Intrusion detection

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

Submitted by Vinod Yegneswaran on Wed, 10/25/2017 - 3:34pm

The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

Submitted by V. Venkatakrishnan on Wed, 10/25/2017 - 3:31pm

The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: Identifying and Mitigating Trust Violations in the Smartphone Ecosystem

Submitted by Yan Chen on Wed, 10/25/2017 - 3:29pm

The adoption of smartphones has steadily increased in the past few years, and smartphones have become the tool with which millions of users handle confidential information, such as financial and health-related data. As a result, these devices have become attractive targets for cybercriminals, who attempt to violate the trust assumptions underlying the smartphone platform in order to compromise the security and privacy of users.

group_project

Visible to the public TWC: TTP Option: Large: Collaborative: Towards a Science of Censorship Resistance

Submitted by Vern Paxson on Wed, 10/25/2017 - 3:25pm

The proliferation and increasing sophistication of censorship warrants continuing efforts to develop tools to evade it. Yet, designing effective mechanisms for censorship resistance ultimately depends on accurate models of the capabilities of censors, as well as how those capabilities will likely evolve. In contrast to more established disciplines within security, censorship resistance is relatively nascent, not yet having solid foundations for understanding censor capabilities or evaluating the effectiveness of evasion technologies.

group_project

Visible to the public TWC: Small: Hardware Security for Embedded Computing Systems

Submitted by Tilman Wolf on Wed, 10/25/2017 - 10:51am

Embedded processing systems are widely used in many devices and systems that are essential for daily life. These embedded systems are increasingly connected to networks for control and data access, which also exposes them to remotely launched malicious attacks. It is of paramount importance to develop embedded processing systems that are hardened to withstand these remote attacks while continuing to operate effectively.

group_project

Visible to the public TWC: Small: Exposing Attack Vectors and Identifying Defense Solutions for Data Cellular Networks

Submitted by Zhuoqing Mao on Wed, 10/25/2017 - 10:45am

This project addresses several key emerging security challenges that arise due to the wildly successful large-scale adoption of mobile devices with diverse network capabilities. The novel approach focuses on to understanding how various information that are legitimately and willingly provided by smartphone users due to the requested permissions of downloaded applications can be potentially abused. The second research focus is to identify improvements in the design of cellular network middlebox (e.g., firewall) policies by detailed exposure and explicitly defining the key requirements.

group_project

Visible to the public TWC: Small: Behavior-Based Zero-Day Intrusion Detection for Real-Time Cyber-Physical Systems

Submitted by Sibin Mohan on Wed, 10/25/2017 - 8:15am

Cyber-Physical Systems (CPS) have distinct cyber and physical components that must work cohesively with each other to ensure correct operation. Examples include automobiles, power plants, avionics systems, and home automation systems. Traditionally such systems were isolated from external accesses and used proprietary components and protocols. Today that is not the case as CPS systems are increasingly networked. A failure to protect these systems from harm in cyber could result in significant physical harm.

group_project

Visible to the public  TWC: Small: Automatic Techniques for Evaluating and Hardening Machine Learning Classifiers in the Presence of Adversaries

Submitted by Yanjun Qi on Wed, 10/25/2017 - 8:09am

New security exploits emerge far faster than manual analysts can analyze them, driving growing interest in automated machine learning tools for computer security. Classifiers based on machine learning algorithms have shown promising results for many security tasks including malware classification and network intrusion detection, but classic machine learning algorithms are not designed to operate in the presence of adversaries.

group_project

Visible to the public TWC: Medium: Collaborative: Security and Privacy for Wearable and Continuous Sensing Platforms

Submitted by Serge Egelman on Wed, 10/25/2017 - 7:50am

This research project studies security and privacy for wearable devices. Wearable computing is poised to become widely deployed throughout society. These devices offer many benefits to end users in terms of realtime access to information and the augmentation of human memory, but they are also likely to introduce new and complex privacy and security problems. People who use wearable devices need assurances that their privacy will be respected, and we also need ways to minimize the potential for wearable devices to intrude on the privacy of bystanders and others.

group_project

Visible to the public TWC: Medium: Collaborative: Online Social Network Fraud and Attack Research and Identification

Submitted by Xintao Wu on Wed, 10/25/2017 - 7:02am

Online social networks (OSNs) face various forms of fraud and attacks, such as spam, denial of service, Sybil attacks, and viral marketing. In order to build trustworthy and secure OSNs, it has become critical to develop techniques to analyze and detect OSN fraud and attacks. Existing OSN security approaches usually target a specific type of OSN fraud or attack and often fall short of detecting more complex attacks such as collusive attacks that involve many fraudulent OSN accounts, or dynamic attacks that encompass multiple attack phases over time.