Student Projects Completed in 2021-2022

Spring 2022 Student Projects

  • Students: Sara Weill

    Faculty Mentor: Avi Rubin

    Research Advisor: Tushar Jois (Ph.D. Student)

    Abstract: The past two decades have seen a huge growth of Internet of Things (IoT) devices that have improved the lives of millions of people, easing the burden of everyday tasks and problems through innovative technology. One of the industries that has greatly benefited is the medical industry, where IoT medical devices such as diagnostic tools and implanted devices are becoming smarter, safer, and more effective. This is partially due to their network connection capabilities, which allow patients to minimize the length and frequency of appointments and hospital visits. Unfortunately, this increase in network connectivity also makes them vulnerable to a larger set of security threats. Many devices use Bluetooth Low Energy (BLE) for their wireless communication, due to BLE being extremely lightweight and low power. However, BLE is known to have several serious security vulnerabilities, largely due to its use of an insecure key exchange and encryption protocol. In order to address these vulnerabilities, the open source library Magpie was created to provide medical device developers with security functionality for secure communication that supports the security properties of confidentiality, integrity, and authenticity for their messages.

  • Students: Mohammed Khalid, Qi Qi, Rebekah Lo

    Faculty Mentors: Gregory Falco, Anton Dahbura, Thomas McGuire

    Abstract: Ransomware has grown to mutate into a formidable threat faced by individuals and organizations today. The advent of Ransomware as a Service (RaaS) has shifted the global threat landscape and obfuscated the location, motivation, and functionality of threat actors. For affected organizations afflicted with ransomware, there are these considerations: should a business cough up the funds demanded by the ransomware? What should cyber insurers assess when underwriting ransomware insurance? Importantly, what is the quintessential reason(s) that ransomware attackers would target certain businesses? For example, is there any substantive relationship between, say, age of a company and the amount of ransom it will pay? At the core of these hypotheticals is the question: are there any analytical steps that today’s organizations can take to minimize their exposure to ransomware attackers? This project utilizes a two-prong analysis utilizing automated and manual approaches to assess demographics of ransomware-afflicted organizations. First, we utilize Elasticsearch and Kibana’s machine learning features to ascertain the relationship between a ransomware scale and organizational characteristics. Second, we supplement this with linear regression data to analyze the same ransomware scale with slightly different features. Our findings include a best model of a multidimensional machine learning model predicting RansomScale using location, year, and strain as independent variables. Our linear regression’s best results utilize the cardinality of year, age, and local currency of an organization. Both analyses can help determine organizational characteristics that can be predictors of the cost of a ransomware attack. Given that this is an elementary study, we propose additional data canvassing and highlight practical policy recommendations based on several organizational demographics.

  • Students: Zhenyong He, Apoorv Gahlot, Zhifei Chen

    Faculty Mentor: Lanier Watkins

    Abstract: Given the recent trend in the increase in security breaches and in adversaries finding novel ways for infiltrating an organization and evading defensive mechanisms, such as SolarWinds Supply Chain Hack[24], calls for a need for more sophisticated defensive security controls by leveraging emerging technologies be developed to combat these threat agents. One such emerging technology that is trending yet not fully utilized in the information security space is Artificial Intelligence (AI). In this paper, we propose one such AI-based solution being deployed in the form of a game of Gomoku, also called five-in-a-row, being simulated between a human adversary and an AI autonomous bot warrior leveraging the Min-Max algorithm. We believe that Gomoku best captures the diversity & challenges present in a typical corporate network given its simple rules and complex winning strategies. In this game, the attacker will successfully make a move on the board if he is able to exploit a vulnerability, and the defender will make a move by trying to thwart the attacker from making additional moves by taking defensive measures. This project is also intended to serve as an educational security tool for training security students and up-and-coming security professionals in both red teaming and blue teaming aspects of cybersecurity. Finally, we have developed an experiment that tries to simulate a game of Gomoku between a human attacker and the Autonomous bot warrior.

  • Students: Jonathan Prokos

    Faculty Mentor: Matt Green

    Abstract: Online communication systems utilize perceptual hash matching (PHM) systems to detect illicit files over end-to-end encrypted (E2EE) channels. These systems utilize specialized hash functions (PHF) such as Microsoft’s PhotoDNA [33] or Facebook’s PDQ [11]. These functions produce a compact digest of an image file which is compared to a database of known illicit-content digests. Within E2EE systems, these functions operate client-side such that files which produce a digest marked as illicit are reported to the provider while non-illicit files are sent confidentially. This utilization of perceptual hashing is a significant change from existing use – thus a need for evaluation from an adversarial perspective is needed.

