About

Dalal Alharthi is an assistant professor of cybersecurity at the University of Arizona, holding a PhD in Computer Science from the University of California, Irvine. She has work experience in both academia and industry, including roles such as Cloud Security Engineer at Farmers Insurance, Resident Engineer at Palo Alto Networks, and Prisma Cloud Consultant at Dell. Her expertise encompasses a range of cybersecurity skills, including Cloud Computing (AWS, Azure, GCP), Cloud Security, Container Security, Automation, Network Security, Web Development/Security, Penetration Testing, Digital Forensics and Incident Response (DFIR), and cybersecurity strategy, standards, policies, and controls. She has been recognized with the Division of Teaching Excellence and Innovation Fellowship from UC Irvine and holds certifications such as CompTIA Security+ and AWS Solutions Architect. Her research interests focus on Cloud Security, Container Security, Penetration Testing, Digital Forensics and Incident Response, Human-Computer Interaction, Privacy, Cybersecurity Education, and Machine Learning. Additionally, she conducts research at the intersection of Cybersecurity with Public Administration, Business Administration, and Education.

Research topics

• Computer Security
• Computer Science
• Knowledge management
• Data science
• Business
• Data Mining
• Internet privacy

Selected publications

• Automating Cloud Security and Forensics Through a Secure-by-Design Generative AI Framework

  arXiv (Cornell University) · 2026-04-05

  preprintOpen access1st authorCorresponding

  As cloud environments become increasingly complex, cybersecurity and forensic investigations must evolve to meet emerging threats. Large Language Models (LLMs) have shown promise in automating log analysis and reasoning tasks, yet they remain vulnerable to prompt injection attacks and lack forensic rigor. To address these dual challenges, we propose a unified, secure-by-design GenAI framework that integrates PromptShield and the Cloud Investigation Automation Framework (CIAF). PromptShield proactively defends LLMs against adversarial prompts using ontology-driven validation that standardizes user inputs and mitigates manipulation. CIAF streamlines cloud forensic investigations through structured, ontology-based reasoning across all six phases of the forensic process. We evaluate our system on real-world datasets from AWS and Microsoft Azure, demonstrating substantial improvements in both LLM security and forensic accuracy. Experimental results show PromptShield boosts classification performance under attack conditions, achieving precision, recall, and F1 scores above 93%, while CIAF enhances ransomware detection accuracy in cloud logs using Likert-transformed performance features. Our integrated framework advances the automation, interpretability, and trustworthiness of cloud forensics and LLM-based systems, offering a scalable foundation for real-time, AI-driven incident response across diverse cloud infrastructures.

  PublisherDOI

• Automating Cloud Security and Forensics Through a Secure-by-Design Generative AI Framework

  arXiv (Cornell University) · 2026-04-05

  articleOpen access1st authorCorresponding

  As cloud environments become increasingly complex, cybersecurity and forensic investigations must evolve to meet emerging threats. Large Language Models (LLMs) have shown promise in automating log analysis and reasoning tasks, yet they remain vulnerable to prompt injection attacks and lack forensic rigor. To address these dual challenges, we propose a unified, secure-by-design GenAI framework that integrates PromptShield and the Cloud Investigation Automation Framework (CIAF). PromptShield proactively defends LLMs against adversarial prompts using ontology-driven validation that standardizes user inputs and mitigates manipulation. CIAF streamlines cloud forensic investigations through structured, ontology-based reasoning across all six phases of the forensic process. We evaluate our system on real-world datasets from AWS and Microsoft Azure, demonstrating substantial improvements in both LLM security and forensic accuracy. Experimental results show PromptShield boosts classification performance under attack conditions, achieving precision, recall, and F1 scores above 93%, while CIAF enhances ransomware detection accuracy in cloud logs using Likert-transformed performance features. Our integrated framework advances the automation, interpretability, and trustworthiness of cloud forensics and LLM-based systems, offering a scalable foundation for real-time, AI-driven incident response across diverse cloud infrastructures.

  PublisherOA PDF

• A Survey on Artificial Intelligence and Blockchain Clustering for Enhanced Security in 6G Wireless Networks

  Computers, materials & continua/Computers, materials & continua (Print) · 2025-01-01

  articleOpen access

  The advent of 6G wireless technology, which offers previously unattainable data rates, very low latency, and compatibility with a wide range of communication devices, promises to transform the networking environment completely. The 6G wireless proposals aim to expand wireless communication’s capabilities well beyond current levels. This technology is expected to revolutionize how we communicate, connect, and use the power of the digital world. However, maintaining secure and efficient data management becomes crucial as 6G networks grow in size and complexity. This study investigates blockchain clustering and artificial intelligence (AI) approaches to ensure a reliable and trustworthy communication in 6G. First, the mechanisms and protocols of blockchain clustering that provide a trusted and effective communication infrastructure for 6G networks are presented. Then, AI techniques for network security in 6G are studied. The integration of AI and blockchain to ensure energy efficiency in 6G networks is addressed. Next, this paper presents how the 6G’s speed and bandwidth enables AI and the easy management of virtualized systems. Using terahertz connections is sufficient to have virtualized systems move compute environments as well as data. For instance, a computing environment can follow potential security violations while leveraging AI. Such virtual machines can store their findings in blockchains. In 6G scenarios, case studies and real-world applications of AI-powered secure blockchain clustering are given. Moreover, challenges and promising future research opportunities are highlighted. These challenges and opportunities provide insights from the most recent developments and point to areas where AI and blockchain further ensure security and efficiency in 6G networks.

