School of Information Technology and Engineering
Permanent URI for this collection
Browse
Recent Submissions
Item Deep Learning Based SIMBox Fraud Detection using CDR data: A case of Safaricom Ethiopia(Addis Ababa University, 2024-06) Fikirte Endalew; Elefelious Getachew (PhD)The telecommunications industry is a critical component of modern society, facilitating communication and data exchange across individuals and businesses globally. However, this interconnectedness also presents vulnerabilities that malicious actors exploit. In the telecom sector, fraud usually refers to deliberate misuse of voice and data networks as well as service theft. One of the most difficult problems telecom organizations worldwide have is SIMBox fraud. A SIMBox fraud diverts international calls to a cellular device through the internet via a device called a SIMBox, routing telecom services to local networks into the network as local services, using hundreds of low-cost or even unpaid SIM cards, which are often obtained with forged identities. Ethiopia’s distinctive ethnolinguistic, cultural, and socioeconomic landscape significantly shapes its Call Detail Record (CDR) data. To effectively detect SIM Box fraud within this context, it is imperative to develop fraud detection models that are specifically tailored to the Ethiopian telecommunications environment. Detecting fraud activities becomes increasingly challenging as the number of subscribers and CDR log volumes and velocities increase. In order to identify telecom fraud via data mining techniques, deep learning techniques have become more and more popular in the telecom sector and other domains in recent years. While Machine Learning algorithms demonstrate effectiveness in detection, a fundamental challenge lies in balancing speed with accuracy. This challenge requires a careful balance between the two, as optimizing one metric often compromises the other. Telecom operators are facing financial losses due to SIM box fraud. Early detection of these fraudulent activities is critical to minimize revenue leakage. Therefore, evaluating the effectiveness of various fraud detection systems is essential to ensure a swift response. In this thesis, a CRISP-DM based methodology is followed to collect, discover, preprocess and model as well as evaluate CDR based SIMBox fraud detection for Safaricom Ethiopia. BERT, MLP, LSTM and classic rRNN deep learning models are implemented with evaluation. The results show that the rRNN algorithm with GRU architecture showed the highest accuracy of 99.7% followed by LSTM, BERT and MLP at 99.1%,98.6% and 96.7% of accuracy respectively.Item BWAF-Net: Enhanced Human Promoter Identification via Biologically Weighted Attention Fusion of Transformer and Graph Attention Networks(Addis Ababa University, 2025-10) Zemedkun Abebe; Adane Letta (PhD)The identification of gene promoter regions is crucial for understanding transcriptional regulation, yet computational methods often struggle to effectively integrate the diverse biological signals involved. Existing approaches typically focus on a single data modality, such as the DNA sequence, or employ simple fusion techniques that fail to leverage explicit biological knowledge. To address these limitations, we present BWAF-Net, a novel multi-modal deep learning framework for the identification of human promoters. BWAF-Net integrates three data streams: DNA sequences processed by a Transformer to capture long-range dependencies; gene regulatory context from 36 tissue-specific networks modeled by a Graph Attention Network (GAT); and explicit domain knowledge in the form of 11 quantified biological motif counts (priors). The framework’s central innovation is the Biologically Weighted Attention Fusion (BWAF) layer, which uses the biological priors to learn dynamic attention weights that modulate the fusion of the sequence and network representations. Evaluated on a balanced dataset of 40,056 human promoter and non-promoter sequences, BWAF-Net achieved outstanding performance, with 99.87% accuracy, 99.99% AUC-ROC, and 100% precision on the held-out test set. The proposed framework significantly outperformed a replicated state-of-the-art, sequence-only baseline as well as a series of ablated models. Our ablation studies confirm that naive feature concatenation is a suboptimal fusion strategy, validating the necessity of the intelligent BWAF mechanism. By providing a framework that is highly accurate, parameter-efficient, and interpretable, this work presents a significant advance in multi-modal AI for regulatory genomics.Item Advancing Amharic Text Summarization with a Tailored Parameter-Efficient Fine-Tuning Technique(Addis Ababa University, 2025-08) Dagim Melkie; Fantahun Bogale (PhD)While recent progress in Large Language Models (LLMs) has revolutionized the field of Natural Language Processing (NLP), applying these models to low-resource languages such as Amharic presents considerable difficulties. Key obstacles include the scarcity of available data and the intensive computational cost associated with conventional finetuning methods. To overcome these issues, this thesis introduces a specialized parameterefficient fine-tuning (PEFT) framework developed specifically for Amharic text summarization. This new framework combines a dynamic low-rank adaptation component (DyLoRA-Amharic) with an adaptive activation method (AdaptAmharic), which work together to improve the model’s flexibility and optimize its resource allocation during training. The methodology involves injecting these custom modules into the mT5-small encoder– decoder architecture, allowing dynamic adjustment of DyLoRA-Amharic ranks and AdaptAmharic activation levels based on gradient signals. A joint optimization objective incorporating regularization terms for both rank and activation was employed to manage model complexity and ensure training