Research Interests
Adaptive Security
My research focuses on designing adaptive security systems that continuously detect, diagnose, and mitigate evolving threats in complex cyber-physical environments, such as smart homes. We combine requirements and behavioural models of the system with runtime anomaly detection and abductive reasoning to enable the automated diagnosis of previously unknown attacks. We have also demonstrated how symbolic learning techniques can evolve security requirements and system specifications from operational traces, allowing systems to adapt their defensive behaviour in response to threats discovered at runtime. Looking forward, I aim to explore the integration of human–AI collaboration as a core principle of sustainable security. Inspired by emerging research that emphasises synergistic frameworks in which AI augments human expertise while preserving human agency, I envision adaptive security systems in which human insight, strategic judgement, and ethical oversight work alongside AI systems for threat detection and mitigation.
Relevant Publications
1) "The Rocky Road To Sustainable Security." Liliana Pasquale, Kushal Ramkumar, Wanling Cai, John McCarthy, Gavin Doherty, and Bashar Nuseibeh. IEEE Security & Privacy Magazine, Vol. 22, no. 5, pp.82-86, 2024. <PDF>
2) "Diagnosing Unknown Attacks in Smart Homes Using Abductive Reasoning." Kushal Ramkumar, Wanling Cai, John McCarthy, Gavin Doherty, Bashar Nuseibeh, and Liliana Pasquale. IEEE Transactions on Software Engineering, Vol. 51, no. 11, pp. 3117-3137, 2025. <PDF>
3) "Towards Using Inductive Learning to Adapt Security Controls in Smart Homes." Kushal Ramkumar, Wanling Cai, John McCarthy, Gavin Doherty, Bashar Nuseibeh, and Liliana Pasquale. In Proceedings of the 20th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2025), Ottawa, Canada, Apr 28-29, pp. 140-146, IEEE Computer Society, 2025. <PDF>
4) "Human-Centric Security for Smart Homes: A Scoping Review." Wanling Cai, Liliana Pasquale, Kushal Ramkumar, John McCarthy, Bashar Nuseibeh, and Gavin Doherty. Computer & Security, Vol. 162, pp. 104762, 2026. <PDF>
Ransomware Detection
My research advances ransomware defence by developing machine learning methods that are robust to adversarial behaviour and long-term threat evolution. We studied how ransomware campaigns exploit human vulnerabilities through phishing and show that affective signals provide actionable indicators for early attack detection. To overcome limitations in existing security datasets, we created the MLRan suite, comprising large-scale behavioural, image-based, and MITRE ATT&CK–annotated ransomware datasets that support reproducible, interpretable security research. Using these resources, we demonstrate how ransomware evolution induces behavioural drift that undermines static detectors. We address this challenge through evolution-aware evaluation, multimodal supervised contrastive learning, and ATT&CK technique prediction, enabling models to infer attacker intent rather than merely detect malware.
Relevant Publications
1) "MLRan: A Behavioural Dataset for Ransomware Analysis and Detection." Faithful Chiagoziem Onwuegbuche, Sunday Olaoluwa Adelodun, Anca Delia Jurcut, Liliana Pasquale. Journal of Network and Computer Applications , Vol 250, 2026. <PDF>
2) "Securing the Weakest Link: Exploring Affective States Exploited in Phishing Emails With Large Language Models." Faithful Chiagoziem Onwuegbuche, Rajesh Titung, Esa M. Rantanen, Anca Delia Jurcut, Cecilia O. Alm, Liliana Pasquale. IEEE Access , Vol 13, pp. 173460-173486, 2025. <PDF>
Regulatory-Compliant Systems
My research focuses on engineering software systems that demonstrate regulatory compliance, with particular emphasis on the GDPR and regulations protecting children in digital services. We developed requirements-based methods to interpret legal obligations—such as lawfulness, purpose limitation, and data minimisation—and systematically map them to system goals, design decisions, and operational controls. We have also investigated age-verification mechanisms on social media platforms, and, more broadly, I am interested in approaches to designing technologies that uphold children’s fundamental rights while protecting them from privacy and security threats.
Relevant Publications
1) "GDPR Compliance via Software Evolution: Weaving Security Controls in Software Design." Vanessa Ayala-Rivera, Omar A. Portillo-Dominguez, Liliana Pasquale. Journal of Systems and Software, pp. 112144, Elsevier, 2024. <PDF>
2) "Digital Age of Consent and Age Verification: Can They Protect Children?." Liliana Pasquale, Paola Zippo, Cliona Curley, Brian O'Neill, Marina Mongiello. IEEE Software, Vol. 38, No. 3, pp. 50-57, IEEE, 2022. <PDF>
3) ""The Grace Period Has Ended": An Approach to Operationalize GDPR Requirements." Vanessa Ayala-Rivera, Liliana Pasquale. In Proceedings of the 26th International Requirements Engineering Conference (RE 2018), pp. 136-146, IEEE Computer Society, 2018. <PDF>
4) "Towards Adaptive Compliance." Jesus Garcia-Galan, Liliana Pasquale, George Grispos, Bashar Nuseibeh. In Proceedings of the 11th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2016), Austin, Texas, USA, May 17-18, pp. 108--114, ACM, 2016. <PDF>