About me: I am a Management Information Systems (MIS) PhD candidate at the University of Arizona (UA). I conduct research under Regents’ Professor Hsinchun Chen, in the Eller College of Management Artificial Intelligence Lab. In 2016, I received a Master of Computer Science degree from Concordia University in Montreal, Canada. My thesis leveraged crime data mining to enhance juveniles cyberspace safety. I also interned with SAP as a data and software engineer, analyzing e-Commerce user behavior.

Research: My research interest is mainly focused on AI-enabled data analytics and security analytics using a wide range of statistical learning theories, including Transductive Learning, Transfer Learning, Adversarial Learning, and Reinforcement Learning. My work has appeared in journals including Journal of Management Information Systems (JMIS), Digital Forensics, Applied Artificial Intelligence, AIS Transactions on Replication Research; at conferences, such as IEEE Security & Privacy and IEEE ISI; and, as a chapter in the book “Data Mining Trends and Applications in Criminal Science and Investigations.”

RECENT NEWS:

  • In Fall 2021, I will start with the University of South Florida as a tenure-track faculty member.
  • Our paper, "Binary Black-box Evasion Attacks Against Deep Learning-based Static Malware Detectors with Adversarial Byte-Level Language Model" was accepted to the AAAI Conference on Artificial Intelligence, Workshop on Robust, Secure, and Efficient Machine Learning (RSEML), 2021.
  • This December, I represented the University of Arizona in the ICIS 2020 doctoral consortium.
  • Our paper, "A Generative Adversarial Learning Framework for Breaking Text-Based CAPTCHA in the Dark Web" was accepted to IEEE ISI 2020.
  • I received the Paul S. and Shirley Goodman Award, 2020.

PUBLICATIONS

JOURNAL PUBLICATIONS & BOOK CHAPTERS

Semi-Supervised Cyber Threat Identification in Dark Net Markets: A Transductive and Deep Learning Approach
M. Ebrahimi, J. F. Nunamaker Jr., H. Chen
Journal of Management Information Systems (JMIS), Volume 37(3).

Abstract BibTeX PDF JMIS
Dark Net Marketplaces (DNMs), online selling platforms on the dark web, constitute a major component of the underground economy. Due to the anonymity and increasing accessibility of these platforms, they are rich sources of cyber threats such as hacking tools, data breaches, and personal account information. As the number of products offered on DNMs increases, researchers have begun to develop automated machine learning-based threat identification approaches. A major challenge in adopting such an approach is that the task typically requires manually labeled training data, which is expensive and impractical. We propose a novel semi-supervised labeling technique for leveraging unlabeled data based on the lexical and structural characteristics of DNMs using transductive learning. Empirical results show that the proposed approach leads to an approximately 3-5% increase in classification performance measured by F1-score, while increasing both precision and recall. To further improve the identification performance, we adopt Long Short-Term Memory (LSTM) as a deep learning structure on top of the proposed labeling method. The results are evaluated against a large collection of 79K product listings obtained from the most popular DNMs. Our method outperforms the state-of-the-art methods in threat identification and is considered as an important step towards lowering the human supervision cost in realizing automated threat detection within cyber threat intelligence organizations.
@article{doi:10.1080/07421222.2020.1790186,author = { Mohammadreza Ebrahimi and Jay F. Nunamaker Jr. and Hsinchun Chen }, title = {Semi-Supervised Cyber Threat Identification in Dark Net Markets: A Transductive and Deep Learning Approach}, journal = {Journal of Management Information Systems},volume = {37},number = {3},pages = {694-722},year = {2020},publisher = {Routledge}, doi = {10.1080/07421222.2020.1790186},URL = { https://doi.org/10.1080/07421222.2020.1790186},eprint = { https://doi.org/10.1080/07421222.2020.1790186}}

Involuntary Embarrassing Exposures in Online Social Networks: A Replication Study
M. Ebrahimi, J.D. Martinez
AIS Transactions on Replication Research, Volume 5(1), p. 7, 2019.