stability. Comparative experiments were conducted against standard PEFT LoRA and Houlsby Adapter baselines on a curated Amharic summarization dataset. Experimental results demonstrate that the proposed DyLoRA-Amharic and Adapt Amharic framework significantly out performs the baselines across ROUGE, BLEU, and BERT Score metrics, achieving the lowest evaluation loss. Specifically, it improved ROUGEL by 30.5% and BLEU by 52.4% over the strongest baseline. This superior performance validates the efficacy of a densely injected, dynamic, and regularized architecture, challenging the conventional emphasis on maximal sparsity in PEFT. While the framework utilizes a higher proportion of trainable parameters (13.42%) compared to the baselines, this trade-off is justified by the substantial performance gains. This research contributes to advancing PEFT methodologies for low-resource NLP, providing a robust and adaptable solution for Amharic text summarization. The findings lay a foundation for developing more efficient and effective LLMs for diverse and linguistically underrepresented communitiesItem Collaborative Cyber Threat Information Sharing Framework for Collective Cyber Defense in Ethiopia(Addis Ababa University, 2024-10) Mihiretu Desalegn; Henock Mulugeta (PhD)Nowadays, the rapid development of information technology and digitalization has posed a significant challenge to organizations by expanding the attack surface for sophisticated cyber threats. An ordinary security solution by organizations such as end point detection systems, intrusion detection systems, and security information and event management systems are no longer sufficient to address the complexity of these cyber threats. Collaborative approaches for collective cyber defense through sharing threat information is crucial for organizations to proactively defend against the increasing number and complexity of security incidents in the rapidly evolving cyber threat landscape. To improve the current poor culture of collaboration in threat information sharing among stakeholders in Ethiopia, this research proposes an innovative national collaborative threat information sharing framework. This framework includes three essential components: (1) a collaboration structure employing a hybrid CTI (cyber threat information) sharing model that integrates both peer to peer and hub and spoke models to optimize information sharing among stakeholders; (2) a collaboration process inspired by the intelligence lifecycle and aligned with the NIST (National Institute of Standards and Technology) Cybersecurity Framework for efficient threat information sharing; and (3) a collaboration governance component addressing key CTI sharing governance concerns, including legal and regulatory compliance, privacy and security protocols, partnership strategies, training and awareness initiatives, and trust-building measures. This framework is developed with the specific context and legal landscape of Ethiopia, with the aim of ensuring the effectiveness of CTI sharing.Item Efficient Computation of Collatz Sequence Stopping Times: A Machine Learning Guided Algorithmic Approach(Addis Ababa University, 2025-10) Eyob Solomon; Beakal Gizachew (PhD)The Collatz conjecture, first proposed in 1937, remains one of the most iconic unsolved problems in mathematics. It concerns sequences generated by repeatedly applying a simple iterative rule: halving even numbers and mapping odd numbers to 3n + 1. The conjecture asserts that every natural number, when subjected to this process, eventually reaches the number 1. Although deceptively straightforward, the problem has resisted proof for nearly nine decades despite extensive computational verification. This thesis introduces a novel machine-learning-guided, structure-aware algorithm for computing Collatz stopping times. By analyzing statistical patterns and hierarchical regularities identified through regression and clustering experiments, the algorithm exploits the inverse Collatz tree to bypass redundant even paths and minimize repetitive computation. The resulting method achieves a consistent 28% reduction in iteration count relative to state-of-the-art algorithms, and an average execution-time improvement of about 57%. Building on this foundation, the algorithmic concept was further adapted into a novel Collatz-based regularization framework for deep learning. The approach introduces a bounded, deterministic penalty derived from the stopping time of the mean absolute model weights and applies it as a norm-like term in the loss function. When evaluated across image (CNN), tabular (FCNN), and timeseries (RNN) benchmarks, the proposed regularizer achieved stable and superior or comparable performance under varying regularization strengths—maintaining convergence where conventional ℓ1, ℓ2, and Elastic Net penalties degraded significantly at higher strengths. Overall, the findings demonstrate that integrating machine learning insights into algorithmic design can yield substantial computational efficiency, and that deterministic number-theoretic dynamics can serve as a robust, mathematically interpretable regularization mechanism for modern neural networks.Item A Multimodal Security Information and Event Management Solution Empowered by Deep Learning and Alert Fusion(Addis Ababa University, 2024-11) Behailu Adugna; Sileshi Demisie (PhD)The cybersecurity threat landscape is marked by a growing number of increasingly complex and sophisticated attacks affecting organizations across various sectors. In response, solutions like SIEM systems are essential for providing centralized threat detection, real-time analysis, and compliance support, making them integral to modern cybersecurity strategies. One of the reasons for this is that SIEM solutions collect and aggregate log data from across an organization's IT infrastructure, providing a single pane of glass for