Featured Post from VCU College of Engineering

Researchers fight cybercrime with new digital forensic tools and techniques

Irfan Ahmed, Ph.D., leads computer scientists working to protect nuclear plants, dams and other critical infrastructure.

Apr 6, 2023

3 min

Irfan Ahmed, Ph.D.Kostadin Damevski, Ph.D.

Irfan Ahmed, Ph.D., associate professor of computer science, provides digital forensic tools — and the knowledge to use them — to the good guys fighting the never-ending cyber-security war.


Ahmed is director of the Security and Forensics Engineering (SAFE) Lab within the Department of Computer Science and VCU Engineering. He leads a pair of interrelated projects funded by the U.S. Department of Homeland Security (DHS) aimed at keeping important industrial systems safe from the bad guys — and shows the same tools crafted for investigating cyber attacks can be used to probe other crimes.


The goal of cyber attacks on physical infrastructure may be to cause chaos by disrupting systems and/or to hold systems for ransom. The SAFE lab focuses on protecting industrial control systems used in the operation of nuclear plants, dams, electricity delivery systems and a wide range of other elements of critical infrastructure in the U.S. The problem isn’t new: In 2010, the Stuxnet computer worm targeted centrifuges at Iranian nuclear facilities before getting loose and infecting “innocent” computers around the world.


Cyber attacks often target a portion of the software architecture known as the control logic. Control logic is vulnerable in that one of its functions is to receive instructions from the user and hand them off to be executed by a programmable logic controller. For instance, the control logic monitoring a natural gas pipeline might be programmed to open a valve if the system detects pressure getting too high. Programmers can modify the control logic — but so can attackers.


One of Ahmed’s DHS-supported projects, called “Digital Forensic Tools and Techniques for Investigating Control Logic Attacks in Industrial Control Systems,” allows him to craft devices and techniques that cyber detectives can use in their investigations of attacks on sensitive critical infrastructure. Their investigation capabilities, he explains, is an under-researched area, as most of the emphasis to date has been on the prevention and detection of their cyber attacks.


“The best scenario is to prevent the attacks on industrial systems,” Ahmed said. “But if an attack does happen, then what? This is where we try to fill the gap at VCU. And the knowledge that we gain in a cyber attack investigation can further help us to detect or even prevent similar attacks.”


In the cat-and-mouse world of cyber security, the way cybercriminals work is in constant evolution, and Ahmed’s SAFE lab pays close attention to the latest developments by malefactors. For instance, an attacker may go for a more subtle approach than modifying the original control logic. An attack method called return-oriented programming sees the malefactor using the existing control logic code, but artfully switching the execution sequence of the code.


Other attackers might insert their malware into another area of the controller, programmed to run undetected until it can replace the function of the original control logic.


Attackers are always coming up with new methods, but each attack leaves evidence behind. The SAFE lab examines possible attack scenarios through simulations. Scale models of physical systems, including an elevator and a belt conveyor system, are housed at the SAFE lab to help facilitate this. The elevator is a four-floor model with inside and outside buttons feeding into a programmable logic controller. The conveyor belt is more advanced, equipped with inductive, capacitive and photoelectric sensors and able to sort objects.


The tools and methods applied in cybercrime can be useful in tracking down other malefactors. That’s where Ahmed’s second DHS-funded project comes in. It’s called “Data Science-integrated Experiential Digital Forensics Training based-on Real-world Case Studies of Cybercrime Artifacts.”


Ahmed is the principal investigator, working with co-PI Kostadin Damevski, Ph.D., associate professor of computer science. The goal is to keep law enforcement personnel abreast of the latest trends in the field of cybercrime investigation and to equip them with the latest tools and techniques, including those developed in the SAFE lab.


“For example, investigators often have to go through thousands of images, or emails or chats, looking for something very specific,” Ahmed said. “We believe the right data science tools can help them to narrow down that search.”


The FBI and other law enforcement agencies already have dedicated cybersleuthing units; the Virginia State Police have a computer evidence recovery section in Richmond. Ahmed and Damevski are arranging sessions showing investigators how techniques from data science and machine learning can make investigations more efficient by sorting through the mounds of digital evidence that increasingly is a feature of modern crime.

Connect with:
Irfan Ahmed, Ph.D.