Abstract BibTeX PDF AIS TRR
In this study, we carry out a methodological replication of the research done by Choi et al. (2015) published in Information System Research. In the original study, the authors integrate the privacy and teasing literatures under a social exchange framework to understand online involuntary exposures. The original study was conducted on students from Southeast Asia. Our study uses a significantly larger sample of college students in the United States. Our replication results show that whereas most of the hypotheses supported by the original results on behavioral responses replicate with high consistency (8 out of 12 hypotheses), the results that deal with the effects of network commonality on perceived privacy invasion and perceived relationship bonding did not replicate (4 out of 12 hypotheses). These results could stem from a failed manipulation of network commonality. We look into the possible rationales for this and show what would be an effective manipulation in our context. Further, we expand the original study by testing an additional embarrassing scenario catered to our subject pool. The results suggest that perceived privacy invasion and perceived relationship bonding affect individual’s behavioral responses to embarrassing exposures.
@article{ebrahimi2019involuntary, title={Involuntary Embarrassing Exposures in Online Social Networks: A Replication Study}, author={Ebrahimi, Mohammadreza and Martinez, J Daniel}, journal={AIS Transactions on Replication Research}, volume={5}, number={1}, pages={7}, year={2019}}

Detecting Predatory Conversations in Social Media by Deep Convolutional Neural Networks
M. Ebrahimi, C. Y. Suen, O. Ormandjieva
Journal of Digital Investigation, Elsevier, Volume 18, pp. 33-49, 2016.

Abstract BibTeX PDF DI
Automatic identification of predatory conversations in chat logs helps the law enforcement agencies act proactively through early detection of predatory acts in cyberspace. In this paper, we describe the novel application of a deep learning method to the automatic identification of predatory chat conversations in large volumes of chat logs. We present a classifier based on Convolutional Neural Network (CNN) to address this problem domain. The proposed CNN architecture outperforms other classification techniques that are common in this domain including Support Vector Machine (SVM) and regular Neural Network (NN) in terms of classification performance, which is measured by F1-score. In addition, our experiments show that using existing pre-trained word vectors are not suitable for this specific domain. Furthermore, since the learning algorithm runs in a massively parallel environment (i.e., general-purpose GPU), the approach can benefit a large number of computation units (neurons) compared to when CPU is used. To the best of our knowledge, this is the first time that CNNs are adapted and applied to this application domain.
@article{ebrahimi2016detecting, title={Detecting predatory conversations in social media by deep convolutional neural networks}, author={Ebrahimi, Mohammadreza and Suen, Ching Y and Ormandjieva, Olga}, journal={Digital Investigation}, volume={18}, pages={33--49}, year={2016}, publisher={Elsevier}}

Automated Identification of Child Abuse in Chat Rooms by Using Data Mining
M. Keyvanpour, M. Ebrahimi, N. G. Nayebi, O. Ormandjieva, C. Y. Suen
Data Mining Trends and Applications in Criminal Science and Investigations, IGI-Global Publications, pp. 245-274, 2016.

Abstract BibTeX PDF DI
Providing a safe environment for juveniles and children in online social networks is considered as one of the major factors of improving public safety. Due to the prevalence of the online conversations, mitigating the undesirable effects of child abuse in cyber space has become inevitable. Using automatic ways to combat this kind of crime is challenging and demands efficient and scalable data mining techniques. The problem can be casted as a combination of textual preprocessing in data/text mining and pattern classification in machine learning. This chapter covers different data mining methods including preprocessing, feature extraction and the popular ways of feature enrichment through extracting sentiments and emotional features. A brief tutorial on classification algorithms in the domain of automated predator identification is also presented through the chapter. Finally, the discussion is summarized and the challenges and open issues in this application domain are discussed.
@incollection{keyvanpour2016automated, title={Automated Identification of Child Abuse in Chat Rooms by Using Data Mining}, author={Keyvanpour, Mohammadreza and Ebrahimi, Mohammadreza and Nayebi, Necmiye Genc and Ormandjieva, Olga and Suen, Ching Y}, booktitle={Data Mining Trends and Applications in Criminal Science and Investigations}, pages={245--274}, year={2016}, publisher={IGI Global}}

Designing Efficient ANN Classifiers for Matching Burglaries from Dwelling Houses
M. Keyvanpour, M. Ebrahimi, M. Javideh
Applied Artificial Intelligence, Taylor and Francis, Volume 26(8), pp. 787-807, 2012.

