Student Projects Completed in 2023-2024
Fall 2023 Student Projects
-
Students: Aditya Gaur, Preetham Nagesh
Faculty Mentor: Anton Dahbura
External Mentor: Dr. Gregory Falco (Cornell University)
Research Assistant: Anais Huang (MSSI student)
Abstract: Since the inception of the first ransomware incident in 1989, the cybersecurity landscape has undergone significant transformations. Notably, the accessibility of ransomware toolkits and the emergence of Ransomware as a Service (RaaS) on the dark web have facilitated an increase in attacks, particularly targeting critical infrastructures. In 2021, 14 out of 16 critical sectors experienced such attacks, prompting the UK’s National Cyber Security Centre (NCSC) to recognize ransomware as the primary threat to its government. The 2023 Sophos report underscores a noteworthy escalation in average ransom payments, underscoring the persistent and pervasive nature of ransomware incidents. This escalating trend necessitates a proactive response to mitigate the impact of ransomware attacks. In light of these challenges, we introduce rSentinel, an innovative detection tool specifically tailored for distributed and enterprise systems. Unlike conventional tools reliant on signature-based detection, rSentinel incorporates a detection module grounded in ransomware behavior analysis and a distributed system diagnosis module. The diagnostic algorithm employed is the Adaptive Distributed System-level Diagnosis (DSD), complemented by a Certificate Authority (CA) governing all network nodes. This strategic combination ensures containment measures to prevent the spread of ransomware across the network. In essence, the primary objective of rSentinel is to utilize these integrated modules to promptly alert and respond to ongoing ransomware attacks within a distributed network.
-
Students: FNU Shruthi Duraisamy
Faculty Mentor: Ashutosh Dutta
Abstract: In the era of digital transformation, cloud computing emerges as a pivotal element of modern IT infrastructure, offering agility, scalability, and cost efficiency. However, this advancement also brings significant security challenges, particularly in safeguarding data, applications, and infrastructure within the cloud. One of the primary concerns in cloud security is the risk of misconfigurations, often due to human error, which can lead to substantial security threats. Misconfigurations can unintentionally expose sensitive data, inadequately configure access controls, or result in non-compliance with best practices, thereby jeopardizing the security and compliance of cloud environments.
The SecureSky project addresses these challenges within the Microsoft Azure Cloud environment. Its primary aim is to develop an automated cloud security solution that detects and swiftly remediates misconfigurations. This approach significantly reduces the attack surface and associated risks. A distinctive feature of SecureSky is its strict alignment with the CIS Controls benchmark for Azure. The project methodically uses each control outlined in the CIS document to query, assess and remediate any misconfigurations of each cloud resource within Azure. It involves rigorous evaluation of performance metrics, including Mean Time to Remediate (MTTR), compliance rates, and false positive rates, to quantitatively measure its effectiveness. Additionally, SecureSky’s capabilities are compared with existing open-source cloud security tools, highlighting its unique strengths and positioning it as a comprehensive solution for cloud security and compliance in Azure environments. -
Students: Zhenhe Zhang, Devang Jain, Avradipta Das
Faculty Mentor: Ashutosh Dutta
Abstract: This project aims to examine the security vulnerabilities of 5G networks, specifically targeting Denial of Service (DoS) attacks. Through ABot simulations and Grafana monitoring, it explores the complex threat landscape of 5G and demonstrates effective attack simulations. This study emphasizes the importance of robust threat modeling and advanced security measures for mitigating risks in 5G networks, underscoring the need for continuous innovation in network security protocols and practices. The potential integration of advanced Intrusion Detection Systems like Niksun’s LogWave offers a promising direction for future enhancements, incorporating real-time threat detection and intelligent bandwidth management.
-
Students: Eman Alahmadi
Faculty Mentor: Ashutosh Dutta
Abstract: The introduction of the 5G network has opened up a new world of possibilities for improved user experiences, connected environments, and efficiency. However, with these advancements come concerns about the security and privacy of the 5G network. This paper aims to enhance the performance of 5G attack detection models by focusing on three key areas of improvement. We emphasize the significance of utilizing a relevant and up-to-date dataset within the specified problem domain. To achieve this, we leverage the groundbreaking “5GAD-2022” dataset, the first dedicated dataset for 5G attacks. This distinguishes our investigation from previous efforts that relied on general network attack datasets, thereby amplifying the specificity and relevance of our analysis. Additionally, we adopted a more systematic approach in selecting machine learning models for this problem space, providing well-rounded justifications for our algorithm choices. This careful decision-making process offers valuable insights into the field of 5G network attack detection. Furthermore, we conduct experiments with various models to pinpoint the optimal algorithm for 5G attack detection, including Gaussian Naive Bayes (GNB), K-Nearest Neighbors (KNN), Support Vector Machine (SVM), and Random Forest Classifier (RFC). Our comparative analysis highlights the strengths and trade-offs of each model, with the RFC model emerging as the most robust choice, achieving an outstanding accuracy of 97\%. Notably, the RFC model demonstrates impressive precision, with scores of 0.99 for detecting attacks and 0.96 for identifying normal instances, showcasing its accuracy and robustness in distinguishing between network malicious and normal traffic. Overall, our project advances the understanding of 5G network security by employing state-of-the-art models and leveraging the first-ever 5G attacks dataset.