Irfan Ahmed, Ph.D.

Engineering Foundation Professor

Dr. Ahmed's research interests are broadly in cybersecurity, currently focusing on digital forensics, malware, and cyber-physical systems.

Digital ForensicsMalwareCyber-physical Systems SecuritySystem SecurityCybersecurity Education
Kostadin Damevski, Ph.D.

Kostadin Damevski, Ph.D.

Professor, Graduate Program Director

Interested in software engineering and in the use of natural language processing techniques to improve software maintenance and evolution.

Software EngineeringSoftware MaintenanceRecommendation SystemsNatural Language Processing
Powered by

You might also like...

Check out some other posts from VCU College of Engineering

2 min

Department of Energy awards $928,000 to Lane Carasik, Ph.D., for fusion energy systems research

The Department of Energy (DOE) recently announced $128 million of funding for seven Fusion Innovation Research Engine (FIRE) Collaboratives. Virginia Commonwealth University (VCU) College of Engineering researchers will support the project titled “Advancing the maturity of liquid metal (LM) plasma facing materials and first wall concept” led by the Department of Energy’s Princeton Plasma Physics Laboratory (PPPL). This includes $928,000 to support research led by Lane Carasik, Ph.D., assistant professor in the Department of Mechanical and Nuclear Engineering, as part of a multi-institution effort for fusion energy systems. The FIRE Collaborative seeks to advance the maturity of liquid metal plasma-facing materials and wall concepts. High operating temperatures within fusion energy systems pose a significant material design challenge. Research will help solve technical problems with liquid metal plasma-facing materials and first wall concepts, including four main challenges: testing protective materials, understanding material properties, studying how liquid metals behave in magnetic fields and developing new liquid metal alloys. The goal is to make liquid metals viable for fusion pilot plant designs. “The work done by VCU as part of the FIRE Collaborative will help raise the technology readiness of Liquid Metal based fusion energy concepts. Over the next four years, we will train undergraduate and graduate students on how to extract electricity from these fusion concepts,” Carasik said. Rajesh Maingi, Ph.D., is the lead primary investigator at PPPL. Institutional investigators for the group include Sergey Smolentsev, Ph.D., Oak Ridge National Laboratory (ORNL); Vsevolod Soukhanovskii, Ph.D., Lawrence Livermore National Laboratory (LLNL); Daniel Andruczyk, Ph.D., University of Illinois Urbana-Champaign; Bruce Koel, Ph.D., Princeton University; Michael Kotschrenreuther, Ph.D., ExoFusion; Xing Wang, Ph.D., The Pennsylvania State University; Kevin Woller, Ph.D. from Massachusetts Institute of Technology; and Carasik from VCU. Up to $220 million is expected to fund the FIRE Collaboratives over four years, with $31 million allocated for the 2025 fiscal year. Future distributions are dependent on congressional appropriations.

3 min

Mechanical and Nuclear Engineering professor John Speich, Ph.D., advances bladder biomechanics research through collaboration with VCU School of Medicine