Abstract BibTeX PDF AAI
Leveraging supervised learning methods is vital for predictive analysis of crime data, however, because of the complex dependencies of crime behavioral variables, classifying behavioral crime profiles is considered to be a demanding task. This paper presents two classifiers for matching single-offender crimes of the type: Burglary from Dwelling Houses BDH. The first classifier, Multiclass MLP Crime Classifier M2C2, leverages a multiclass topology to become capable of matching nonprolific offenders in addition to prolific offenders. This method will be useful for matching crimes to several local offenders in a particular district, and it is not suitable for classifying a large number of offenders. Contrarily, the second method, Ensemble Neural Network Crime Classifier EN2C2, focuses on automating decision-making processes for crime matching through exploiting expert classifiers’ outputs in a bagging ensemble approach. As demonstrated by evaluative experiments, M2C2 is an efficient approach for classifying small numbers of nonprolific and prolific offenders. The proposed method's performance was proved when compared with other common machine learning techniques.
@article{keyvanpour2012designing, title={DESIGNING EFFICIENT ANN CLASSIFIERS FOR MATCHING BURGLARIES FROM DWELLING HOUSES}, author={Keyvanpour, Mohammad Reza and Ebrahimi, Mohammad Reza and Javideh, Mostafa}, journal={Applied Artificial Intelligence}, volume={26}, number={8}, pages={787--807}, year={2012}, publisher={Taylor \& Francis}}

A Hybrid Geospatial Data Clustering Method for Hotspot Analysis
M. Keyvanpour, M. Javideh, M. Ebrahimi
Journal of Computer and Robotics, Qazvin Azad University, Volume 2(1), pp. 53-67, 2010.

Abstract BibTeX PDF JCR
Traditional leveraging statistical methods for analyzing today's large volumes of spatial data have high computational burdens. To eliminate the deficiency, relatively modern data mining techniques have been recently applied in different spatial analysis tasks with the purpose of autonomous knowledge extraction from high-volume spatial data. Fortunately, geospatial data is considered a proper subject for leveraging data mining techniques. The main purpose of this paper is presenting a hybrid geospatial data clustering mechanism in order to achieve a high performance hotspot analysis method. The method basically works on 2 or 3-dimensional geographic coordinates of different natural and unnatural phenomena. It uses the systematic cooperation of two popular clustering algorithms: the AGlomerative NEStive, as a hierarchical clustering method and κ-means, as a partitional clustering method. It is claimed that the hybrid method will inherit the low time complexity of the κ-means algorithm and also relative independency from user's knowledge of the AGNES algorithm. Thus, the proposed method is expected to be faster than AGNES algorithm and also more accurate than κ-means algorithm. Finally, the method was evaluated against two popular clustering measurement criteria. The first clustering evaluation criterion is adapted from Fisher's separability criterion, and the second one is the popular minimum total distance measure. Results of evaluation reveal that the proposed hybrid method results in an acceptable performance. It has a desirable time complexity and also enjoys a higher clus ter quality than its parents (AGNES and κ-means). Real-time processing of hotspots requires an efficient approach with low time complexity. So, the problem of time complexity has been taken into account in designing the proposed approach.
@article{keyvanpour2010hybrid, title={A Hybrid Geospatial Data Clustering Method for Hotspot Analysis}, author={KEYVANPOUR, MOHAMMADREZA and Javideh, Mostafa and Ebrahimi, Mohammad Reza}, year={2010}, publisher={JOURNAL OF COMPUTER AND ROBOTICS}}

JOURNAL PUBLICATIONS UNDER REVIEW

Cross-Lingual Security Analytics: Cyber Threat Detection in the International Dark Web with Adversarial Deep Representation Learning
M. Ebrahimi, Y. Chai, S. Samtani, H. Chen
Received 4th round of Review in MIS Quarterly (MISQ).
This is an abstract.

Heterogeneous Domain Adaptation with Deep Adversarial Representation Learning: Experiments on E-Commerce and Cybersecurity
M. Ebrahimi, Y. Chai, H. Zhang, H. Chen
Submitted to IEEE Transactions on Pattern Analysis and Machine Intelligence (PAMI).
This is an abstract.

