Home‎ > ‎

Current Projects

 Edit me! Brian
 NSF Metrics: Measuring Organizational Security Posture
  
 

 Symbiotic Embedded Machines
  
 Edit me! Yingbo
 HYDRA
  
 Edit me! Yingbo
 Privacy-Preserving, Synthetic Trace Generation
  

 Vulnerable Embedded Device Scan
  
 
Autosense builds on the previous STAND project to implement a functional prototype of multi-site collaboration of sensors to better detect attacks. Using privacy preserving data structures sensitive data is protected while attack data can be shared to leverage against the attackers. This builds on the STAND project, which extends the training phase of AD sensors (in a manner agnostic to the underlying AD algorithm) to include a sanitization phase. This phase combines what we call micro-models in a voting scheme to determine which parts of the training data may represent attacks.
   
 
 RUU is the insider project, which explores solutions to traitors and masqueraders within an organization.
The Project includes host side sensors, and active trapping technology to detect malicious insiders.
  
 Past Projects
 
  
  The BBNAC project proposes a behavior-based access control for wireless and wired networks. A user is granted access to a network based on its profile or typical behavior over time. We are studying the feasibility of representing a user profile by its content or by other non-content volumetric parameters. Previous worked studied how to implement thisd approach for Mobile Ad-Hoc Networks (MANETS).
   
 
Polymorphic malcode remains a troubling threat to the security community. The ability for malcode to be automatically transformed into semantically equivalent variants frustrates attempts to rapidly construct a single, simple, easily variable representation. We present a quantitative analysis of the strengths and limitations of shellcode polymorphism and consider its impact on current intrusion detection practice. We focus on the nature of shellcode decoding routines; the empirical evidence we gather helps show that modeling the class of self-modifying code is likely intractable by known methods, including both statistical constructs and string signatures.
   
   
 
The Secure Encrypted Search project aims to solve the following problems 

Privacy enhanced Search
  1. Searching an encrypted database without disclosing the contents of the query.
  2. Providing access to a querier only to those parts of the database relevant to the query.
Document matching 
Facilitating two agencies which have collections of documents to determine the set of documents common to their collections, without exchanging the documents.

Group Encrypted Bloom Filters are used to solve both the above problems in an efficient manner.