Student Projects Completed in 2025-2026

Students: Rui Yang, Haoyu Wang, Tian Li

Faculty Mentor: Cao, Yinzhi

Abstract: Host Name pollution (HNP) is a pervasive structural vulnerability in modern Web architectures that has long lacked systematic cross-layer analysis. This study conducts an in-depth investigation of HNP in Web technology stacks, proposing the first comprehensive analytical framework spanning proxies, servers, frameworks, and application layers. Leveraging a three-stage analysis pipeline, we perform ecosystemscale measurements on approximately 10,000 real world open-source projects, revealing the complete cross-layer lifecycle of hostnames—including reconstruction, over writing, concatenation, propagation, and application-layer reuse—and validating hundreds of potential vulnerabilities and numerous zero-day exploitation cases across diverse ecosystems, frameworks, and deployment models. The core contribution lies in establishing a unified theoretical perspective: framing HNP as a “cross-layer authority semantic inconsistency” rather than a traditional input validation defect, which unifies previously fragmented host-related vulnerabilities by explaining their common root cause of disparate inter-layer assumptions about hostname semantics. Methodologically, we introduce a novel cross-layer security analysis paradigm integrating dynamic proxy behavior modeling, cross-framework semantic tracing, and application-layer data flow modeling, overcoming the limitations of single-layer approaches (e.g., black-box testing) by capturing complex multi-component interaction-driven security behaviors. Our findings demonstrate that HNP originates from the absence of a consistent cross-layer authority trust model in Web system design; by elucidating its mechanisms, quantifying its ecosystem impact, and proposing cross layer defense principles, this study provides a foundational framework for addressing structural vulnerabilities in modern Web architectures, aiming to advance Web ecosystem design toward “secure unified semantics,” mitigate similar cross-layer vulnerability risks, and inform future research on system-level security abstractions.

Students: Mohamad Saaty

Faculty Mentor: Cao, Yinzhi

Abstract: Traditional honeypots often rely on static, single-service deployments that are easily fingerprinted and fail to model realistic latency and interaction patterns, reducing deception credibility and limiting attacker engagement. This work introduces HonAIpot, an AI-driven, adaptive, and latency-aware multi-service honeypot framework designed to address these limitations. HonAIpot integrates SSH, WordPress, and MySQL within a containerized environment and employs a centralized controller that performs service-specific feature extraction and applies coordinated, per-attacker adaptations based on observed behavior. A key objective of the framework is to enhance realism by dynamically shaping response timing and modifying service characteristics to resemble legitimate systems. Controlled experiments show clear behavioral separation across baseline, engage, and tarpit modes, with engage interactions exhibiting slightly reduced latency and tarpit profiles introducing significantly higher delays across all services. These results confirm that HonAIpot modulates timing characteristics and meaningfully shapes attacker interaction patterns. By combining multi-service orchestration, adaptive behavioral logic, and privacy-preserving telemetry, HonAIpot provides a practical and extensible foundation for next-generation deception systems. Future extensions include reinforcement-learning-based adaptation, expanded protocol support, cloud deployment, and integration with SIEM and threat intelligence pipelines.

Students: Pinjun Chen, Haowei Zeng

Faculty Mentor: Dutta, Ashutosh

Abstract: This project presents the design and implementation of a novel Network Intrusion Detection System (NIDS) that leverages deep learning techniques including TransformerAE and ResnetAE for anomaly detection. The proposed system extracts statistical features from real time network traffic and identifies abnormal patterns indicative of potential security breaches. The system is experimentally evaluated and benchmarked against existing intrusion detection approaches to assess its performance, scalability, and practical applicability. Through this work, we aim to advance the development of intelligent intrusion detection systems capable of operating effectively in dynamic network environments.

