Students: Yancheng Chu, Danyu Liu
Faculty Mentor: Yinzhi Cao
Abstract: With the rapid development of front-end technology, single-page applications (SPAs) have become one of the popular choices for modern web development. Vue.js, as a popular front-end framework, greatly improves development efficiency and application performance through its declarative rendering and component system. However, with this comes the challenge of security issues, especially common web security threats such as cross-site scripting attacks (XSS). This paper introduces an abstract syntax tree (AST) –based approach for analyzing and enhancing the security of Vue.js applications. We filtered out files containing ‘v html’ or ‘{{{ }}}’ sink from 451559 files through a script. Among them, there are 194 Vue files, 57 HTML files, and 242 JS files. Among them, we successfully generated JSX format AST from Vue files with a success rate of nearly 99% by escaping Vue syntax in the Espree framework.
Students: Xin Shen, Zihan Qu, Zhen Liang
Faculty Mentor: Yinzhi Cao
Abstract: This investigation delves into the progression of cookie-based tracking methodologies and scrutinizes the impact of legislative frameworks, notably the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), on these methods. Employing archival web data sourced from the Internet Archive, this study conducts a diachronic analysis of cookie policies and their compliance with privacy norms over an extended period. The analytical phase of the research utilizes two specialized scripts: one that evaluates the application of cookies in third-party tracking, and another that inspects the user interface design and textual content of cookie consent banners for indications of dark patterns. These insidious design strategies, which imperceptibly coax users into consenting to an excessive number of cookies, constitute the core of our inquiry. The research culminates in the presentation of data visualizations that illuminate the temporal dynamics of cookie usage in relation to regional privacy mandates. By accentuating the evolution in tracking techniques and the pervasiveness of dark patterns within cookie consent frameworks, the study endeavors to shed light on the efficacy of privacy legislation, the moral implications of cookie-based tracking, and the persistent obstacles in the protection of online privacy. This holistic methodology facilitates an assessment of whether regulatory interventions have effectively curtailed deceptive practices and bolstered user privacy in the digital environment.
Students: Raghad Alkhudhayr, Yunze Wang, Yiming Wang
Faculty Mentor: Ashutosh Dutta
Abstract: In the digital world, technologies are constantly evolving to advance the telecommunications industry. 5G technology is one of these innovations, developed to enhance network architecture significantly. While the application of new 5G technologies and architectures has not only accelerated the rapid development of communication and networks, offering faster speeds, lower latency, and increased connectivity, it has also introduced numerous threats and vulnerabilities. One of the significant threats affecting 5G is the Denial of Service (DoS) attack, which can severely disrupt 5G networks by overwhelming them with excessive traffic, thereby preventing legitimate users from accessing services. The objective of this project is to simulate the challenges posed by DoS attacks within the 5G network architecture, specifically focusing on the user plane and control planes, two critical components that are particularly vulnerable to these attacks. We will examine and evaluate the susceptibility of 5G networks to UE-attached storms (NGAP) in the Control Plane and GTP-U flooding in the User Plane. By employing a powerful intrusion detection system which is the NIKSUN NetDetector, we aim to monitor these threats in real-time, customizing the system to effectively identify and mitigate specific vulnerabilities inherent to 5G networks. Our approach involves a comprehensive analysis of DoS attack scenarios on 5G networks, utilizing the ABot 5G simulation platform to create realistic DoS attack patterns such as UE attach storms (NGAP) and GTP-U flood traffic. The NIKSUN NetDetector tool will then be deployed for real-time detection and response to ABot platform, enabling us to simulate these threats and minimize their impact.