    Through this project – in conjunction with my pre-print – I will describe threat models for perceptual hashing algorithms in an adversarial setting, and present attacks against two widely deployed algorithms: PhotoDNA and PDQ. My results show that it is possible to generate targeted second-preimage attacks in which an adversary generates a variant of some source image that matches some target digest. I will also provide results for detection avoidance attacks as a complement to the recent investigation performed by Jain et al [20]. These results show that existing perceptual hash functions – and by extension PHMs – are likely insufficiently robust to survive attacks under this new setting.
  • Students: Yiwei Zhu, Yifan Wu

    Faculty Mentor: Xiangyang Li

    Abstract: Game cheating has become one of the most critical problems for game companies, especially FPS(First-person Shooting) games. Game companies lost millions of dollars every year because of the tiny cheat software. Many anti-cheating solutions were developed but most of them have users’ privacy concerns and failed in a White Collar liked scenario. Only if the cheat software is released, those detection systems are able to detect it. In our paper, we designed a client-side cheating detection system based on the raw input data and data from the game client. We used the idea of misuse detection and anomaly detection to define normal behavior and cheating behavior. The experiment results were displayed, misuse detection models had good performance while anomaly detection models also provided meaningful information. We also combined the misuse detection and anomaly detection into a hybrid detection model which achieves better performance in detecting cheating behavior. Several LSTM(Long short-term memory) models would also be designed to detect cheating in time sequences. Finally, we provide a comprehensive analysis of our experiment results and some suggestions for further work.

  • Students: Lizhu Chen, Xuhua Sun

    Faculty Mentor: Yingchuan Zhang

    Abstract: This capstone final report is about a machine learning approach to detect spam accounts on social platforms (Twitter). It introduces several different machine learning models with different feature selections to do a classification and prediction task on accounts to decide whether they are spam bots or human accounts. While most existing solutions focus on a little information of an account to decide its attributes, the main approach is to integrate existing features of an account like profile information, tweet text contents, and social networking graphs. Finally, the evaluation results of our machine learning models will be compared with the existing solution to show valid conclusions, discuss the selected features and make suggestions on future work toward more accurate and efficient analysis on social platform accounts.

  • Students: Xingyu Xiong

    Faculty Mentor: Ashutosh Dutta

    Abstract: As the COVID-19 pandemic rages on, it has become even more urgent for medical professionals around the world to work together to fight the virus. For example, the people urgently need data on the spread, infection, and cure of the new coronavirus among people of different races, ages, and genders. This is not something that one or two hospitals can do. Healthcare workers need to exchange and share patient privacy that they each cannot disclose and build models based on their shared illness data. This is a scenario of federated learning. Its main idea is to build distributed machine learning models based on data sets on multiple devices, while preventing data leakage.

    However, federated learning is not designed to screen or authenticate users participating in federated learning. It means that federated learning is vulnerable without additional defense mechanisms. It will lead to potential attackers to bring security risks, such as loss of data privacy for members who normally participate in federated learning. Therefore, in view of the data characteristics of federated learning in medical applications, this paper proposes a sample set Jaccard similarity threshold for the data set of federated members before the federated learning task starts, and requires the data set to have enough public samples, so as to ensure member security for federated members. Certification (Federated Member Certification, FMC) program. This scheme uses the idea of Shamir’s key sharing scheme, so that the shared key can be obtained only when the data set reaches the Jaccard threshold. This paper discusses the mutual authentication problem of two federal members, and theoretically extends it to the multi-member authentication problem. The FMC scheme can effectively exclude malicious users from federated learning, so that the private information of any legitimate user will not be leaked, and the semi-honest users who pass the verification can also not directly obtain the private data of other users. The security is provided by Shamir Information-theoretic security guarantees for threshold (k,n).

    The experiments in this paper prove that malicious adversaries cannot obtain any valid information, even in the case that they hold small sample base. The authentication time is less than one second, which consumes less extra time than traditional federated learning using homomorphic encryption.The security is improved at an acceptable time cost and has certain value in practical application scenarios.

Fall 2021 Student Projects

  • Students: Rohit Bhat

    Faculty Mentor: Matthew Green

    Abstract: We examine Nano, a digital cash blockchain protocol that eliminates mining by validating transactions asynchronously. We evaluate the consensus algorithms of Bitcoin and Nano, focusing on value transfer to observe emergent network effects regarding security, decentralization, and scalability. These properties are measured in their appropriate contexts: security regarding transaction finality, decentralization regarding the Nakamoto Coefficient, and scalability regarding transactions per second.

