Cyber-criminals are using evermore sophisticated and largely automated attacks. Inspired by lessons learned from public health, Hassan’s research puts forward the idea of identifying vulnerable user populations and, based on this information, creating an additional layer of defense that will help limit the spread, and cost, of cyber-attacks. His work will help educate vulnerable user populations against automated attacks. 

Research Description

State-of-the-art defenses against automated mass-scale cyber-attacks are mostly reactive and generally follow a ‘first-detect-then-prevent’ approach. This gives attackers the ability to evade detection by adjusting their tactics in order to circumvent the employed defenses and still reach the end-users. My research advocates for a proactive approach of identifying the vulnerable users, and employing this information to better protect them by building more robust and efficient system-wide defenses. Specifically, my work investigates novel defenses at the level of the system/infrastructure as well as at the level of individual users in large socio-technical systems. The goal is to develop techniques to identify the population of users vulnerable to various types of large-scale automated attacks. Then, using this knowledge to improve the robustness and efficiency of system-wide defenses, as well as to uncover ways to influence the behaviour of vulnerable users in order to decrease their susceptibility to large-scale attacks. For up-to-date information and links to recent publications, please visit the Artemis project webpage.

What does being a Public Scholar mean to you?

In my opinion, being a public scholar is about purposefully contributing to the public good during one’s pursuit of knowledge. It’s also about bridging the divide between academia and industry; to bring to light many of the novel contributions from academia and provide an avenue to apply them in industry for the benefit of the public at large. I believe that being a public scholar is something that we should all aspire to.

In what ways do you think the PhD experience can be re-imagined with the Public Scholars Initiative?

I think that the Public Scholars Initiative is paving the way for a new generation of graduate students that aim to go beyond the traditional boundaries of doctoral education; to seek the fulfillment of our social responsibilities in the course of our academic studies for the benefit of the public at large, and to carry out our mission of knowledge transfer to practitioners in the industry.

How do you envision connecting your PhD work with broader career possibilities?

I envision numerous opportunities for collaboration with industry partners considering that my proposed victim-centric defense strategy can be directly applied to key problem areas in various application domains. The techniques developed over the course of my research can be applied, for example, to: mitigate large-scale phishing attacks on enterprise users, augment compromise detection and prevention mechanisms for email accounts, and improve privacy and security in online social networks. Our research team at UBC has already established ties with several industry partners including: Alex Loffler from Telus, Dr. Baris Coskun from Yahoo! Research, Dr. Elizeu Santos-Neto from Google, and Dr. Yazan Boshmaf from the Qatar Computing Research Institute.

How does your research engage with the larger community and social partners?

Organizations that operate or use large socio-technical systems with a large numbers of users will be direct beneficiaries of my research. Examples include, but are not limited to: banks, provincial and federal governments, hospitals, universities, telecom providers, and operators of cloud-based services (e.g., online social networks, web e-mail operated by Google, Yahoo or Facebook). More generally, internet users at large will benefit from a safer cyberspace.

How do you hope your work can make a contribution to the “public good”?

My research has the potential of benefiting the public along several directions including mitigating the economic impact of cyber-attacks and informing public policy. My work has the potential to lead to more effective, efficient and robust security defenses than current conventional approaches thereby reducing the success rate of mass-scale cyber-attacks, and therefore their overall economic cost to companies, users, and the public at large. Additionally, the insights gained during this exploration would enable the investigation of users’ underlying risk factors (i.e., determining the context, behaviors, assumptions, or other factors that could lead to unsafe security decisions made by users). Such an analysis can inform public policy with regards to cyber-security and privacy procedures, and guide user education as well as the advice offered to Internet users at large.

Why did you decide to pursue a graduate degree?

I've always been passionate about learning, about understanding how things work, and about investigating and solving problems that are novel and challenging. I was fortunate enough to learn first-hand, during my undergraduate thesis under the mentorship of Prof. Hassanein Amer and Dr. Ramez Daoud, that “doing research” is a path to fulfil those passions. As such, I’ve decided to pursue a graduate degree for the opportunity to continue along this path of learning and discovery.

Why did you choose to come to British Columbia and study at UBC?

Given the multidisciplinary nature of my research work, I chose to study at UBC so that I could gain the support and mentorship of experienced investigators from both academia and industry (i.e., from UBC and interested industry partners). Those investigators collectively have a wide range of expertise, from the design and development of systems for large-scale data analytics (my advisor, Prof. Ripeanu), to designing secure systems and usable security & privacy design (Prof. Beznosov).


In my opinion, being a public scholar is about purposefully contributing to the public good during one’s pursuit of knowledge".