Students: Aditya Gaur, Preetham Nagesh
Faculty Mentor: Anton Dahbura
External Mentor: Dr. Gregory Falco (Cornell University)
Research Assistant: Anais Huang (MSSI student)
Abstract: Since the inception of the first ransomware incident in 1989, the cybersecurity landscape has undergone significant transformations. Notably, the accessibility of ransomware toolkits and the emergence of Ransomware as a Service (RaaS) on the dark web have facilitated an increase in attacks, particularly targeting critical infrastructures. In 2021, 14 out of 16 critical sectors experienced such attacks, prompting the UK’s National Cyber Security Centre (NCSC) to recognize ransomware as the primary threat to its government. The 2023 Sophos report underscores a noteworthy escalation in average ransom payments, underscoring the persistent and pervasive nature of ransomware incidents. This escalating trend necessitates a proactive response to mitigate the impact of ransomware attacks. In light of these challenges, we introduce rSentinel, an innovative detection tool specifically tailored for distributed and enterprise systems. Unlike conventional tools reliant on signature-based detection, rSentinel incorporates a detection module grounded in ransomware behavior analysis and a distributed system diagnosis module. The diagnostic algorithm employed is the Adaptive Distributed System-level Diagnosis (DSD), complemented by a Certificate Authority (CA) governing all network nodes. This strategic combination ensures containment measures to prevent the spread of ransomware across the network. In essence, the primary objective of rSentinel is to utilize these integrated modules to promptly alert and respond to ongoing ransomware attacks within a distributed network.
Students: FNU Shruthi Duraisamy
Faculty Mentor: Ashutosh Dutta
Abstract: In the era of digital transformation, cloud computing emerges as a pivotal element of modern IT infrastructure, offering agility, scalability, and cost efficiency. However, this advancement also brings significant security challenges, particularly in safeguarding data, applications, and infrastructure within the cloud. One of the primary concerns in cloud security is the risk of misconfigurations, often due to human error, which can lead to substantial security threats. Misconfigurations can unintentionally expose sensitive data, inadequately configure access controls, or result in non-compliance with best practices, thereby jeopardizing the security and compliance of cloud environments.
Students: Zhenhe Zhang, Devang Jain, Avradipta Das
Faculty Mentor: Ashutosh Dutta
Abstract: This project aims to examine the security vulnerabilities of 5G networks, specifically targeting Denial of Service (DoS) attacks. Through ABot simulations and Grafana monitoring, it explores the complex threat landscape of 5G and demonstrates effective attack simulations. This study emphasizes the importance of robust threat modeling and advanced security measures for mitigating risks in 5G networks, underscoring the need for continuous innovation in network security protocols and practices. The potential integration of advanced Intrusion Detection Systems like Niksun’s LogWave offers a promising direction for future enhancements, incorporating real-time threat detection and intelligent bandwidth management.
Students: Eman Alahmadi
Faculty Mentor: Ashutosh Dutta
Abstract: The introduction of the 5G network has opened up a new world of possibilities for improved user experiences, connected environments, and efficiency. However, with these advancements come concerns about the security and privacy of the 5G network. This paper aims to enhance the performance of 5G attack detection models by focusing on three key areas of improvement. We emphasize the significance of utilizing a relevant and up-to-date dataset within the specified problem domain. To achieve this, we leverage the groundbreaking “5GAD-2022” dataset, the first dedicated dataset for 5G attacks. This distinguishes our investigation from previous efforts that relied on general network attack datasets, thereby amplifying the specificity and relevance of our analysis. Additionally, we adopted a more systematic approach in selecting machine learning models for this problem space, providing well-rounded justifications for our algorithm choices. This careful decision-making process offers valuable insights into the field of 5G network attack detection. Furthermore, we conduct experiments with various models to pinpoint the optimal algorithm for 5G attack detection, including Gaussian Naive Bayes (GNB), K-Nearest Neighbors (KNN), Support Vector Machine (SVM), and Random Forest Classifier (RFC). Our comparative analysis highlights the strengths and trade-offs of each model, with the RFC model emerging as the most robust choice, achieving an outstanding accuracy of 97\%. Notably, the RFC model demonstrates impressive precision, with scores of 0.99 for detecting attacks and 0.96 for identifying normal instances, showcasing its accuracy and robustness in distinguishing between network malicious and normal traffic. Overall, our project advances the understanding of 5G network security by employing state-of-the-art models and leveraging the first-ever 5G attacks dataset.
