TWC

How does web-based malware spread? We use the term web-based malware to describe malware that is distributed through websites, and malicious posts in social networks. We are in an arms race against web-based malware distributors; and as in any war, knowledge is power. The more we know about them, the better we can defend ourselves. Our goal is to understand the dissemination of web-based malware by creating "MalScope", a suite of methods and tools that uses cutting-edge approaches to build spatiotemporal models, generators and sampling techniques for malware dissemination.

Today individuals and organizations leverage machine learning systems to adjust room temperature, provide recommendations, detect malware, predict earthquakes, forecast weather, maneuver vehicles, and turn Big Data into insights. Unfortunately, these systems are prone to a variety of malicious attacks with potentially disastrous consequences. For example, an attacker might trick an Intrusion Detection System into ignoring the warning signs of a future attack by injecting carefully crafted samples into the training set for the machine learning model (i.e., "polluting" the model).

Insider attacks present an extremely serious, pervasive and costly security problem under critical domains such as national defense and financial and banking sector. Accurate insider threat detection has proved to be a very challenging problem. This project explores detecting insider threats in a banking environment by analyzing database searches.

Most of the world's internet access occurs through mobile devices such as smart phones and tablets. While these devices are convenient, they also enable crimes that intersect the physical world and cyberspace. For example, a thief who steals a smartphone can gain access to a person?s sensitive email, or someone using a banking app on the train may reveal account numbers to someone looking over her shoulder. This research will study how, when, and where people use smartphones and the relationship between these usage patterns and the likelihood of being a victim of cybercrime.

Software development is a complex and manual process, in part because typical software programs contain more than hundreds of thousands lines of computer code. If software programmers fail to perform critical checks in that code, such as making sure a user is authorized to update an account, serious security compromises ensue. Indeed, vulnerable software is one of the leading causes of cyber security problems. Checking for security problems is very expensive because it requires examining computer code for security mistakes, and such a process requires significant manual effort.