Students: Atharva Chaudhari, Divye Kalra, Rishi Bothra

Faculty Mentor: Green, Matthew

Abstract: Vehicle-to-Everything (V2X) networks are revolutionizing traffic control, safety coordination, and intelligent driving by enabling real-time exchanges among vehicles and infrastructure. This rapid connectivity, however, exposes the system to attacks such as message replay, where adversaries attempt to undermine message authenticity by retransmitting old communications. To address this vulnerability, this project introduces a comprehensive anti-replay protocol built around a centralized backend design that tightly links the SCMS, roadside hardware, and onboard vehicle units. Using cutting-edge cryptographic techniques and advanced certificate lifecycle management, the framework delivers scalable authentication and enhanced replay protection. This design is intended to secure the network, allow straightforward audits, and maintain the privacy and efficiency expected in advanced transportation platforms.

Students: Ruohua Chen, Shihui Zhou, Maoxun Zhao

Faculty Mentor: Johnston, Reuben; Ghorbani, Soudeh

Abstract: Modern enterprises are increasingly utilizing multiple cloud platforms. Nevertheless, IAM (Identity and Access Management) remains inconsistent owing to the differences in policy semantics and identity workflows. For example, in AWS, obtaining Kubernetes cluster credentials entails the IAM and STS process, rather than an abstract EKS API action, which results in a similar situation – the abstract permission that has a one-to-one mapping to either GCP or

Students: Yuanli Zhu, Yipeng Dong

Faculty Mentor: Leschke, Tim

Abstract: Digital forensics is an essential discipline within information security, focusing on the systematic collection, analysis, preservation, and presentation of digital evidence extracted from various electronic devices and environments. As organizations increasingly utilize hybrid operating systems, the complexities of digital forensic investigations have escalated, particularly in reconciling the differences between Windows (NTFS) and Linux (ext4) file systems. This research addresses the existing gaps in cross-platform forensic tool assessments, proposing a systematic experimental framework for the quantitative comparison of open-source forensic tools compatible with mixed Windows-Linux environments. The study evaluates tools based on functionality, accuracy, efficiency, and resilience to anti-forensic techniques, utilizing clearly defined scoring rubrics. The findings will enable practitioners to make informed decisions for tool selection, enhancing the reliability of investigations and facilitating effective responses to cybersecurity incidents within diverse enterprise infrastructures.

Students: Zisheng Chen, Zirui Zhu

Faculty Mentor: Li, Xiangyang

Abstract: Threat detection models in cybersecurity must keep up with shifting traffic, strict feature budgets, and noisy hardware, yet even strong classical systems still miss rare or borderline attacks when the data distribution drifts. Small, near-term quantum processors are now available, but existing work rarely shows whether quantum components can improve end-to-end detection under these unstable, resource constrained conditions rather than just adding complexity. We address this gap with a hybrid architecture that uses a compact multilayer perceptron to compress security data and then routes a few features to 2–4 qubit quantum heads implemented as quantum support vector machines and variational circuits. Under matched preprocessing and training budgets, we benchmark these hybrids against tuned classical baselines on two security tasks, network intrusion detection on NSL-KDD and spam filtering on Ling-Spam, and then deploy the best 4-qubit quantum SVM to an IBM Quantum device with noise-aware execution (readout mitigation and dynamical decoupling). Across both datasets, shallow quantum heads consistently match, and on difficult near-boundary cases modestly reduce, missed attacks and false alarms relative to classical models using the same features. Hardware results track simulator behavior closely enough that the remaining gap is dominated by device noise rather than model design. Taken together, the study shows that even on small, noisy chips, carefully engineered quantum components can already function as competitive, budget-aware elements in practical threat detection pipelines.