Students: Chengjun Zhang, Wenda Shao, Xianglong Wang
Faculty Mentor: Lanier Watkins
Abstract: The proliferation of high-speed networks within power systems has given rise to a heightened interplay between network infrastructure and physical infrastructure, rendering power systems susceptible to network infiltration and cyber-attacks. In response to this challenge, this paper offers a comprehensive account of the power system simulation process and introduces a hierarchical-based intrusion detection framework. This framework emulates the information made available by power system components and employs machine learning models to detect diverse forms of attacks. During the feature screening phase, Gray wolf optimization is harnessed, leveraging the social hierarchy and hunting behavior of gray wolves in the wild to perform feature selection. This optimization culminates in an enhanced ensemble classification approach, optimizing feature learning from the data. The anticipated outcome is an Intrusion Detection System (IDS) capable of promptly identifying anomalous events within the power grid and alerting relevant personnel. Additionally, the IDS will provide a succinct diagnosis pinpointing the specific functional area of the power grid affected by anomalies, thereby expediting the diagnostic process and facilitating the swift identification and mitigation of vulnerabilities.
Students: Luis Rivas, Varun K. Singh, Vinayak Khandelwal
Faculty Mentor: Lanier Watkins
Abstract: QR codes offer immense convenience for rapidly sharing information through ubiquitous smartphone scanning. However, vulnerabilities like phishing links, malware injection, and data theft threaten privacy and safety. This project investigates integrating machine learning AI to identify QR code threats. The rapid increase in QR code exploits poses a significant risk to the credibility of this widely used technology. Phishing scams employing counterfeit codes have surged by over 50%, while malware assaults utilizing QR vectors have shown a staggering spike of over 2400% since 2022. These concerning data indicate a pressing necessity to reinstate measures safeguarding integrity to halt the ongoing decline in public trust.
Students: Anais Huang
Faculty Mentor: Lanier Watkins
Abstract: Tor is a free software and an open network to prevent tracking and censorship. Tor relays are run by operators from all over the world, and the relays that have potentially harmful behaviors are referred to as malicious relays. Both Tor users and the health of Tor network are harmed by those malicious relays. I therefore first performed Tor network simulations and simulated attacks, and then generated datasets containing both malicious Tor traffic flows and benign Tor traffic flows. After that I proposed TorEye, a malicious Tor traffic detection mechanism, demonstrating its viability through evaluation. With different classifiers and a majority voting strategy, TorEye utilizes Tor traffic to detect malicious behaviors on Tor network.
Students: Bofan Gong, Sihan Niu, Hanwen Lin
Faculty Mentor: Matt Green
Abstract: We proposed a decentralized scheme to play the famous social deduction game werewolf fully on the blockchain. Specifically, we designed cryptographic protocols for game roles including villager, wolf and psychic, who have special abilities. We designed the protocols in such a way that steps taken by players in each round are folded to a single instance that can be verified by the blockchain efficiently. We implemented our protocols using Aleo zero-knowledge virtual machine, which can provide zero-knowledge proof systems for programs’ execution. We used a parser written in Python to manipulate this virtual machine and have conducted some performance tests. The test results indicate that, for turn-based games that do not require on-time feedback, the performance overhead caused by transforming the game process into a distributed cryptographic protocol is acceptable. Our design process can also serve as an example for other turn-based blockchain games.
Students: Ziwei Li, Qian Wang, Zeyin Zhang
Faculty Mentor: Xiangyang Li
Abstract: This project presents the development of an innovative social media platform enhanced with end-to-end one-time encryption to ensure secure communication among users. In the digital age where data breaches and privacy concerns are rampant, our app addresses these challenges by integrating robust encryption techniques into a user-friendly social media interface. We employ a method where all group users share a common secret key and a one-time password key, generated every 30 seconds, for encrypting messages. The front-end development enables secure message transmission via HTTPS requests, while the back end, developed in Python, interacts with a MySQL database for storing chat records, ensuring data persistence and security. Our approach includes operational maintenance features like automatic deletion of chat records older than seven days, and a user interface that prioritizes ease of use while maintaining high-security standards. Significant advancements include stress testing, threat modeling and analysis, and exploring shared key methods. The system’s architecture, designed to operate in a high-demand environment, ensures scalability, performance under load, and resistance to a wide array of cyber threats.
