Intrusion detection

group_project

Visible to the public TWC: Small: Collaborative: Practical Hardware-Assisted Always-On Malware Detection

Submitted by Nael Abu-Ghazaleh on Tue, 10/10/2017 - 10:23am

The project explores building support for malware detection in hardware. Malware detection is challenging and resource intensive, as the number and sophistication of malware increases. The resource requirements for malware detection limit its use in practice, leaving malware unchecked on many systems. We use a low level hardware detector to identify malware as a computational anomaly using low level features such as hardware events, instruction mixes and memory address patterns.

group_project

Visible to the public TWC: Medium: Collaborative: Exposing and Mitigating Cross-Channel Attacks that Exploit the Convergence of Telephony and the Internet

Submitted by Mustaque Ahamad on Mon, 10/09/2017 - 4:09pm

Rapid advances in technology now enable simultaneous access to both telephony and Internet services from smart phone devices that people carry with them at all times. Although this convergence of telephony with the Internet offers many benefits, it also provides cyber criminals the ability to develop increasingly sophisticated attacks that combine resources from both the telephony and Internet channels.

group_project

Visible to the public CAREER: Exo-Core: An Architecture to Detect Malware as Computational Anomalies

Submitted by tiwari on Mon, 10/09/2017 - 3:36pm

Applications that run on billions of mobile devices backed by enormous datacenters hold the promise of personal, always-on healthcare; of intelligent vehicles and homes; and thus of a healthier, more efficient society. It is imperative to make such applications secure by protecting their integrity and keeping their data confidential. However, malicious programs (``malware'') today can subvert the best software-level defenses by impersonating benign processes on mobile devices or by attacking victim processes through the hardware on shared datacenter servers.

group_project

Visible to the public TWC: Small: Combating Environment-aware Malware

Submitted by Michail Polychron... on Mon, 10/09/2017 - 1:41pm

Tools for dynamic detection of malicious software ("malware"), such as antivirus software, often create a protected "analysis environment" (or "sandbox") in which to test suspicious software without risk to the computer system. Malware authors have responded by developing environment-awareness techniques, to enable their malware to recognize and behave differently in a sandbox environment, thereby evading detection. Authors of defense software are endeavoring to ensure that analysis environments exhibit realistic characteristics.

group_project

Visible to the public CRII: SaTC: Empirical and Analytical Models for the Deployment of Software Updates in Large Vulnerable Populations

Submitted by tdumitra on Mon, 10/09/2017 - 1:13pm

Software vulnerabilities are an important vector for malware delivery. The software updating mechanisms, responsible for deploying the vulnerability patches, are in a race with the cyber attackers seeking to exploit the vulnerabilities. Moreover, these updating mechanisms have multiple, potentially conflicting, design goals, as they must quickly deploy patches on millions of hosts worldwide, must not overburden the users, and must avoid breaking dependencies in the deployment environment.

group_project

Visible to the public TWC: Frontier: Collaborative: Rethinking Security in the Era of Cloud Computing

Submitted by reiter on Mon, 10/09/2017 - 11:29am

There are at least two key features of the move to cloud computing that introduce the opportunity for significant leaps forward in computer security for tenant services. First, a compute cloud provides a common software, hardware and management basis for rolling out cross-cutting services en masse that have resisted incremental deployment in a one-service-at-a-time fashion. Second, compute clouds offer providers a broad view of activity across an unprecedented diversity of tenant services.

group_project

Visible to the public TWC: Small: Physiological Information Leakage: A New Front on Health Information Security

Submitted by Niraj Jha on Thu, 08/17/2017 - 8:46pm

With the growing use of implantable and wearable medical devices, information security for such devices has become a major concern. Prior work in this area mostly focuses on attacks on the wireless communication channel among these devices and health data stored in online databases. The proposed work is a departure from this line of research and is motivated by acoustic and electromagnetic physiological information leakage from the medical devices. This type of information leakage can also directly occur from the human body, thus raising privacy concerns.