PhD Candidate in Computer Science

Stony Brook University

About Me

I am a PhD student at PragSec Lab in Computer Science Department of Stony Brook University where I am fortunate to work under the supervision of Nick Nikiforakis. My research interests revolve around cyber crime and web security and my current research is focused on:
• Malware Analysis Systems
• Data Mining and Attack Attribution
• DNS and Malicious Domains
• Modern Social Engineering Attacks

I’ve got my Master’s degree from Sharif University of Technology and my Bachelor’s degree from University of Tehran. Before joining Stony Brook University, I worked for a couple of years at MCI.


Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse,
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gomez, Nikolaos Pitropakis, Nick Nikiforakis, and Manos Antonakakis,
24th ACM Conference on Computer and Communications Security (CCS) , 2017
Spotless Sandbox: Evading Malware Analysis Systems Using Wear-and-Tear Artifacts,
Najmeh Miramirkhani, Mahathi Priya Appini, Nick Nikiforakis, and Michalis Polychronakis,
38th IEEE Symposium on Security and Privacy (IEEE S&P), 2017
Dial One for Scam: A Large-Scale Analysis of Technical Support Scams,
Najmeh Miramirkhani, Oleksii Starov, and Nick Nikiforakis ,
24th Network and Distributed System Security Symposium (NDSS), 2017 , Distinguished Paper Award
Media Coverage: WIRED, Slashdot, Sophos, OnTheWire
The Politics of Routing: Investigating the Relationship Between AS Connectivity and Internet Freedom,
Rachee Singh, Hyungjoon Koo, Najmeh Miramirkhani, Fahimeh Mirhaj, Phillipa Gill, and Leman Akoglu,
USENIX Workshop on Free and Open Communications on the Internet (USENIX FOCI) Austin, TX. Aug, 2016
Inductive Analysis of the Eligibility Property in e-voting protocols,
Najmeh Miramirkhani , Rasool Jalili,
9th International ISC Conference on Information Security & Cryptology (ISCISC), 2012
Formalization of Blind Signature using the Inductive Method,
Najmeh Miramirkhani, Rasool Jalili,
5th International Conference on Information Security and Cryptology (ISCTURKEY),2012
Analysis of an E-voting Protocol using the Inductive Method,
Najmeh Miramirkhani, Hamid Reza Mahrooghi, Rasool Jalili,
Fundamentals of Software Engineering Conference (FSEN), 2011
Formalization of Broadcast and E-Voting Primitives using the Inductive Method,
Najmeh Miramirkhani, Hamid Reza Mahrooghi, Rasool Jalili,
8th International ISC Conference on Information Security & Cryptology (ISCISC), 2011


Work Experience
    • Verisign Labs, Reston, VA, Research Intern
    Analysis of Digital Object Architecture as a web infrasrtucture (The research resulted in four filed patents)
    • MCI, Tehran , Project Manager
    Leading a team to run enterprise projects (Vulnerability Assessment, Risk Assessment, and Hardening)
    • Sina Bank, Tehran, Security Engineer
    Threat management, Security assessment, and Network security design
Research Assistant
    • PragSecLab , Computer Science Department, Stony Brook University
    • Data & Network Security Lab, School of Computer Engineering, Sharif University of Technology
    • Institute for Research In Fundamental Sciences (IPM), Tehran
Lecturer/Teaching Assistant
    • Teaching Assistant in Python Programming, Computer Science department of Stony Brook University
    • Teaching Assistant in Web Design, Computer Science department of Stony Brook University
    • Lecturer in File structure, Department of Computer Engineering, Amirkabir College of Management and Technology
    • Teaching Assistant in Software Systems Analysis and Design, School of Electrical and Computer Engineering, University of Tehran
    • Teaching Assistant in Advanced programming, School of Electrical and Computer Engineering, University of Tehran


Logitutinal Study of Combosquatting Abuse
We performed a large scale analysis of combosquatting domains to investigates the prevalence of this practice and its serious abuse cases in the wild over the past 5 years using passive DNS of one of the biggest ISPs.
Environment Aware Malware
We proposed a novel class of sandbox evasion techniques which is based on how realistic the past use of malware analysis systems look like. We investigated the feasibility of this evasion strategy by conducting a large-scale study on real user devices and publicly available malware analysis services.
Large Scale Analysis of Technical Support Scam
We conducted the first systematic study of technical support scams and the call centers hidden behind them. We built an automated system capable of discovering, on a weekly basis, hundreds of phone numbers and domains operated by scammers which provide insights on their prevalence, the abused infrastructure, the illicit profits, and the current evasion attempts of scammers. We also set up a controlled, IRB-approved, experiment where we interacted with 50+ different scammers, we experienced first-hand their social engineering tactics, while collecting detailed statistics of the entire process.
Investigating the Relationship between AS Connectivity and Internet Freedom
We combined techniques from network measurement and machine learning to identify features of Internet structure at the national level that are the best indicators of a country’s level of freedom. We found that IP density and path lengths to other countries are the best indicators of a country’s freedom.
Dangerous Practices of JavaScript Inclusions
We built a reliable crawler to perform a large-scale study on the trust relationships between websites and JavaScript providers. We deployed the crawler to crawl top 100K Alexa domains and studied practices of the domains in including JavaScript libraries.


Department of Computer Science,Stony Brook University
Stony Brook, NY 11794-2424