Intrusion detection

The security of our software is critical for consumer confidence, the protection of privacy and valuable intellectual property, and of course national security. Because of our society's increased reliance on software, security breaches can lead to serious personal or corporate losses, and endanger the privacy, liberties, and even the lives of individuals. As threats to software security have become more sophisticated, so too have the techniques and analyses developed to improve it. Symbolic execution has emerged as a fundamental tool for security applications.

Malware, especially botnets, have become the main source of most attacks and malicious activities on Internet. Bots communicate with each other and Command & Control servers to coordinate their malicious activities. This project is developing new techniques and tools to detect malicious activities and botnets through analyzing their communication channels.

Software Defined Radio (SDR) technology has the flexibility of implementing a large part of physical layer functions in software. It is one of the major technologies that will provide broadband services to millions of US residences. However, unlike conventional radio whose RF signals are tightly regulated by FCC-certified hardware, the software components of SDR can be easily exploited by hackers to create a wide range of unauthorized waveforms to launch attacks on many security-critical wireless systems.

Security and privacy concerns in the increasingly interconnected world are receiving much attention from the research community, policymakers, and general public. However, much of the recent and on-going efforts concentrate on security of general-purpose computation and on privacy in communication and social interactions.

Heavy vehicles, such as trucks and buses, are part of the US critical infrastructure and carry out a significant portion of commercial and private business operations. Little effort has been invested in cyber security for these assets. If an adversary gains access to the vehicle's Controller Area Network (CAN), attacks can be launched that can affect critical vehicle electronic components. Traditionally, physical access to a heavy vehicle was required to access the CAN.