REFEREED CONFERENCE PUBLICATIONS

Binary Black-box Evasion Attacks Against Deep Learning-based Static Malware Detectors with Adversarial Byte-Level Language Model
M. Ebrahimi, N. Zhang, J. Hu, M. T. Raza,H. Chen
AAAI Conference on Artificial Intelligence, Workshop on Robust, Secure, and Efficient Machine Learning (RSEML), February 8-9, 2021

Abstract BibTeX PDF AAAI RSEML'21 (DLS)
Anti-malware engines are the first line of defense against malicious software. While widely used, feature engineering-based anti-malware engines are vulnerable to unseen (zero-day) attacks. Recently, deep learning-based static anti-malware detectors have achieved success in identifying unseen attacks without requiring feature engineering and dynamic analysis. However, these detectors are susceptible to malware variants with slight perturbations, known as adversarial examples. Generating effective adversarial examples is useful to reveal the vulnerabilities of such systems. Current methods for launching such attacks require accessing either the specifications of the targeted anti-malware model, the confidence score of the anti-malware response, or dynamic malware analysis, which are either unrealistic or expensive. We propose MalRNN, a novel deep learning-based approach to automatically generate evasive malware variants without any of these restrictions. Our approach features an adversarial example generation process, which learns a language model via a generative sequence-to-sequence recurrent neural network to augment malware binaries. MalRNN effectively evades three recent deep learning-based malware detectors and outperforms current benchmark methods. Findings from applying our MalRNN on a real dataset with eight malware categories are discussed.
@article{ebrahimi2021malrnn, title={Binary Black-box Evasion Attacks Against Deep Learning-based Static Malware Detectors with Adversarial Byte-Level Language Model}, author={Ebrahimi, Mohammadreza and Zhang, Ning and Hu, James and Raza, Muhammad Taqi and Chen Hsinchun}, journal={AAAI Conference on Artificial Intelligence, Workshop on Robust, Secure, and Efficient Machine Learning (RSEML)}, year={2021}, publisher={AAAI}}

Detecting Cyber Threats in Non-English Hacker Forums: An Adversarial Cross-Lingual Knowledge Transfer Approach
M. Ebrahimi, S. Samtani, Y. Chai, H. Chen
IEEE Symposium on Security and Privacy (IEEE S&P), Deep Learning and Security Workshop, San Francisco, May 2020.

Abstract PDF IEEE S&P'20 (DLS)
The regularity of devastating cyber-attacks has made cybersecurity a grand societal challenge. Many cybersecurity professionals are closely examining the international Dark Web to proactively pinpoint potential cyber threats. Despite its potential, the Dark Web contains hundreds of thousands of non-English posts. While machine translation is the prevailing approach to process non-English text, applying MT on hacker forum text results in mistranslations. In this study, we draw upon Long-Short Term Memory (LSTM), Cross-Lingual Knowledge Transfer (CLKT), and Generative Adversarial Networks (GANs) principles to design a novel Adversarial CLKT (A-CLKT) approach. A-CLKT operates on untranslated text to retain the original semantics of the language and leverages the collective knowledge about cyber threats across languages to create a language invariant representation without any manual feature engineering or external resources. Three experiments demonstrate how A-CLKT outperforms state-of-the-art machine learning, deep learning, and CLKT algorithms in identifying cyber-threats in French and Russian forums.

Detecting Cyber Threats in Non-English Dark Net Markets: A Cross-Lingual Transfer Learning Approach
M. Ebrahimi, Y. Chai, H. Zhang, H. Chen
IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 85-90, Florida, US, IEEE, Nov. 8-10, 2018, (Best Paper Award Runner-Up).