  PublisherDOI

• Semiconductor Manufacturing Industry: Assessment, Challenges, and Future Trends

  2025-02-09 · 2 citations

  article

  In this work we evaluate the state of the semiconductor manufacturing industry and its challenges and trends. Future trends in the industry are analyzed from three perspectives: the evolution of Industry 4.0, the advances in semiconductor materials, and the impact of the Covid-19 Pandemic. The semiconductor manufacturing industry witnessed an acute decline in the United States and other regions in the two decades prior to the CoVid-19 pandemic. The decline was only uncovered after the chip shortage of 2021 that resulted from the severe supply chain disruption. Trends in the industry were analyzed from three perspectives: Industry 4.0, advances in materials, and the Post-pandemic era. As a result of the evolution of the fourth generation of industry (Industry 4.0), trends in semiconductor manufacturing include robotization, which caused the industry to become the largest market for industrial robotics since 2020, and an all-time peak globalization. The semiconductor industry is a very globalized industry with corporates from different parts of the world taking part in the production of the final product. Although some materials such as carbon and Gallium Nitride show promising trends to replace silicon as the material of choice. It will likely not be before two or three decades when a semiconductor material will be able to replace silicon. Challenges for the industry include the shortage of the trained-workforce, and the added inter-country restrictions that may hinder the globalization of the industry.

  PublisherDOI

• LLM-Powered Automated Cloud Forensics: From Log Analysis to Investigation

  2025-07-07 · 2 citations

  article1st authorCorresponding

  Cloud forensics is a crucial yet challenging field, as traditional forensic techniques struggle to handle the large-scale, dynamic nature of cloud environments. Manual forensic analysis is time-consuming, error-prone, and often fails to detect evolving cyber threats. This paper presents a novel tool leveraging Large Language Models (LLMs) to fully automate cloud forensic investigations. Our approach utilizes few-shot learning to classify log data, extract forensic intelligence, and reconstruct attack timelines. We evaluate LLM-based automation against traditional machine learning models, including Random Forest, XGBoost, and Gradient Boosting, using cloud forensic log datasets. Experimental results demonstrate that LLMs improve forensic accuracy, precision, and recall while reducing the need for extensive feature engineering. However, challenges such as hallucination risks, adversarial manipulation, and forensic explainability must be addressed to ensure the reliability of AI-driven investigations. To mitigate these risks, we explore Retrieval-Augmented Generation (RAG) for context-aware forensic intelligence and propose hybrid AI models integrating rule-based forensic validation. Our findings highlight the potential of LLM-driven forensic automation to enhance cloud security operations while outlining key areas for future research, including adversarial robustness, forensic transparency, and multi-cloud scalability.

  PublisherDOI

• Cloud Investigation Automation Framework (CIAF): An AI-Driven Approach to Cloud Forensics

  ArXiv.org · 2025-10-01

  preprintOpen access1st authorCorresponding

  Large Language Models (LLMs) have gained prominence in domains including cloud security and forensics. Yet cloud forensic investigations still rely on manual analysis, making them time-consuming and error-prone. LLMs can mimic human reasoning, offering a pathway to automating cloud log analysis. To address this, we introduce the Cloud Investigation Automation Framework (CIAF), an ontology-driven framework that systematically investigates cloud forensic logs while improving efficiency and accuracy. CIAF standardizes user inputs through semantic validation, eliminating ambiguity and ensuring consistency in log interpretation. This not only enhances data quality but also provides investigators with reliable, standardized information for decision-making. To evaluate security and performance, we analyzed Microsoft Azure logs containing ransomware-related events. By simulating attacks and assessing CIAF's impact, results showed significant improvement in ransomware detection, achieving precision, recall, and F1 scores of 93 percent. CIAF's modular, adaptable design extends beyond ransomware, making it a robust solution for diverse cyberattacks. By laying the foundation for standardized forensic methodologies and informing future AI-driven automation, this work underscores the role of deterministic prompt engineering and ontology-based validation in enhancing cloud forensic investigations. These advancements improve cloud security while paving the way for efficient, automated forensic workflows.