  • Students: Connor Gephart

    Faculty Mentor: Reuben Johnston

    Abstract: Previous studies have looked to adapt frameworks to specific uses or demonstrate particular implementations, but none have practically compared frameworks to determine their best use cases. This research analyzes the NIST Cybersecurity Framework and the MITRE Engage framework using Red Canary’s top 10 MITRE ATT&CK techniques to determine which framework better addresses common threats. Each framework was applied to an individual threat to determine what steps would be necessary to mitigate or prevent the threat. The ATT&CK techniques were tested on a Windows 10 system to model real-world end-user systems. The MITRE Engage framework is interesting in that it is designed to enhance the understanding of an adversary in addition to mitigating their threat. The NIST CSF is distinct because it deals with more general business practices than the MITRE Engage Framework. Both the NIST CSF and the MITRE Engage framework mitigate all ten threats, however, neither gives precise enough recommendations to use either framework alone to make active defensive decisions.

  • Students: Tyler Ramdass, Brittany Stewart, Eric Santorelli

    Faculty Mentor: Tim Leschke

    Abstract: Digital forensics is an ever-expanding field of research as computers, criminals, and investigators trying to catch criminals continue to employ more advanced techniques. As the research space for non-volatile memory is increasing exponentially, volatile memory is lacking. Tools such as Autopsy provide an examiner, novice or expert, the opportunity to complete an exam on a computer’s non-volatile memory successfully. However, loads of information, such as passwords and temporary files, are lost to the ignorance of those who do not understand the vitality of volatile memory. The research provided in this paper is meant to act as a springboard for future research into the executable integration of Volatility, an open-source volatile memory tool, in the Autopsy framework. This paper will cover the background needed to understand memory, a literature review, which includes the current state-of-the-art, a look into our attempt to integrate the software, a usability test to be used once the deliverable is completed, and, finally, our hope for future research and a reflection into what could have gone better.

  • Students: Xueming Feng

    Faculty Mentor: Xiangyang Li

    Abstract: This research first identifies the current network environment is hostile for small businesses and startups to host their service on the Internet. Then reviews Cloudflare’s past and current technologies against flooding attacks. From their technologies, select the following techniques to do further performance evaluation: iptables, BPF, and XDP. This paper analyzed the pros and cons of the above techniques. Then in a custom build environment that includes an victim, an adversary, and a normal user. We write our own tools that utilize the above techniques to mitigate incoming UDP floods. Along with a packet generator that is able to simulate UDP flood, we put our tools in place to try to stop the flood. We gathered data and benchmarked the tools we created against huge amount of traffic and under different CPU frequencies. Then we evaluated the performance of there techniques from the data sets we gathered. Finally, we provided the suggestion of the best techniques to mitigate the denial of service attack.

  • Students: Qi Cheng

    Faculty Mentor: Xiangyang Li

    External Mentor: Dr. Leah Ding (American University)

    Research Assistant: Anyi Xu (American University)

    Abstract: Machine learning-based spam detection models learn from a set of labeled training data and detect spam emails after the training phase. We study a class of vulnerabilities of such detection models, where the attack can manipulate a trained model to misclassify maliciously crafted spam emails at the detection phase. However, very often feature extraction methods make it very difficult to translate the change in the feature space to that in the textual email space. This paper proposes a new attack method of making guided changes to text data by taking advantage of findings of generated adversarial examples that purposely modify the features representing an email. We study different feature extraction methods using various Natural Language Processing (NLP) techniques. We develop effective methods to translate adversarial perturbations in the feature space back to a set of “magic words”, or malicious words, in the text space, which can cause desirable misclassifications from the attacker’s perspective. We show that our attacks are effective across different datasets and various machine learning methods in white-box, gray-box, and black-box attack settings. In addition, we also got preliminary result for our methodology on deep learning based-spam filters. Finally, we discuss preliminary exploration to counter such attacks. We hope our findings and analysis will allow future work to perform additional studies of defensive solutions against this new class of attacks.

  • Students: Aaron Wu, Hyoeun Choi

    Faculty Mentor: Xiangyang Li

    Abstract: In this project, we Implement a full stack video sharing social platform integrated into bitcoin(BTC) mainnet. – platform. The tech stack consists of serverless AWS lambda, React, Node.js AWS S3, Azure function. We keep high code quality and follow the best security practices (avoiding address reuse) to protect investor’s digital assets. We also launched a congestion attack on the lighting node. As a result,  a force close to the channel. Finally, we evaluated the performance between Lightning Network and BTC mainnet and discussed future work for the video sharing social platform.

JHU Information Security Institute