monitoring security events. And this centralized approach is essential for identifying threats that span multiple systems and environments, identifying indicative patterns of attacks such as privilege escalation and polymorphic malware, helping proactively identify signs of unusual data accesses or exfiltration before significant damage occurs. Furthermore, SIEM solutions support compliance by maintaining detailed audit logs and providing preconfigured reporting tools. However, SIEM systems usually encounter significant challenges in effectively identifying and responding to sophisticated cyberattacks. Since they rely heavily on predefined rules, even if complex correlations, and signatures, they struggle to adapt to novel attack techniques that do not match the predefined patterns. They often lack sophisticated analytics capabilities such as deep learning and behavioral analysis, which deprives them of the effectiveness at detecting advanced threats. Furthermore, they frequently produce an overwhelming volume of alerts, many of which are irrelevant or false positives. This leads to alert fatigue, causing cybersecurity analysts to become desensitized to alerts and increase the risk of overlooking critical incidents. This research proposes a multimodal architecture of SIEM designed to overcome current limitations in threat detection by integrating diverse data sources, including network traffic and event logs. The solution utilizes advanced neural networks to analyze intricate relationships within network connection features and their temporal dependencies. By further employing alert fusion, it creates a melting-pot for alerts from different sources that can provide a more comprehensive and complementary understanding of potential threats that can address the issue of false positives.Item Attribution Methods for Explainability of Predictive and Deep Generative Diffusion Models(Addis Ababa University, 2025-06) Debela Desalegen; Beakal Gizachew (PhD)As machine learning models grow in complexity and their deployment in high-stakes domains becomes more common, the demand for transparent and faithful explainability methods has become increasingly urgent. However, most existing attribution techniques remain fragmented, targeting either predictive or generative models, and lack a hybrid approach that offers coherent interpretability across both domains. While predictive modeling faces challenges such as faithfulness, sparsity, stability, and reliability, generative diffusion models introduce additional complexity due to their temporal dynamics, tokento- region interactions, and diverse architectural designs. This work presents a hybrid attribution method designed to improve explainability for both predictive black-box models and generative diffusion models. We propose two novel methods: FIFA (Firefly-Inspired Feature Attribution), an optimization-based approach for sparse and faithful attribution in tabular models; and DiffuSAGE (Diffusion Shapley Attribution with Gradient Explanations), a temporally and spatially grounded method that attributes generated image content to individual prompt tokens using Aumann-Shapley values, Integrated Gradients, and cross-attention maps. FIFA applied to the Random Forest, XGBoost, CatBoost, and TabNet models in three benchmark datasets: Adult Income, Breast Cancer, and Diabetes, outperforming SHAP and LIME in key metrics: +6.24% sparsity, +9.15% Insertion AUC,-8.65% Deletion AUC, and +75% stability. DiffuSAGE evaluated on Stable Diffusion v1.5 trained on the LAION-5B dataset, yielding a 12.4% improvement in Insertion AUC and a 9.1% reduction in Deletion AUC compared to DF-RISE and DF-CAM. A qualitative user study further validated DiffuSAGE’s alignment with human perception. Overall, these contributions establish the first hybrid attribution methods for both predictive and\ generative models, addressing fundamental limitations in current XAI approaches and enabling more interpretable, robust, and human-aligned AI systems.Item Optimizing Intrusion Detection Systems with Ensemble Deep Learning: A Comparative Study of RNN and LSTM Architectures(Addis Ababa University, 2024-10) Admasu Awash; Henock Mulugeta (PhD)Nowadays, due to the complexity and severity of security attacks on computer networks attackers can launch a variety of attacks against organizational networks using a variety of methods in order to access, modify, or delete crucial data. The rise in cyberattacks has made it necessary to create reliable and effective intrusion detection systems (IDS) that can instantly recognize malicious activity. IDS, which can automatically and quickly detect and categorize cyberattacks at host and network levels, has made substantial use of machine learning techniques. Although ML techniques like K Nearest Neighbor and Support Vector Machines have been used to building IDSs, those systems still have a high false alarm rate and poor accuracy. Many security researchers are integrating different machine learning approaches to protect the data and reputation of the organizations. Deep learning algorithms have emerged as a forceful instrument in this field and these can detect with better precision than conventional techniques. Recently, Deep learning has become more well-known in network-based intrusion detection systems, enhancing their efficiency in safeguarding hosts and computer networks. In the field of deep learning, ensemble learning has appeared as a potent method that improves the performance of single models by combining several of them. The present study employed two architectures of recurrent neural networks (RNNs), namely simple recurrent neural networks and long shortterm memory (LSTM), in order to investigate the possible applicability of ensemble learning in intrusion detection systems (IDS). RNNs are suited for predicting sequential data in IDS by identifying temporal relations in