Students: Kyle Wang, Jim Huang, Kepeng Zhou
Faculty Mentor: Xiangyang Li
Abstract: Adversarial attack and robustness are a trending topic these years, and many studies dug into this field and found some significant progress to better defend adversarial attack. However, previous studies mostly focus on the effectiveness of the performance of the attackers attacking defenders, they focus on the methods and algorithms to break through the defender’s defending system. However, this study addresses the critical area of adversarial attacks in machine learning-based spam filters, shifting focus from traditional attack-centric research to a balanced examination of both attackers’ and defenders’ performances. In our study, we employ advanced experiments to analyze the effectiveness of attack strategies against evolving defense mechanisms in spam filtering and delve into the comparison of attacker’s and defender’s performance, and offer new insights that previous studies don’t include.
Students: Jingyang Zou, Zhaoxi Sun, Chun Yen Ku
Faculty Mentor: Xiangyang Li, Anton Dahbura
Abstract: This project aims to upgrade a high-interaction honeypot system for cybersecurity research. Enhancements include adding more communication ports to attract more attackers, and embedding known vulnerabilities for deeper hacker activities. The honeypot will include several common services such as SSH server, Apache server, RDP server ,and mail server to simulate a common server that be used by a small company. The honeypot will be deployed in hacker-dense regions like the U.S., Asia, and Europe. Data collected will be analyzed using a Python script to discern attack patterns such as traffic fluctuation and common sources of attacks. The initiative is split into development and deployment, followed by data analysis and refinements. The goal is to understand cyber threats more effectively and improve data capture.
Students: Adila Abudureheman, Amodini Vardhan, Manoj Valeti
Faculty Mentor: Yinzhi Cao
Abstract: In today’s digital age, the proliferation of explicit, illicit, and hate-spreading images has reached alarming levels. Software companies facilitating image uploads on their platforms or cloud storage typically employ server-side algorithms for detecting Child Sexual Abuse Material (CSAM), aiming to prevent the upload of illicit images. However, the widespread adoption of End-to-End Encryption (E2EE) poses a challenge for companies relying on server-side CSAM detection, as the images are no longer in plain format. There is a need for a robust perceptual hashing algorithm that can be integrated into software services at client-side and is resilient against adversarial attacks.
In this capstone we evaluate the robustness of the NeuralHash model used to generate perceptual hashes, assessing their resistance to adversarial attacks using the Alpha Beta CROWN framework. We are developing a Perceptual Hashing model based on Apple’s NeuralHash, verified by the Alpha Beta CROWN standard, capable of effectively identifying CSAM and resistant to adversarial attacks. Additionally, we conducted comprehensive evaluations of the NeuralHash model and vulnerability assessments for its weakness for not being verifiable by the Alpha Beta CROWN standard. The enhanced Perceptual Hashing model generates phash that is less vulnerable to adversarial attacks than the existing NeuralHash model.
Students: Gaurav Narwani, Saket Laddha
Faculty Mentor: Yinzhi Cao
Abstract: Dynamic application security testing (DAST) for Web has emerged as a frontline defense against web application threats, presenting challenges that conventional tools are often ill-equipped to address. With the onset of dynamic web applications, traditional methods often fall short. In this paper, we propose a novel approach to DAST testing that leverages machine learning to emulate human interactions, thereby providing a more comprehensive vulnerability detection mechanism for modern web applications and addressing the inherent limitations of conventional tools and setting a new benchmark for automated web security analysis. The crawler aims to handle dynamic content, intelligently interact with forms, navigate authentication barriers, and capture complex user journeys, providing an insight into the complexities of today’s web applications. This report chronicles the journey of developing a web crawler that isn’t just about traversing web pages but understanding and mimicking human interactions with an intent to unearth concealed vulnerabilities.