I am an assistant professor in the Department of Computer Science and Engineering and director of Active Cyber and Infrastructure Defense (ACID) lab at University of Colorado Denver. I received my Ph.D. from University of North Carolina Charlotte in 2017 where I was a member of Cyber Defense and Network Assurability (CyberDNA) Center. My research interest lies in a spectrum of topics in security and privacy, including but not limited to active cyber defense (ACD), security analytics and automation, big data analytics for security and privacy, and securing critical infrastructures including cyber-physical systems, and Internet-of-Things.
My primary research interests include:
Actice Cyber Defense for Emerging Threats on Networks, Applications and Infrastructures
Big Data Analytics for Cyber Threat Intelligence
Security for Cyber-Physical Systems & Critical Infrastructures
Security for Internet-of-Things
Security Analytics and Automation
Word Cloud of Publications
WebMTD: Defeating Web Code Injection Attacks using Web Element Attribute Mutation, Amirreza Niakanlahiji, J. Haadi Jafarian, 2017 ACM Workshop on Moving Target Defense, ACM CCS, 2017.
Insider Threat Mitigation Using Moving Target Defense and Deception, Hassan Takabi, J. Haadi Jafarian, 2017 International Workshop on Managing Insider Security Threats, ACM CCS, 2017.
Multi-dimensional Host Identity Anonymization for Defeating Skilled Attackers, J. Haadi Jafarian, A. Niakanlahiji, E. Al-Shaer, and Qi Duan, 2016 ACM Workshop on Moving Target Defense, ACM CCS, 2016.
An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks, J. Haadi Jafarian, E. Al-Shaer, and Qi Duan, IEEE Transactions on Information Forensics and Security, Vol. 10, No. 12, 2015.
Adversary-aware IP Address Randomization for Proactive Agility against Sophisticated Attackers, J. Haadi Jafarian, E. Al-Shaer, and Qi Duan, IEEE INFOCOM, 2015.
Spatiotemporal Address Mutation for Proactive Cyber Agility against Sophisticated Attackers, J. Haadi Jafarian, E. Al-Shaer, and Qi Duan, First ACM Workshop on Moving Target Defense (MTD'14), ACM CCS, 2014.
Efficient Random Route Mutation Considering Flow and Network Constraints, Qi Duan, E. Al-Shaer, and J. Haadi Jafarian, IEEE Conference on Communications and Network Security (CNS), 2013.
Formal Approach for Route Agility Against Persistent Attackers, J. Haadi Jafarian, E. Al-Shaer, and Qi Duan, 18th European Symposium on Research in Computer Security (ESORICS), 2013.
OpenFlow Random Host Mutation: Transparent Moving Target Defense using Software Defined Networking, J. Haadi Jafarian, E. Al-Shaer, and Qi Duan, ACM SIGCOM Workshop on Hot Topics in Software Defined Networking (HotSDN), 2012.
Random Host Mutation for Moving Target Defense, E. Al-Shaer, Qi Duan, and J. Haadi Jafarian 8th International Conference on Security and Privacy in Communication Networks, 2012.
Towards a General Framework for Optimal Role Mining: A Constraint Satisfaction Approach, J. Haadi Jafarian, Hassan Takabi, Hakim Touati, Ehsan Hesamifard, and Mohamed Shehab, 20th ACM Symposium on Access Control Models and Technologies (SACMAT), 2015.
A Vagueness-based Obfuscation Technique for Protecting Location Privacy, J. Haadi Jafarian, Second IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT2010), 2010.
Protecting Location Privacy through a Graph-based Location Representation and a Robust Obfuscation Technique, J. Haadi Jafarian, A. Noorollahi, Morteza Amini, Rasool Jalili, 11th International Conference on Information Security and Cryptology (ICISC 2008), 2008.
GTHBAC: A Generalized Temporal History-Based Access Control Model, A. Noorollahi, J. Haadi Jafarian , Morteza Amini , Rasool Jalili, Telecommunication Systems, Volume 45, Issue 2-3, 2010.
CAMAC: A Context-Aware Mandatory Access Control Model, J. Haadi Jafarian, Morteza Amini, ISC International Journal of Information Security (ISeCure), Vol.1, No. 1, 2009.
GTHBAC: A Generalized Temporal History-Based Access Control Model, J. Haadi Jafarian, Morteza Amini, Rasool Jalili, 27th international conference on Computer Safety, Reliability, and Security (SafeComp 2008), 2008.
A History-Based Semantic Aware Access Control Model Using Logical Time Approach, A. Noorollahi, Morteza Amini , Rasool Jalili, J. Haadi Jafarian, 3rd IEEE International Workshop on Internet and Distributed Computing Systems (IDCS 2008), 2008.
A Gray-Box DPDA-Based Intrusion Detection Technique Using System-Call Monitoring, J. Haadi Jafarian, Ali Abbasi, 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS 2011), 2011.
This project-oriented course introduces the fundamentals of developing Web-based applications, using Java Servlet/JSP and MySQL. Major topics include handling HTTP requests and responses, tracking sessions and cookies, accessing and manipulating the data, and separating content from presentation through the use of the MVC architecture. Particular attention will be paid to methods for making Web applications efficient, maintainable, and flexible. Additional topics may include HTML5 and CSS3 and introduction to secure coding for Web applications. At the end of this course, students will be able to build their own browser-based applications for e-commerce and other applications that require Web access to server-based resources.
This graduate-level course presents analytical study of state-of-the-art attack and defense paradigms in cyber systems and infrastructures. Analysis will focus on: theoretical foundations of cybersecurity, practical development of novel technical defense techniques and analysis of alternatives.
I am looking for strong students with an interest in information/cyber security and privacy. Students must have a strong technical background, good programming skills, and be willing to work hard. If you are interested in my research, please send me an email. More information about how to apply and minimum requirements are available here.