Kostadin Damevski, Ph.D.

Professor, Graduate Program Director VCU College of Engineering

  • Richmond VA

Interested in software engineering and in the use of natural language processing techniques to improve software maintenance and evolution.

Contact

VCU College of Engineering

View more experts managed by VCU College of Engineering

Spotlight

3 min

Researchers fight cybercrime with new digital forensic tools and techniques

Irfan Ahmed, Ph.D., associate professor of computer science, provides digital forensic tools — and the knowledge to use them — to the good guys fighting the never-ending cyber-security war. Ahmed is director of the Security and Forensics Engineering (SAFE) Lab within the Department of Computer Science and VCU Engineering. He leads a pair of interrelated projects funded by the U.S. Department of Homeland Security (DHS) aimed at keeping important industrial systems safe from the bad guys — and shows the same tools crafted for investigating cyber attacks can be used to probe other crimes. The goal of cyber attacks on physical infrastructure may be to cause chaos by disrupting systems and/or to hold systems for ransom. The SAFE lab focuses on protecting industrial control systems used in the operation of nuclear plants, dams, electricity delivery systems and a wide range of other elements of critical infrastructure in the U.S. The problem isn’t new: In 2010, the Stuxnet computer worm targeted centrifuges at Iranian nuclear facilities before getting loose and infecting “innocent” computers around the world. Cyber attacks often target a portion of the software architecture known as the control logic. Control logic is vulnerable in that one of its functions is to receive instructions from the user and hand them off to be executed by a programmable logic controller. For instance, the control logic monitoring a natural gas pipeline might be programmed to open a valve if the system detects pressure getting too high. Programmers can modify the control logic — but so can attackers. One of Ahmed’s DHS-supported projects, called “Digital Forensic Tools and Techniques for Investigating Control Logic Attacks in Industrial Control Systems,” allows him to craft devices and techniques that cyber detectives can use in their investigations of attacks on sensitive critical infrastructure. Their investigation capabilities, he explains, is an under-researched area, as most of the emphasis to date has been on the prevention and detection of their cyber attacks. “The best scenario is to prevent the attacks on industrial systems,” Ahmed said. “But if an attack does happen, then what? This is where we try to fill the gap at VCU. And the knowledge that we gain in a cyber attack investigation can further help us to detect or even prevent similar attacks.” In the cat-and-mouse world of cyber security, the way cybercriminals work is in constant evolution, and Ahmed’s SAFE lab pays close attention to the latest developments by malefactors. For instance, an attacker may go for a more subtle approach than modifying the original control logic. An attack method called return-oriented programming sees the malefactor using the existing control logic code, but artfully switching the execution sequence of the code. Other attackers might insert their malware into another area of the controller, programmed to run undetected until it can replace the function of the original control logic. Attackers are always coming up with new methods, but each attack leaves evidence behind. The SAFE lab examines possible attack scenarios through simulations. Scale models of physical systems, including an elevator and a belt conveyor system, are housed at the SAFE lab to help facilitate this. The elevator is a four-floor model with inside and outside buttons feeding into a programmable logic controller. The conveyor belt is more advanced, equipped with inductive, capacitive and photoelectric sensors and able to sort objects. The tools and methods applied in cybercrime can be useful in tracking down other malefactors. That’s where Ahmed’s second DHS-funded project comes in. It’s called “Data Science-integrated Experiential Digital Forensics Training based-on Real-world Case Studies of Cybercrime Artifacts.” Ahmed is the principal investigator, working with co-PI Kostadin Damevski, Ph.D., associate professor of computer science. The goal is to keep law enforcement personnel abreast of the latest trends in the field of cybercrime investigation and to equip them with the latest tools and techniques, including those developed in the SAFE lab. “For example, investigators often have to go through thousands of images, or emails or chats, looking for something very specific,” Ahmed said. “We believe the right data science tools can help them to narrow down that search.” The FBI and other law enforcement agencies already have dedicated cybersleuthing units; the Virginia State Police have a computer evidence recovery section in Richmond. Ahmed and Damevski are arranging sessions showing investigators how techniques from data science and machine learning can make investigations more efficient by sorting through the mounds of digital evidence that increasingly is a feature of modern crime.

Kostadin Damevski, Ph.D.Irfan Ahmed, Ph.D.

Social

Biography

Dr. Kostadin Damevski is an Associate Professor in the Department of Computer Science at Virginia Commonwealth University School of Engineering. His current research interests are centered around software maintenance and evolution, applied to domains such as mobile apps, high-performance computing, and industrial software systems. His research has been supported by U.S. government agencies, e.g., NSF, DARPA, DOE as well as private industry, e.g., Google, ABB. Damevski leads the Software Improvement (SWIM) Lab at VCU.

Industry Expertise

Computer Software
Research
Education/Learning

Areas of Expertise

Software Engineering
Software Maintenance
Recommendation Systems
Natural Language Processing

Education

University of Utah

Ph.D.

Computer Science

2007

Affiliations

  • Associate Editor, IEEE Software

Selected Articles

Fast changeset-based bug localization with BERT

44th International Conference on Software Engineering (ICSE 2020)

Agnieszka Ciborowska, Kostadin Damevski

2022-05-01

Helping developers to localize bugs (using bug reports) to the changeset that induced them. Changesets (or diffs) can be more useful for fixing bugs than static source code (e.g., methods or classes) as they encode the change that created the bug and include a (usually) meaningful message.

View more

Changeset-Based Topic Modeling of Software Repositories

IEEE Transactions on Software Engineering

Christopher S. Corley, Kostadin Damevski, Nicholas A. Kraft

2019-06-01

The standard approach to applying text retrieval models to code repositories is to train models on documents representing program elements. However, code changes lead to model obsolescence and to the need to retrain the model from the latest snapshot. To address this, we previously introduced an approach that trains a model on documents representing changesets from a repository and demonstrated its feasibility for feature location. In this paper, we expand our work by investigating: a second task (developer identification), the effects of including different changeset parts in the model, the repository characteristics that affect the accuracy of our approach, and the effects of the time invariance assumption on evaluation results.

View more