Abstract BibTeX PDF IEEE ISI'18
Recent advances in proactive cyber threat intelligence rely on early detection of cyber threats in hacker communities. Dark Net Markets (DNMs) are growing platforms in hacker community that provide hackers with highly-specialized tools and products which may not be found in other platforms. While text classification techniques have been used for cyber threat detection in English DNMs, the task is hindered in non-English platforms due to the language barrier and lack of ground-truth data. Current approaches use monolingual models on machine translated data to overcome these challenges. However, the translation errors can deteriorate the classification results. The abundance of data in English DNMs can be leveraged in learning non-English threats without using machine translation. In this study, we show that a deep cross-lingual model that can jointly learn the common language representation from two languages, significantly outperforms a monolingual model learned on machine translated data for identifying cyber threats in non-English DNMs. Unlike most studies, our approach does not require any external data source such as bilingual word embeddings or bilingual lexicons. Our experiments on Russian DNMs show that this approach can achieve better performance than state-of-the-art methods for non-English cyber threat detection in malicious hacker community.
@INPROCEEDINGS{8587404, author={M. {Ebrahimi} and M. {Surdeanu} and S. {Samtani} and H. {Chen}}, booktitle={2018 IEEE International Conference on Intelligence and Security Informatics (ISI)}, title={Detecting Cyber Threats in Non-English Dark Net Markets: A Cross-Lingual Transfer Learning Approach}, year={2018}, volume={}, number={}, pages={85-90},}

Recognizing Predatory Chat Documents using Semi-supervised Anomaly Detection
M. Ebrahimi, C. Y. Suen, O. Ormandjieva, A. Krzyzak
23rd Document Recognition Retrieval Conference (DRR 2016), pp. 1-9(9), San Francisco, CA, February 14-18, 2016.

Abstract BibTeX PDF DRR'16
Chat-logs are informative documents available to nowadays social network providers. Providers and law enforcement tend to use these huge logs anonymously for automatic online Sexual Predator Identification (SPI) which is a relatively new area of application. The task plays an important role in protecting children and juveniles against being exploited by online predators. Pattern recognition techniques facilitate automatic identification of harmful conversations in cyber space by law enforcements. These techniques usually require a large volume of high-quality training instances of both predatory and non-predatory documents. However, collecting non-predatory documents is not practical in real-world applications, since this category contains a large variety of documents with many topics including politics, sports, science, technology and etc. We utilized a new semi-supervised approach to mitigate this problem by adapting an anomaly detection technique called One-class Support Vector Machine which does not require non-predatory samples for training. We compared the performance of this approach against other state-of-the-art methods which use both positive and negative instances. We observed that although anomaly detection approach utilizes only one class label for training (which is a very desirable property in practice); its performance is comparable to that of binary SVM classification. In addition, this approach outperforms the classic two-class Naïve Bayes algorithm, which we used as our baseline, in terms of both classification accuracy and precision.
@article{ebrahimi2016recognizing, title={Recognizing predatory chat documents using semi-supervised anomaly detection}, author={Ebrahimi, Mohammadreza and Suen, Ching Y and Ormandjieva, Olga and Krzyzak, Adam}, journal={Electronic Imaging}, volume={2016}, number={17}, pages={1--9}, year={2016}, publisher={Society for Imaging Science and Technology}}

Identifying High-Impact Opioid Products and Key Sellers in Dark Net Marketplaces: An Interpretable Text Analytics Approach
P. Du, M. Ebrahimi, N. Zhang, H. Chen, R. A. Brown and S. Samtani
IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 110-115, Shenzhen, China, Jul. 1-3, 2019.

Abstract BibTeX PDF IEEE ISI'19
As the Internet based applications become more and more ubiquitous, drug retailing on Dark Net Marketplaces (DNMs) has raised public health and law enforcement concerns due to its highly accessible and anonymous nature. To combat illegal drug transaction among DNMs, authorities often require agents to impersonate DNM customers in order to identify key actors within the community. This process can be costly in time and resource. Research in DNMs have been conducted to provide better understanding of DNM characteristics and drug sellers' behavior. Built upon the existing work, researchers can further leverage predictive analytics techniques to take proactive measures and reduce the associated costs. To this end, we propose a systematic analytical approach to identify key opioid sellers in DNMs. Utilizing machine learning and text analysis, this research provides prediction of high-impact opioid products in two major DNMs. Through linking the high-impact products and their sellers, we then identify the key opioid sellers among the communities. This work intends to help law enforcement authorities to formulate strategies by providing specific targets within the DNMs and reduce the time and resources required for prosecuting and eliminating the criminals from the market.
@inproceedings{du2019identifying, title={Identifying High-Impact Opioid Products and Key Sellers in Dark Net Marketplaces: An Interpretable Text Analytics Approach}, author={Du, Po-Yi and Ebrahimi, Mohammadreza and Zhang, Ning and Chen, Hsinchun and Brown, Randall A and Samtani, Sagar}, booktitle={2019 IEEE International Conference on Intelligence and Security Informatics (ISI)}, pages={110--115}, year={2019}, organization={IEEE}}