  PublisherOA PDFDOI

• A Call to Action for a Secure-by-Design Generative AI Paradigm

  ArXiv.org · 2025-10-01

  preprintOpen access1st authorCorresponding

  Large language models have gained widespread prominence, yet their vulnerability to prompt injection and other adversarial attacks remains a critical concern. This paper argues for a security-by-design AI paradigm that proactively mitigates LLM vulnerabilities while enhancing performance. To achieve this, we introduce PromptShield, an ontology-driven framework that ensures deterministic and secure prompt interactions. It standardizes user inputs through semantic validation, eliminating ambiguity and mitigating adversarial manipulation. To assess PromptShield's security and performance capabilities, we conducted an experiment on an agent-based system to analyze cloud logs within Amazon Web Services (AWS), containing 493 distinct events related to malicious activities and anomalies. By simulating prompt injection attacks and assessing the impact of deploying PromptShield, our results demonstrate a significant improvement in model security and performance, achieving precision, recall, and F1 scores of approximately 94%. Notably, the ontology-based framework not only mitigates adversarial threats but also enhances the overall performance and reliability of the system. Furthermore, PromptShield's modular and adaptable design ensures its applicability beyond cloud security, making it a robust solution for safeguarding generative AI applications across various domains. By laying the groundwork for AI safety standards and informing future policy development, this work stimulates a crucial dialogue on the pivotal role of deterministic prompt engineering and ontology-based validation in ensuring the safe and responsible deployment of LLMs in high-stakes environments.

  PublisherOA PDFDOI

• A Zero-Trust Reinforcement Learning Policy for Mitigating Cyberattacks on Emergency Vehicle Preemption Systems

  2024-10-24

  article1st authorCorresponding

  There are more than $\mathbf{3 2 0, 0 0 0}$ traffic signals in the United States. A significant number of these signals are equipped with emergency vehicle preemption (EVP) systems, where each emergency vehicle (EV) interrupts pre-designed signal operation plans, causing a disruption in signal coordination. Recently, the difficulty of configuring EVP operations has been exacerbated by the potential for cybersecurity attacks that can spoof EVP calls or prevent actual calls from reaching the traffic controllers. It is, therefore, critically important to develop robust and efficient EVP systems that can detect cybersecurity attacks and operate the EVP system safely and optimally. This paper presents a novel application of Zero-Trust Architecture (ZTA) and methods that can lead to optimal EVP control. We use a digital twin of a transportation network to simulate the EVP operation and identify system vulnerabilities using the AnyLogic agent-based simulation platform. We simulate cybersecurity attacks for both normal traffic and connected automated vehicles (CAVs) scenarios and emulate the impact of activating an anomalydetection system to identify and remove false positive calls. In addition, we present a reinforcement learning (RL) algorithm to identify true negative cases and filter out spoofed EVs when applicable.

  PublisherDOI

• Comprehensive Cybersecurity Programs: Case-Study Analysis of a Four-Year Cybersecurity Program at a Secondary Education Institution

  Cybersecurity Pedagogy and Practice Journal · 2024-02-18 · 2 citations

  articleSenior author
  PublisherDOI

• Cloud Incident Response Framework and AI-Based Forensics Using Reinforcement Learning and Graph Neural Networks

  2024-10-24 · 1 citations

  article1st authorCorresponding

  In today’s digital landscape, cloud computing is crucial for modern enterprises, but it also introduces significant challenges in Digital Forensics and Incident Response (DFIR). This paper presents a Cloud Incident Response Framework, built on the NIST Incident Response Framework, that addresses the unique complexities of cloud environments. The proposed framework not only spans the four key IR phases - preparation; detection & analysis; containment, eradication, & recovery; and post-incident activities, but also introduces a detailed set of specific activities for each phase, which offers a comprehensive actionable guide tailored to the unique demands of cloud environments. The study employs a rigorous qualitative approach by incorporating insights from industry and academic participants, alongside an in-depth examination of a verity of articles to enhance cloud incident response and digital forensics. The study concludes by outlining the experimental setup for a novel AI-based cloud forensics mechanism that leverages a hybrid model of Reinforcement Learning (RL) and Graph Neural Networks (GNNs) to reduce the noise in cloud logs so practitioners can focus on investigating true positives. Preliminary results from initial tests have demonstrated a potential reduction in false positives by approximately 15-20%. The paper also highlights potential avenues for further research in this critical domain. By doing so, this paper contributes to our collective understanding of the complex panorama of cloud incident response. Testing and validating this framework along with the proposed AI-Cloud Forensics mechanism in real-world cloud environments would be essential to ensure their effectiveness in addressing the evolving challenges of cloud-based forensics and Incident Response.

  PublisherDOI

Frequent coauthors

• Paul Georg Wagner

  University of Arizona

  7 shared

• Amelia Regan

  University of Washington

  5 shared

• Mahmoud Hammad

  1 shared

• Jan Kleiner

  1 shared

• Ahmed Aleroud

  Augusta University

  1 shared

• Henry Collier

  Norwich University

  1 shared

• Charlotte Morton

  University of Chester

  1 shared

• Robert Honomichl

  1 shared

Education

• MS in Computer Science, Computer Science

  University of California, Irvine

  2018

Awards & honors

• Division of Teaching Excellence and Innovation (DTEI) Fellow…
• CompTIA Security+
• AWS Solutions Architect