network traffic. LSTMs, which are a kind of RNN, can deal with long-term dependencies well and help avoid vanishing gradient problem that is important in identifying complicated intrusion model.The performance of designed model and the IDS were evaluated using LITNET2020 publicly available dataset under performance evaluation metrics. In multiclass classification the ensemble model fared better than LSTM, yielding accuracy and precious 99.981% and 99.965%, respectively, whereas LSTM provided accuracy and precious of 99.638% and 99.451 %, respectively. Additionally, the suggested ensemble approach produced superior in multi-classification results for the various types of intrusions.Item A Cyber Insurance Framework for Ethiopia: Key Components and Recommendations(Addis Ababa University, 2024-11) Ephrem Baheru; Sileshi Demesie (PhD)The exponential rise in cyber threats such as ransomware, identity theft, and other forms of cybercrime has driven many organizations to seek cyber insurance as an extra layer of protection. Cyber insurance has emerged as a means of mitigating residual risks that remain after implementing various cyber risk mitigation strategies. Cyber-attacks in Ethiopia have been rising steadily each year, driven by a surge in digital transformation initiatives across various sectors, including government, financial institutes, and other critical infrastructure. This highlights the urgent need for cyber insurance services in the country, as it could help organizations manage financial losses and recover more effectively from cyber incidents. This study reveals that no insurance provider in the country currently offers cyber insurance services. This research envisioned promoting cyber insurance practice in Ethiopia by developing a cyber insurance framework that could be used by public and private organizations. To develop the framework, data was collected through a face-to-face interview with insurers, potential insureds, and regulatory bodies, and the data was analyzed using a qualitative approach. We also studied global best practices and trends in cyber insurance. The framework is designed to help Ethiopian organizations manage cyber risks and effectively recover from cyber incidents and reputational damage. The framework includes key components such as stakeholder engagement, insurance coverage, risk assessment and underwriting, premium calculation, risk mitigation and loss prevention, incident response and claims process, regulatory compliance, awareness and education, review and iteration, collaboration, and information sharing. A case study is used to demonstrate how a company successfully implemented the cybersecurity framework.Item Cybersecurity Governance Framework for Ethiopian National Identification Program(Addis Ababa University, 2025-06) Selwa Nurye; Henock Mulugeta (PhD)Ethiopia launched its digital transformation strategy, Digital Ethiopia 2025, in 2020 to build a sustainable digital economy. One of the key priorities of this strategy is to implement digital identification for all citizens and residents. Digitalizing government services and businesses requires a secure, electronic representation of individuals and entities, proving their identity and reliability during transactions or interactions, both online and in person. However, the increasing interconnectivity of the digital world poses ongoing cybersecurity challenges. Digital IDs, while crucial to enabling the digital economy, are vulnerable to the same cyber risks that affect other widely used digital technologies. Although global efforts to develop national digital identity systems aim to enhance security and convenience, they also face significant technical, ethical, and security challenges. These systems are vital for achieving the Sustainable Development Goals (SDGs), but they often grapple with issues such as privacy, data management, enrollment processes, and costs. As a result, effective cybersecurity governance is essential. The cybersecurity governance activities of the body responsible for overseeing these programs must align closely with the strategy’s objectives. This study employed a qualitative research methodology, including in-depth interviews and document analysis, to collect the necessary data. Thematic data analysis was used to process the data, leading to conclusions from which recommendations were derived. Based on the findings and insights from reviewed literatures, we developed a cybersecurity governance framework that was validated through hypothetical cyber incident scenarios to show that the proposed framework mitigate those incidents. Besides, key performance indicators were prepared to assess the effectiveness of the framework in real-world scenarios.Item Assessing Cybersecurity Readiness in Ethiopia Fintech Sector(Addis Ababa University, 2024-10) Teklehymanot Meheret; Elefelious Getachew (PhD)Ethiopian fintech sector brought a significant transformation on the financial transaction and payment instrument business. This change however poses concerns on various stakeholders that the country’s ability to protect the business and to mitigate the risks caused by bad actors to exploited the vulnerability. The research aim to investigate the cybersecurity readiness and preparedness of fintech and also how their practice is met the international standard through answering three research questions.Regulators and fintech companies the major stakeholders this study utilized the proposes of got the relevant information. The research identified governance, resilience and competency as a core variable to evaluates the readiness of the sector which is very much mapped with the international standard including NIST CSF, ISO/IEC 27001 and FFIEC. The study also prepared two separates the questionnaires to address the two participants current cybersecurity practice. The collected data analyzed and observed that there