The year was 2003, and John Speich, Ph.D., professor in the Department of Mechanical & Nuclear Engineering, felt like he had a clear sense of the direction his burgeoning career was heading in. Speich had recently completed his doctorate in mechanical engineering from Vanderbilt University, where he concentrated on robotics. Following Vanderbilt, Speich went on to become an associate professor at the Virginia Commonwealth University (VCU) College of Engineering, working with students in the Department of Mechanical & Nuclear Engineering. Leveraging his robotics expertise, Speich planned to continue his work developing robotics for medical surgery and rehabilitation. Then Speich got a call from Paul Ratz, Ph.D., a professor at the VCU School of Medicine, asking for assistance that would change the entire focus of Speich’s career. Ratz used a small robotic lever that moved up and down just a few millimeters to stretch tiny strips of bladder muscle and rings of artery, trying to determine how different chemical compounds changed the mechanical properties of the muscle. Speich was intrigued—this was a form of mechanical engineering. “In mechanical engineering, we pull on things to determine the mechanical properties,” says Speich. “Here, Dr. Ratz was pulling on pieces of bladder instead of the typical substances mechanical engineers are known to work with, like steel, aluminum or plastic.” Speich and Ratz began working together in 2003, and now, because of that unique partnership, nearly all of the research Speich does is about the bladder. “Before I started working with Dr. Ratz, I had never even heard the words neurourology or urodynamics,” says Speich. “Now, Neurourology and Urodynamics is the name of the journal I publish in the most.” Today, Speich collaborates on bladder biomechanics with two doctors at VCU Health. Adam Klausner, MD is a urologist and the interim chair of the new Department of Urology at VCU. Linda Burkett, MD is a urogynecologist from the Department of Obstetrics and Gynecology; prior to medical school, Burkett completed her bachelor’s degree in Biomedical Engineering from the VCU College of Engineering. Together, Speich, Klausner and Burkett aim to find non-invasive methods to characterize and diagnose overactive bladder, with the goal of allowing doctors to precisely match patients with the most effective treatments. A number of students across the VCU College of Engineering and VCU School of Medicine have aided in their research, including recent Biomedical Engineering graduate Mariam William. Speich’s primary methods of research involve Near-Infrared Spectroscopy (NIRS)—a non-invasive technology that uses light to measure tissue oxygenation and brain activity—and ultrasound imaging. By using NIRS to study the brain activity associated with the sudden urge to urinate, Speich and his team are working to pinpoint the brain’s role and determine whether it or the bladder is the primary cause of an individual’s condition. “There are a lot of potential causes of overactive bladder,” says Speich. “Some people may have more than one cause. Individual responses to these treatments vary; what works well for one patient may not work at all for the next. We want to give doctors better tools for quantifying information about their patients so they can make better decisions and more optimized treatments.” Thanks to research grants, including a National Institutes of Health (NIH) grant from 2015-2025, Speich has been able to make a number of important findings in his bladder research. His team has closely examined the bladder’s dynamic elasticity, investigating the biomechanical mechanisms that allow the bladder muscle to fill and expand. Another recent focus asks, “Bladder or Brain. Which is it?” Speich and his team developed a tool called a sensation meter that they use to help determine what an individual is feeling as their bladder is filling over time. All this groundbreaking research and medical school collaboration, and to think—Speich nearly missed the opportunity to enter this field entirely. “When I tell students about how I came to be involved in bladder biomechanics, I tell them, you will always keep learning throughout your entire career,” says Speich. “You never know where you’re going to end up. If you’re an engineer, you’re a problem solver, and there are all kinds of problems in areas like business and medicine—beyond the traditional areas people think of when they think of mechanical engineering.”

2 min

VCU College of Engineering receives $4.5 million of funding for research supporting blind-visually impaired individuals

Pioneering systems to aid the visually impaired, Dianne Pawluk, Ph.D., associate professor in the Department of Biomedical Engineering, recently received two grants totaling $4.5 million in support of her research. Real-time Conversion and Display of Visual Diagrams in Accessible Forms for Blind-Visually Impaired (BVI) is a five-year project to develop real-time assistive technology for BVI individuals. It received a $3.2 million grant from the National Institutes of Health’s National Eye Institute to fund a low-cost system that will automatically convert and render visual diagrams in effective accessible formats on a multimodal display, including a refreshable tactile display and an enhanced, visual magnification program. Diagram exploration support will be provided by an automated haptic assistant. Pawluk is collaborating with Tomasz Arodz, Ph.D., associate professor in the Department of Computer Science, on the project. Including Blind and Visually Impaired Students in Computer Programming Education Through a Tangible Interface for Scratch is a four-year project to develop a nonvisual interface for the Scratch programming platform. Receiving a $1.3 million grant from the National Science Foundation, the project aims to make computer science education more accessible to BVI students. The interface will allow these students to learn programming alongside their sighted peers in classrooms, camps and clubs, supporting both BVI and other kinesthetic learners with a haptic-based tangible interface. High contrast visual information will also be provided for those with low vision and collaboration with sighted peers. This project is a collaboration with the Science Museum of Virginia, Arizona Science Center and Liberty Science Center. “Equal access to information is important for individuals who are blind or visually impaired to have autonomy and control over their decision-making processes and other tasks, which will allow them to live productive and fulfilling lives,” Pawluk said. “These projects go beyond creating an equivalent experience. They enable full collaboration between visually impaired and sighted people, ensuring equal opportunity.”

View all posts
Powered by