Dark-Net Ecosystem Cyber-Threat Intelligence (CTI) Tool
N. Arnold, M. Ebrahimi, N. Zhang, B. Lazarine, M. Patton, H. Chen, S. Samtani
IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 92-97. Shenzhen, China, IEEE, Jul. 1-2, 2019.

Abstract BibTeX PDF IEEE ISI'19
The frequency and costs of cyber-attacks are increasing each year. By the end of 2019, the total cost of data breaches is expected to reach $2.1 trillion through the ever-growing online presence of enterprises and their consumers. The tools to perform these attacks and the breached data can often be purchased within the Dark-net. Many of the threat actors within this realm use its various platforms to broker, discuss, and strategize these cyber-threat assets. To combat these attacks, researchers are developing Cyber-Threat Intelligence (CTI) tools to proactively monitor the ever-growing online hacker community. This paper will detail the creation and use of a CTI tool that leverages a social network to identify cyber-threats across major Dark-net data sources. Through this network, emerging threats can be quickly identified so proactive or reactive security measures can be implemented.
@inproceedings{arnold2019dark, title={Dark-Net Ecosystem Cyber-Threat Intelligence (CTI) Tool}, author={Arnold, Nolan and Ebrahimi, Mohammadreza and Zhang, Ning and Lazarine, Ben and Patton, Mark and Chen, Hsinchun and Samtani, Sagar}, booktitle={2019 IEEE International Conference on Intelligence and Security Informatics (ISI)}, pages={92--97}, year={2019}, organization={IEEE}}

Identifying, Collecting, and Presenting Hacker Community Data: Forums, IRC, Carding Shops, and DNMs
P. Du, N. Zhang, M. Ebrahimi et al.
IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 70-75, Miami, FL, Nov. 8-10, 2018.

Abstract BibTeX PDF IEEE ISI'18
Cyber-attacks cost the global economy over $450 billion annually. To combat this issue, researchers and practitioners put enormous efforts into developing Cyber Threat Intelligence, or the process of identifying emerging threats and key hackers. However, the reliance on internal network data to has resulted in inherently reactive intelligence. CTI experts have urged the importance of proactively studying the large, ever-evolving online hacker community. Despite their CTI value, collecting data from hacker community platforms is a non-trivial task. In this paper, we summarize our efforts in systematically identifying and automatically collecting a large-scale of hacker forums, carding shops, Internet-Relay-Chat, and Dark Net Marketplaces. We also present our efforts to provide this data to the larger CTI community via the AZSecure Hacker Assets Portal (www.azsecure-hap.com). With our methodology, we collected 102 platforms for a total of 43,981,647 records. To the best of our knowledge, this compilation of hacker community data is the largest such collection in academia.
@inproceedings{du2018identifying, title={Identifying, Collecting, and Presenting Hacker Community Data: Forums, IRC, Carding Shops, and DNMs}, author={Du, Po-Yi and Zhang, Ning and Ebrahimi, Mohammedreza and Samtani, Sagar and Lazarine, Ben and Arnold, Nolan and Dunn, Rachael and Suntwal, Sandeep and Angeles, Guadalupe and Schweitzer, Robert and others}, booktitle={2018 IEEE International Conference on Intelligence and Security Informatics (ISI)}, pages={70--75}, year={2018}, organization={IEEE}}

Detecting and Investigating Crime by Means of Data Mining: A General Crime Matching Framework
M. Keyvanpour, M. Javideh, M. Ebrahimi
World Conference on Information Technology 2010, Procedia Computer Science, Volume 3, pp. 872-880, Edited by AdemKarahoca, Sezer, 2011.