-
Students: Chengjun Zhang, Wenda Shao, Xianglong Wang
Faculty Mentor: Lanier Watkins
Abstract: The proliferation of high-speed networks within power systems has given rise to a heightened interplay between network infrastructure and physical infrastructure, rendering power systems susceptible to network infiltration and cyber-attacks. In response to this challenge, this paper offers a comprehensive account of the power system simulation process and introduces a hierarchical-based intrusion detection framework. This framework emulates the information made available by power system components and employs machine learning models to detect diverse forms of attacks. During the feature screening phase, Gray wolf optimization is harnessed, leveraging the social hierarchy and hunting behavior of gray wolves in the wild to perform feature selection. This optimization culminates in an enhanced ensemble classification approach, optimizing feature learning from the data. The anticipated outcome is an Intrusion Detection System (IDS) capable of promptly identifying anomalous events within the power grid and alerting relevant personnel. Additionally, the IDS will provide a succinct diagnosis pinpointing the specific functional area of the power grid affected by anomalies, thereby expediting the diagnostic process and facilitating the swift identification and mitigation of vulnerabilities.
-
Students: Luis Rivas, Varun K. Singh, Vinayak Khandelwal
Faculty Mentor: Lanier Watkins
Abstract: QR codes offer immense convenience for rapidly sharing information through ubiquitous smartphone scanning. However, vulnerabilities like phishing links, malware injection, and data theft threaten privacy and safety. This project investigates integrating machine learning AI to identify QR code threats. The rapid increase in QR code exploits poses a significant risk to the credibility of this widely used technology. Phishing scams employing counterfeit codes have surged by over 50%, while malware assaults utilizing QR vectors have shown a staggering spike of over 2400% since 2022. These concerning data indicate a pressing necessity to reinstate measures safeguarding integrity to halt the ongoing decline in public trust.
-
Students: Anais Huang
Faculty Mentor: Lanier Watkins
Abstract: Tor is a free software and an open network to prevent tracking and censorship. Tor relays are run by operators from all over the world, and the relays that have potentially harmful behaviors are referred to as malicious relays. Both Tor users and the health of Tor network are harmed by those malicious relays. I therefore first performed Tor network simulations and simulated attacks, and then generated datasets containing both malicious Tor traffic flows and benign Tor traffic flows. After that I proposed TorEye, a malicious Tor traffic detection mechanism, demonstrating its viability through evaluation. With different classifiers and a majority voting strategy, TorEye utilizes Tor traffic to detect malicious behaviors on Tor network.
-
Students: Bofan Gong, Sihan Niu, Hanwen Lin
Faculty Mentor: Matt Green
Abstract: We proposed a decentralized scheme to play the famous social deduction game werewolf fully on the blockchain. Specifically, we designed cryptographic protocols for game roles including villager, wolf and psychic, who have special abilities. We designed the protocols in such a way that steps taken by players in each round are folded to a single instance that can be verified by the blockchain efficiently. We implemented our protocols using Aleo zero-knowledge virtual machine, which can provide zero-knowledge proof systems for programs’ execution. We used a parser written in Python to manipulate this virtual machine and have conducted some performance tests. The test results indicate that, for turn-based games that do not require on-time feedback, the performance overhead caused by transforming the game process into a distributed cryptographic protocol is acceptable. Our design process can also serve as an example for other turn-based blockchain games.