is clear gap and lack of readiness. The sector lacks comprehensive framework that meet the international standard according to the research findings. There was limited practice of the backup, business continuity plan and an incident response plan which impact the resilience of the sector. The other challenge this research identified was inadequate skilled cybersecurity experts and awareness level that impacted the competency of fintech ecosystem to enhance the awareness level as well as creating cybersecurity culture. The research developed a cybersecurity assessment framework that help the sector to protect their critical assets through a proper evaluation and assessment their risk and weakness. The proposed framework subjected to went through a validation process to make sure the framework relevance to the challenged identified in the research and met the basic global standard. The research concludes with valuable recommendations and consideration to enhance cybersecurity practice, collaboration and developed tailored cybersecurity framework for continuous improvement..Item Cybersecurity Maturity Assessment Framework: The Case of Ethiopian Banks(Addis Ababa University, 2024-10) Yafet Ashebir; Elefelious Getachew (PhD)As the banking sector becomes a key player in globalized cyberspace with increasing reliance on digital services, it is prone to a wide range of emerging cybersecurity risks. As cybersecurity can only be achieved through a well-organized set of controls; existing cybersecurity maturity frameworks, while comprehensive and vague, fail to address the unique cybersecurity challenges faced by Ethiopian banks. The literature review discovered that no study has proposed a cybersecurity maturity assessment framework for the Ethiopian banking sector. This study aims to propose a customized framework by reviewing multiple cybersecurity maturity assessment frameworks to identify their weaknesses and strengths. After a thorough assessment, we have identified the major limitations of the existing frameworks and they are not easy to understand, expensive to implement, require intensive and equipped human resources, and are not tailored to the banking sectors to fix operational challenges. Moreover, to assess existing cybersecurity maturity frameworks in banks, data was collected from 9 selected governmental and private banks, and a thematic analysis approach was utilized for the qualitative data collected. As the findings reveal, all selected banks don’t have a proper cybersecurity maturity assessment framework as well as improper adoption of international standards. To address identified weaknesses, a customized cybersecurity maturity assessment framework is proposed to enable banks to identify their security posture and manage their security risks. The proposed framework comprises various components such as regulatory requirements, personal data protection, supply chain security, awareness and culture development, cyber governance, cyber risk management, business continuity and disaster recovery, incident response plan, information sharing, and collaboration, and incorporates international best practices like General Data Protection Regulation (GDPR). To evaluate the framework expert review has been done as the framework contributes to both academic literature and industry practice by providing a customized framework for banks to assess and improve their cybersecurity maturity.Item Ensemble Learning with Attention and Audio for Robust Video Classification(Addis Ababa University, 2025-06) Dereje Tadesse; Beakal Gizachew (PhD)The classification of video scenes is a fundamental task for many applications, such as content recommendation, indexing, and monitoring broadcasts. Current methods often depend on annotation-dependent object detection models, restricting their generalizability when working with different types of broadcast content, particularly cases where visual clues like logos or brands may not have clear definition or presence. This thesis is intended to address the problems associated with current methods through describing a two-stage classification framework that integrates both recognized and unheard information to improve accuracy and robustness of classification. The first stage utilizes a detection model based on pretrained models of object detection and enhanced spatial attention to detect physical visual markers (such as program logo or branded intro sequences) in video program content. However, individual visual indicators are sometimes not robust enough to add confidence, especially in content such as situational comedies where logos do not exist. The second stage describes a twostaged, early fusion ensemble presentation of convolutional neural network-based visual features and recurrent neural network-based audio features. The two modes each use some complementary properties, thus could be used for more robust classification. Experiments were completed with a dataset of approximately 19 hours of content from 13 TV programs across three channels, all focused on intro, credit, and outro segments. The visual-only model achieved 96.83% accuracy, while the audio-only model achieved 90.91%. The proposed early fusion ensemble method achieved 94.13% accuracy and revealed more robustness in difficult situations when quality of visual data was low or ambiguous. Ablation studies contrasting model performance with different ensemble methods confirmed the greater utility of early fusion and its capturing of cross-modal interactions. The system is also designed to be computationally efficient allowing for operationalization in broadcast media settings. This work, while also demonstrating methodical video classification ability, fills a significant gap for scalable and generalizable video classification through the integration of multimodal learning, especially with large amounts of uncontrollable