Abstract BibTeX PDF WorldCIST
Data mining is a way to extract knowledge out of usually large data sets; in other words it is an approach to discover hidden relationships among data by using artificial intelligence methods. The wide range of data mining applications has made it an important field of research. Criminology is one of the most important fields for applying data mining. Criminology is a process that aims to identify crime characteristics. Actually crime analysis includes exploring and detecting crimes and their relationships with criminals. The high volume of crime datasets and also the complexity of relationships between these kinds of data have made criminology an appropriate field for applying data mining techniques. Identifying crime characteristics is the first step for developing further analysis. The knowledge that is gained from data mining approaches is a very useful tool which can help and support police forces. An approach based on data mining techniques is discussed in this paper to extract important entities from police narrative reports which are written in plain text. By using this approach, crime data can be automatically entered into a database, in law enforcement agencies. We have also applied a SOM clustering method in the scope of crime analysis and finally we will use the clustering results in order to perform crime matching process.
@article{keyvanpour2011detecting, title={Detecting and investigating crime by means of data mining: a general crime matching framework}, author={Keyvanpour, Mohammad Reza and Javideh, Mostafa and Ebrahimi, Mohammad Reza}, journal={Procedia Computer Science}, volume={3}, pages={872--880}, year={2011}, publisher={Elsevier}}

MASTER’S THESIS

Automatic Identification of Online Predators in Chat Logs by Anomaly Detection and Deep Learning
P. Du, N. Zhang, M. Ebrahimi et al.
Master's Thesis, Computer Science Department, Concordia University, Montreal 2016.

Abstract BibTeX PDF Thesis
Providing a safe environment for juveniles and children in online social networks is considered as a major factor in improving public safety. Due to the prevalence of the online conversations, mitigating the undesirable effects of juvenile abuse in cyberspace has become inevitable. Using automatic ways to address this kind of crime is challenging and demands efficient and scalable data mining techniques. The problem can be casted as a combination of textual preprocessing in data/text mining and binary classification in machine learning. This thesis proposes two machine learning approaches to deal with the following two issues in the domain of online predator identification: 1) The first problem is gathering a comprehensive set of negative training samples which is unrealistic due to the nature of the problem. This problem is addressed by applying an existing method for semi-supervised anomaly detection that allows the training process based on only one class label. The method was tested on two datasets; 2) The second issue is improving the performance of current binary classification methods in terms of classification accuracy and F1-score. In this regard, we have customized a deep learning approach called Convolutional Neural Network to be used in this domain. Using this approach, we show that the classification performance (F1-score) is improved by almost 1.7% compared to the classification method (Support Vector Machine). Two different datasets were used in the empirical experiments: PAN-2012 and SQ (Sûreté du Québec). The former is a large public dataset that has been used extensively in the literature and the latter is a small dataset collected from the Sûreté du Québec.
@phdthesis{ebrahimi2016automatic, title={Automatic Identification of Online Predators in Chat Logs by Anomaly Detection and Deep Learning}, author={Ebrahimi, Mohammadreza}, year={2016}, school={Computer Science Department, Concordia University, Montreal, Canada}}

AWARDS & HONORS

  • Selected for Doctoral Consortium of International Conference on Information Systems (ICIS), 2020.
  • Paul S. and Shirley Goodman Award, 2020.
  • IEEE S&P Student Travel and Registration Award for Deep Learning and Security Workshop, May 2020.
  • IEEE ISI 2018 Best Paper Award Runner-up, November 9, 2018 (First author of: Detecting Cyber Threats in Non-English Dark Net Markets: A Cross-Lingual Transfer Learning Approach).
  • Concordia University 25th Anniversary Fellowship – Engineering and Computer Science Department, January 2015 (Awarded based on academic excellence to a few students each year).
  • Power Corporation of Canada Graduate Fellowship, May 2015 (Awarded based on academic excellence to 5 students each year).
  • Graduate Conference and Exposition Award, December 2015.
  • Ranked 1st in RoboCup Iran Open International Competitions 2007-Middle Size Robots.
  • Top (1st) university student in Fall 2007 and Spring 2008 with GPAs of 18.43/20.00 and 19.50/20.00, respectively.

Back to Top