, United States Military Academy, West Point, New York, USA, June 2007. [PDF]

35. C. Bellettini, and J. Rrushi, "SCADA Protocol Obfuscation: A Proactive Defense Line in SCADA Systems", In Proceedings of the SCADA Security Scientific Symposium, Miami, USA, January 2007.

36. J. Rrushi, "Protecting Distributed Object Applications from Corruption of Class Bytecodes on Client Side", In Proceedings of the 1st European Conference on Computer Network Defence, University of Glamorgan, UK, December 2005.

37. E. Rosti, and J. Rrushi, "Function Call Tracing Attacks to Kerberos 5", Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Vienna, Austria, July 2005.

38. J. Rrushi, "Securing IPv6-based Mobile Ad Hoc Networks Through An Artificial Immune System", In Proceedings of the International Workshop on Natural and Artificial Immune Systems, Vietri sul Mare, Italy, June 2005. [PDF]

39. E. Rosti, and J. Rrushi, "IPv6 Neighbor Discovery Protocol: A Security Case Study", In Proceedings of the IADIS Applied Computing Conference, Algarve, Portugal, February 2005. [PDF]

Book Chapters

1. J. Rrushi, "Multi-range Decoy I/O Defense of Electrical Substations against ICS Malware", Resilience of Cyber-Physical Systems, Springer, 2018.

2. J. Rrushi, "SCADA Protocol Vulnerabilities", Advances in Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense; Editors Javier Lopez-Munoz, Roberto Setola, and Stephen D. Wolthusen; publisher Springer, March 2012.

3. C. Bellettini, and J. Rrushi, "Low-level Coding Vulnerabilities: Research on Attack, Defense and Evasion", Handbook of Research on Information Security and Assurance, Editors Jatinder Gupta and Sushil Sharma, publisher Idea Group, Inc., Spring 2008.

Technical Reports

1. J. Rrushi, and A. Ghorbani, "Early Stage Botnet Detection and Containment via Mathematical Modeling and Prediction of Botnet Propagation Dynamics", technical report TR 10-206, Faculty of Computer Science, University of New Brunswick, Canada, December 2010. [PDF]

2. J. Rrushi et al., "Intrusion Detection Approaches for Control Systems and Networks", technical report, Oak Ridge National Laboratory, February 2009.

3. J. Rrushi, "Acquiring Intrusion Intelligence through Honeypot Systems", Internal Report, Joint Research Center of the European Commission, Ispra, Italy, September 2005.

Other

1. J. Rrushi, "A Chaos-Theoretical Approach to Insider Threat Detection", Society for Industrial and Applied Mathematics Annual Meeting, July 2009.

2. J. Rrushi, "Employing IPv6 to Improve Layer 3 Defence in SCADA Systems", In the Newsletter of the European Coordination Project on Critical Information Infrastructure, February 2006. [PDF]

Ph.D. Dissertation

1. J. Rrushi, "Composite Intrusion Detection in Process Control Networks", University of Milan, Milano, Italy, January 2009. [PDF]