annotations which has previously been a hurdle to more typical models.Item Ensemble Learning with Attention and Audio for Robust Video Classification(Addis Ababa University, 2025-06) Dereje Tadesse; Beakal Gizachew (PhD)The classification of video scenes is a fundamental task for many applications, such as content recommendation, indexing, and monitoring broadcasts. Current methods often depend on annotation-dependent object detection models, restricting their generalizability when working with different types of broadcast content, particularly cases where visual clues like logos or brands may not have clear definition or presence. This thesis is intended to address the problems associated with current methods through describing a two-stage classification framework that integrates both recognized and unheard information to improve accuracy and robustness of classification. The first stage utilizes a detection model based on pretrained models of object detection and enhanced spatial attention to detect physical visual markers (such as program logo or branded intro sequences) in video program content. However, individual visual indicators are sometimes not robust enough to add confidence, especially in content such as situational comedies where logos do not exist. The second stage describes a twostaged, early fusion ensemble presentation of convolutional neural network-based visual features and recurrent neural network-based audio features. The two modes each use some complementary properties, thus could be used for more robust classification. Experiments were completed with a dataset of approximately 19 hours of content from 13 TV programs across three channels, all focused on intro, credit, and outro segments. The visual-only model achieved 96.83% accuracy, while the audio-only model achieved 90.91%. The proposed early fusion ensemble method achieved 94.13% accuracy and revealed more robustness in difficult situations when quality of visual data was low or ambiguous. Ablation studies contrasting model performance with different ensemble methods confirmed the greater utility of early fusion and its capturing of cross-modal interactions. The system is also designed to be computationally efficient allowing for operationalization in broadcast media settings. This work, while also demonstrating methodical video classification ability, fills a significant gap for scalable and generalizable video classification through the integration of multimodal learning, especially with large amounts of uncontrollable annotations which has previously been a hurdle to more typical models.Item Identification and Classification of Illegal Dark Web Activities in East Africa Region(Addis Ababa University, 2024-08) Tariku Eshetu; Fitsum Assamnew (PhD)Online criminal activity manifests in various forms across the Surface, Deep, and Dark Web layers of the Internet. The darknet environment is notorious for various illegal activities, including financial crimes, hacking, recruitment for terrorism and extremism, child pornography, human organ trafficking, drug trafficking, and illegal arms trading. Law enforcement faces significant challenges in identifying specific criminal websites due to the ineffectiveness of traditional investigative techniques. In East Africa, the growth of technology has created economic and social opportunities, but it has also led to increased internet penetration and connectivity, making the region an attractive target for cybercriminals. Compounding the issue are the insufficient readiness of security organizations and a lack of user awareness, which further facilitate cybercrime. This thesis investigates the landscape of cybercrime on the Dark Web, focusing specifically on East African Internet Protocol (IP) address spaces, an area that has been largely under-researched in the existing literature. This research seeks to address a pronounced gap in knowledge regarding the types of illegal activities and associated protocols on the Dark Web, particularly given existing studies’ inadequacies in contextualizing research within East African socio-political frameworks. The research pivots around two key questions: (1) What types of protocols operate through the Dark Web in East African IP address spaces? and (2) What illegal activities are conducted through these protocols? The objectives of this study are multifaceted, aiming to develop a robust methodology for data collection and analysis from Tor exit nodes within the East African, classify the prevalent communication protocols, and categorize the diverse illegal activities identified. Through thorough examination of Tor network traffic, the study reveals crucial patterns, including a dominance of TCP and TLS protocols, smaller percentages using other protocols such as DATA, Bitcoin, HTTP, DNS, and SSH and with illicit activities significantly associated with drug, violence, and software piracy. The findings underscore the pressing need for tailored law enforcement strategies, informed policymaking, and collaborative regional approaches to manage the escalating threats. By innovatively integrating advanced data analytics techniques and multithreaded computing, this thesis provides a unique framework for ongoing cybercrime analysis, enhancing situational awareness for stakeholders and facilitating more effective monitoring of the Dark Web. The implications of this research extend beyond academic inquiry; it offers practical resources for law enforcement agencies, policymakers, and researchers in mitigating cyber threats, thereby contributing to a safer digital environment in East Africa.Item Deep Learning-Based Amharic Keyword Extraction for Open-Source Intelligence Analysis(Addis Ababa Univeristy, 2025-06) Alemayehu Gutema; Henok Mulugeta (PhD)In today's digital age, the problem of information overload has become a pressing concern, especially in the field of OSINT (Open-Source Intelligence). With vast amounts of data available on the internet, it is challenging to separate relevant and credible information from the noise. An OSINT approach involves gathering intelligence from publicly available sources. However, with the increasing volume and diversity of online content, it has become difficult to extract actionable intelligence from enormous amounts of data. Deep learning can help identify patterns in large amounts of data and automate decision-making processes. Despite these advances, a problem of information overload still exists. One approach to addressing this problem is to develop effective deep learning model to extract the relevant information. Leveraging both machine and deep learning algorithms with natural language processing (NLP) can help automatically classify and categorize information. The purpose of this study is to design deep learning model to extract intelligence from vast amount of Amharic dataset, aiming to design model for keyword extraction. Keyword extraction is the process of identifying important words or phrases that capture the essence of a given piece of text. This task is critical for many natural language processing applications, including document summarization, information retrieval, and search engine optimization. In recent years, deep learning algorithms have shown great promise in this field, largely due to their ability to learn from vast amounts of data and extract complex patterns. In this paper, we propose a novel keyword extraction approach based on deep learning methods. We will explore different algorithms, such as recurrent neural networks (RNNs) and transformer models, to learn the relevant features from the input text and predict the most salient keywords. We evaluate our proposed method on datasets containing Amharic content, and show that it outperforms state-of-the-art methods. Our results suggest that deep learning-based approaches have the potential to significantly improve keyword extraction accuracy and scalability in realworld application.Item Multimodal Unified Bidirectional Cross-Modal Audio-Visual Saliency Prediction(Addis Ababa University, 2025-06) Tadele Melesse; Natnael Argaw (PhD); Beakal Gizachew (PhD)Human attention in dynamic environments is inherently multimodal and is shaped by the interplay of auditory and visual cues. Although existing saliency prediction methods predominantly focus on visual semantics, they neglect audio as a critical modulator of gaze behavior. Recent audiovisual approaches attempt to address this gap but remain limited by temporal misalignment between modalities and inadequate retention of spatio-temporal information, which is key to resolving both the location and timing of salient events, ultimately yielding suboptimal performance. Inspired by recent breakthroughs in cross-attention transformers with convolutions for joint global-local representation learning and conditional denoising diffusion models for progressive refinement, we introduce a novel multimodal framework for bidirectional efficient audiovisual saliency prediction. It employs dual-stream encoders to process video and audio independently, coupled with separate efficient cross-modal attention pathways that model mutual modality influence: One pathway aligns visual features with audio features, while the other adjusts audio embeddings to visual semantics. Critically, these pathways converge into a unified latent space, ensuring coherent alignment of transient audiovisual events through iterative feature fusion. To preserve finegrained details, residual connections propagate multiscale features across stages. For saliency generation, a conditional diffusion decoder iteratively denoises a noise-corrupted ground truth map, conditioned at each timestep on the fused audiovisual features through a hierarchical decoder that enforces spatio-temporal coherence via multiscale refinement. Extensive experiments demonstrate that our model outperforms state of the art methods, achieving individual improvements of up to 11.52% (CC), 20.04% (SIM), and 3.79% (NSS) across evaluation metrics over DiffSal on the AVAD datasetItem A Structured Framework for Email Forensic Investigations(Addis Ababa University, 2025) Biruk Bekele; Henok Mulugeta (PhD)Email forensics investigations become vital regarding legal, cybersecurity, and corporate challenges. However, most of the existing frameworks are suffering from inefficiency problems, data integrity, and handling such diverse data sources with complexity, considering encrypted emails and metadata. This thesis applied the Design Science Methodology to develop a structured framework that enhanced efficiency and effectiveness in email forensic investigations. These specifically deal with data quality, diversity in data management, and integrity of evidence. Among others, one key component is case management, which systemizes and keeps track of the investigation from the very outset to the last step in an appropriate manner and ensures each step is conducted methodically. The framework comprises key phases: case management, governance, identification, preservation, classification, analysis, presentation and compliance that address critical challenges such as ensuring data quality, managing diverse data sources, and maintaining evidence integrity. Case management forms the core part of the proposed framework for organizing, tracking the investigation process from start to finish in order ensuring that evidence is handled properly, and all phases are executed in a systematic manner. It integrates open-source tools, case studies of different varieties, and best practices to be relevant to different real-world scenarios. The effectiveness of the artifact can also be demonstrated in practical application, performance being measured in terms of speed of investigation, data quality, accuracy, and user