Md Rayhanur Rahman

College of Engineering

Works (8)

Updated: July 25th, 2025 05:05

2025 article

If you cannot Measure it, you cannot Secure it. A Case Study on Metrics for Informed Choice of Security Controls

Rahman, M. R., Rahman, I., & Williams, L. (2025, May 9). Journal of Information Security and Applications.

By: M. Rahman*, I. Rahman n & L. Williams n

author keywords: Security controls; Adversarial techniques; NIST SP800-53; ATT&CK; TTPs
topics (OpenAlex): Information and Cyber Security; Advanced Malware Detection Techniques; Network Security and Intrusion Detection
Source: Web Of Science
Added: May 27, 2025

2024 article

A Survey on Software Vulnerability Exploitability Assessment

Rahman, M. R., Fringer, G., Kapoor, K., & Williams, L. (2024, March 20). ACM Computing Surveys.

By: M. Rahman n, G. Fringer n, K. Kapoor n & L. Williams n

author keywords: Exploitability; software vulnerability
topics (OpenAlex): Software Reliability and Analysis Research; Software Engineering Research; Information and Cyber Security
Source: Web Of Science
Added: June 11, 2024

2024 article

Towards a Taxonomy of Challenges in Security Control Implementation

Rahman, M. R., Wroblewski, B., Tamanna, M., Rahman, I., Anufryienak, A., & Williams, L. (2024, December 9).

By: M. Rahman n, B. Wroblewski n, M. Tamanna n, I. Rahman n, A. Anufryienak* & L. Williams n

author keywords: Security controls; Taxonomy; Large Language Models; MITRE ATT&CK
topics (OpenAlex): Information and Cyber Security
Source: Web Of Science
Added: July 21, 2025

2022 article

What Are the Attackers Doing Now? Automating Cyberthreat Intelligence Extraction from Text on Pace with the Changing Threat Landscape: A Survey

Rahman, M. R., Hezaveh, R. M., & Williams, L. (2022, November 22). ACM Computing Surveys.

By: M. Rahman n, R. Hezaveh n & L. Williams n

author keywords: Cyberthreat intelligence; CTI extraction; CTI mining; IoC extraction; TTPs; extraction; attack pattern extraction; threat reports; tactical threat intelligence; technical threat intelligence
topics (OpenAlex): Information and Cyber Security; Cybercrime and Law Enforcement Studies; Advanced Malware Detection Techniques
TL;DR: The goal of this article is to aid cybersecurity researchers in understanding the current techniques used for cyberthreat intelligence extraction from text through a survey of relevant studies in the literature, finding 11 types of extraction purposes and 7 types of textual sources for CTI extraction. (via Semantic Scholar)
Source: Web Of Science
Added: April 24, 2023

2022 article

Why secret detection tools are not enough: It’s not just about false positives - An industrial case study

Rahman, M. R., Imtiaz, N., Storey, M.-A., & Williams, L. (2022, March 17). Empirical Software Engineering.

By: M. Rahman n, N. Imtiaz n, M. Storey* & L. Williams n

author keywords: Secret detection tool; Hardcoded secrets; Secrets in repositories; Credentials in repositories
topics (OpenAlex): Advanced Malware Detection Techniques; Software Engineering Research; Information and Cyber Security
TL;DR: It is found that, despite developers classified 50% of the warning as false positive, developers also bypassed the warning due to time constraints, working with non-shipping projects, technical challenges of eliminating secrets completely from the version control history, technical debts, and perceptions that check-ins are low risk. (via Semantic Scholar)
Source: Web Of Science
Added: April 4, 2022

2021 article

Security Smells in Ansible and Chef Scripts

Rahman, A., Rahman, M. R., Parnin, C., & Williams, L. (2021, January 20). ACM Transactions on Software Engineering and Methodology.

By: A. Rahman*, M. Rahman n, C. Parnin n & L. Williams n

topics (OpenAlex): Advanced Malware Detection Techniques; Information and Cyber Security; Software Engineering Research
TL;DR: This article identifies two security smells not reported in prior work: missing default in case statement and no integrity check and recommends practitioners to rigorously inspect the presence of the identified security smells in Ansible and Chef scripts using code review, and static analysis tools. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: March 8, 2021

2020 article

A Literature Review on Mining Cyberthreat Intelligence from Unstructured Texts

Rahman, M. R., Mahdavi-Hezaveh, R., & Williams, L. (2020, November 1).

By: M. Rahman n, R. Mahdavi-Hezaveh n & L. Williams n

topics (OpenAlex): Information and Cyber Security; Cybercrime and Law Enforcement Studies; Spam and Phishing Detection
TL;DR: It is found that the most prominent sources of unstructured threat data are the threat reports, Twitter feeds, and posts from hackers and security experts, and natural language processing (NLP) based approaches: topic classification; keyword identification; and semantic relationship extraction among the keywords are mostly availed in the selected studies to mine CTI information from un Structured threat sources. (via Semantic Scholar)
Source: Web Of Science
Added: July 12, 2021

2019 article

Share, But be Aware: Security Smells in Python Gists

Rahman, M. R., Rahman, A., & Williams, L. (2019, September 1).

By: M. Rahman n, A. Rahman* & L. Williams n

author keywords: GitHub; Gist; Python; Security; Security Smell; Static Analysis; Software Security
topics (OpenAlex): Software Engineering Research; Advanced Malware Detection Techniques; Security and Verification in Computing
TL;DR: This paper finds 13 types of security smells with 4,403 occurrences in 5,822 publicly-available Python Gists and finds no significance relation between the presence of these security smells and the reputation of the Gist author. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: Web Of Science
Added: April 14, 2020

Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.

Certain data included herein are derived from the Web of Science© and InCites© (2026) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.