-
Students: Ziwei Li, Qian Wang, Zeyin Zhang
Faculty Mentor: Xiangyang Li
Abstract: This project presents the development of an innovative social media platform enhanced with end-to-end one-time encryption to ensure secure communication among users. In the digital age where data breaches and privacy concerns are rampant, our app addresses these challenges by integrating robust encryption techniques into a user-friendly social media interface. We employ a method where all group users share a common secret key and a one-time password key, generated every 30 seconds, for encrypting messages. The front-end development enables secure message transmission via HTTPS requests, while the back end, developed in Python, interacts with a MySQL database for storing chat records, ensuring data persistence and security. Our approach includes operational maintenance features like automatic deletion of chat records older than seven days, and a user interface that prioritizes ease of use while maintaining high-security standards. Significant advancements include stress testing, threat modeling and analysis, and exploring shared key methods. The system’s architecture, designed to operate in a high-demand environment, ensures scalability, performance under load, and resistance to a wide array of cyber threats.
-
Students: Kyle Wang, Jim Huang, Kepeng Zhou
Faculty Mentor: Xiangyang Li
Abstract: Adversarial attack and robustness are a trending topic these years, and many studies dug into this field and found some significant progress to better defend adversarial attack. However, previous studies mostly focus on the effectiveness of the performance of the attackers attacking defenders, they focus on the methods and algorithms to break through the defender’s defending system. However, this study addresses the critical area of adversarial attacks in machine learning-based spam filters, shifting focus from traditional attack-centric research to a balanced examination of both attackers’ and defenders’ performances. In our study, we employ advanced experiments to analyze the effectiveness of attack strategies against evolving defense mechanisms in spam filtering and delve into the comparison of attacker’s and defender’s performance, and offer new insights that previous studies don’t include.
-
Students: Jingyang Zou, Zhaoxi Sun, Chun Yen Ku
Faculty Mentor: Xiangyang Li, Anton Dahbura
Abstract: This project aims to upgrade a high-interaction honeypot system for cybersecurity research. Enhancements include adding more communication ports to attract more attackers, and embedding known vulnerabilities for deeper hacker activities. The honeypot will include several common services such as SSH server, Apache server, RDP server ,and mail server to simulate a common server that be used by a small company. The honeypot will be deployed in hacker-dense regions like the U.S., Asia, and Europe. Data collected will be analyzed using a Python script to discern attack patterns such as traffic fluctuation and common sources of attacks. The initiative is split into development and deployment, followed by data analysis and refinements. The goal is to understand cyber threats more effectively and improve data capture.
-
Students: Adila Abudureheman, Amodini Vardhan, Manoj Valeti
Faculty Mentor: Yinzhi Cao
Abstract: In today’s digital age, the proliferation of explicit, illicit, and hate-spreading images has reached alarming levels. Software companies facilitating image uploads on their platforms or cloud storage typically employ server-side algorithms for detecting Child Sexual Abuse Material (CSAM), aiming to prevent the upload of illicit images. However, the widespread adoption of End-to-End Encryption (E2EE) poses a challenge for companies relying on server-side CSAM detection, as the images are no longer in plain format. There is a need for a robust perceptual hashing algorithm that can be integrated into software services at client-side and is resilient against adversarial attacks.
In this capstone we evaluate the robustness of the NeuralHash model used to generate perceptual hashes, assessing their resistance to adversarial attacks using the Alpha Beta CROWN framework. We are developing a Perceptual Hashing model based on Apple’s NeuralHash, verified by the Alpha Beta CROWN standard, capable of effectively identifying CSAM and resistant to adversarial attacks. Additionally, we conducted comprehensive evaluations of the NeuralHash model and vulnerability assessments for its weakness for not being verifiable by the Alpha Beta CROWN standard. The enhanced Perceptual Hashing model generates phash that is less vulnerable to adversarial attacks than the existing NeuralHash model.
-
Students: Gaurav Narwani, Saket Laddha
Faculty Mentor: Yinzhi Cao
Abstract: Dynamic application security testing (DAST) for Web has emerged as a frontline defense against web application threats, presenting challenges that conventional tools are often ill-equipped to address. With the onset of dynamic web applications, traditional methods often fall short. In this paper, we propose a novel approach to DAST testing that leverages machine learning to emulate human interactions, thereby providing a more comprehensive vulnerability detection mechanism for modern web applications and addressing the inherent limitations of conventional tools and setting a new benchmark for automated web security analysis. The crawler aims to handle dynamic content, intelligently interact with forms, navigate authentication barriers, and capture complex user journeys, providing an insight into the complexities of today’s web applications. This report chronicles the journey of developing a web crawler that isn’t just about traversing web pages but understanding and mimicking human interactions with an intent to unearth concealed vulnerabilities.
Throughout the report, we detail the development process of our web crawler, emphasizing its capability to understand and mimic human behavior, and its effectiveness in revealing concealed vulnerabilities in web applications. We believe that our project marks a significant step in the evolution of DAST tools and contributes meaningfully to the field of web security.