satisfaction, among other metrics. This research underscores that the suggested framework decreases the time of investigation, reduces the rate of errors, increases the quality of data management, and guarantees the effective access of various data sources. This thesis contributes on both practical and theoretical levels, guiding practitioners and researchers comprehensively in the area of digital forensics to bring current email forensic investigations into a more efficient, accountable, and adaptable condition.Item Cybersecurity Incident Management Framework for Smart Grid Systems in Ethiopia(Addis Ababa University, 2024-06) Getinet Admassu; Henock Mulugeta (ጵህD)Merging OT and IT into smart grid systems brought along new advantages. Smart grids will be able to use this amalgamation to manage energy generation and transmission with minimal loss of energy, a factor that results in high efficiency. Besides that, integrating IT and OT into the smart grid presents real-time infrastructure management monitoring. On the other hand, this digital change subjected smart grids to many cybersecurity threats. This will be achieved by developing and implementing stable cybersecurity incident management systems to secure key infrastructures. Based on evidence from existing literature and expert judgments, this paper enumerates the principal challenges power utilities face in managing cybersecurity incidents. Then, it outlines a comprehensive cybersecurity incident management framework. This framework will, hence, enable power utilities to take on an active role and deal with relevant powers regarding cybersecurity incidents. Also, the model ensures that cybersecurity, concerning all strategic, engineering, procurement, construction, and operational aspects and involving all parties and resources concerned, is put together systematically. The underlying design science qualitative approach facilitated the development of this framework. It organizes sophisticated threat detection techniques and counter-threat strategies and correlates with Risk Management, Threat Analysis, Security Controls, Operational Models, and Management. They also involve real-time network traffic and system log monitoring, anomaly detection algorithms, intrusion detection, and prevention systems. Power utilities will significantly improve the ability to effectively detect and respond to cybersecurity-related events. The following threat scenarios, including organized DDoS and ransomware attacks as a taxonomy against the various components of the proposed framework, show how these smart grid technologies mentioned above can be used to develop effective solutions in response to cyber security incidents. It is indeed a systematic framework; it gives good advice. The recommendations will target particular challenge areas within the electric power industry and underpin its cybersecurity posture, with a view that our critical energy infrastructure will be reliable and capable of being counted upon in grace. This research encourages sustainable development and social welfare by resilience in cybersecurity for smart grid systems.Item Framework for PKI Implementation: Optimizing Project Management in Ethiopia(Addis Ababa University, 2024-09) Binyam Ayele; Henock Mulugeta (PhD)In today's increasingly digital world, the security of online communications and transactions is paramount. Public Key Infrastructure (PKI) has emerged as a cornerstone technology for ensuring secure, authenticated, and confidential digital interactions. However, the implementation of PKI projects remains challenging due to its inherent complexities, including certificate management, key distribution, and system integration, National legal framework contradictions & Limitations, lack of interoperability. The lack of a standardized implementation framework further exacerbates these challenges, leading to inconsistent and often flawed deployments that fail to leverage the full potential of PKI. This study investigates the importance of optimizing a PKI Project implementation framework that support the establishment of a national or organizational PKI project at national or organizational level by developing a comprehensive framework that mitigate PKI project implementation challenges. The study seeks to address the critical need for a comprehensive PKI Project Implementation Framework that can guide organizations in navigating the complexities of PKI deployment. The problem under investigation is the absence of standardized and generic framework and best practices for PKI implementation, which has resulted in varied levels of security and effectiveness across different sectors. The study aims to develop a framework that is adaptable to diverse organizational contexts, ensuring that PKI systems are implemented in a manner that is both secure and scalable. To achieve this goal, a systematic literature review (SLR) methodology will be employed as the primary research method. The SLR will systematically identify, evaluate, and synthesize existing research on PKI implementation, focusing on the challenges, best practices, and potential solutions proposed in the literature. By analyzing a wide range of studies, the SLR will provide a comprehensive understanding of the current state of PKI implementation and identify gaps that the proposed framework can address. This method will ensure a rigorous and evidence-based approach to the development of the PKI Project Implementation Framework. This research focused on developing a PKI implementation framework that assist PKI project management. A case study and Key Performance Indictor (KPI) is incorporated to evaluate the proposed framework. As a direct outcome of this study, stakeholders who have plans to implement PKI within Ethiopia or other country will obtain a proactive understanding of potential implementation considerations that should be taken.