Students: Bokai Han, Da Li, Rixin Li

Faculty Mentor: Li, Xiangyang

Abstract: The Internet of Medical Things (IoMT) faces significant security risks. To address this, we conduct a systematic comparison of different view-partitioning strategies (split-view vs. full-view) and stacking-based ensemble strategies on two representative IoMT security datasets, and propose a transferable split-view stacked ensemble framework. First, on the WUSTL-EHMS-2020 dataset, we perform a “vertical” partitioning of the feature space, splitting the data into a network view and a biometric view. Within each view, we train three deep models and use out-of-fold predictions from cross-validation as the first-layer features for that view. Building on this design, we implement two concrete schemes: (i) a two-level stacking approach, where we first fuse the models within each view and then perform a second-stage fusion over the two view-level outputs; and (ii) a single-level stacking approach, where all outputs of the three models from both views are directly concatenated and fed into a fully connected layer for unified fusion. Experimental results show that the single-level fully connected stacking scheme slightly outperforms the two-level stacking scheme, and the two-level scheme in turn outperforms a baseline that stacks the three base models without any view partitioning. Second, on the multi-protocol IoMT security benchmark CICIoMT2024, we adopt a “horizontal” view partitioning based on attack types: different attack types are treated as distinct views, a single base classifier is trained within each view, and the view-wise outputs are then combined via stacking. The resulting performance surpasses the machine-learning baselines reported in the original CICIoMT2024 paper. Taken together, the comparative experiments on both datasets indicate that, in IoMT intrusion detection, a carefully designed split-view stacked ensemble can enhance detection performance and offer practical guidance for future system design with respect to view-partitioning strategies, stacking depth, and the heterogeneity of base learners.

Students: Jiaxuan Luo

Faculty Mentor: Li, Ziyang

Abstract: Large language models (LLMs) are increasingly deployed as autonomous coding agents that read issues, modify repositories, run tests, and commit patches with minimal human oversight. This “vibe coding” workflow is attractive for productivity, but its security impact in realistic software projects is poorly understood. 

This capstone project implements an end-to-end framework for evaluating the security of agent-generated code on \bench, a benchmark of vulnerability-fixing tasks reconstructed from historical GitHub projects. The framework orchestrates repository snapshots, Docker-based build and test environments, multi-language pipelines, and static analysis tools to jointly measure functional correctness and security. Using three frontier LLMs with agentic capabilities (Claude 4 Sonnet, Kimi K2, and Gemini 2.5 Pro) under two representative scaffolds (\swea and \openhands), I show that coding agents frequently produce functionally correct but insecure patches: in the best-performing configuration, over 80\% of solutions that pass functional tests still fail security tests. 

This work builds on an ongoing research collaboration with a CMU AI lab. The benchmark design and core Python pipeline have been written up as a conference submission that is currently under public review. During the capstone period, I extended this prototype into a more robust and reusable evaluation toolkit by (i) integrating a Kimi-based coding agent, (ii) mining and adding new Java and C++ tasks and adapting the pipeline for multi-language support, (iii) hardening the execution and logging pipeline, and (iv) performing a detailed security-level analysis of agent-generated patches, including severity labeling and mitigation experiments. The resulting framework provides a practical basis for stress-testing “vibe coding” workflows and for integrating security-aware evaluation into real engineering processes.

Students: Kaixin Du, Zhicheng Sun

Faculty Mentor: Rushanan, Michael

Abstract: Modern medical devices increasingly rely on interconnected ecosystems spanning embedded hardware, machine-learning pipelines, mobile applications, and cloud services. While this convergence enables advanced sensing and real-time clinical insight, it also expands the attack surface in ways that challenge traditional security models and regulatory expectations. This paper presents MeDUSA, a reproducible, end-to-end cybersecurity framework designed to unify security-by-design implementation across the device lifecycle. MeDUSA integrates a hardened embedded subsystem, a cross-platform Flutter client, and a serverless AWS backend governed by explicit trust boundaries, deterministic access-control enforcement, and fully auditable data flows. We map each architectural decision to FDA premarket guidance, NIST security controls, and ISO/IEC standards, demonstrating how a modern medical-device workflow can be constructed with traceability, least privilege, and postmarket monitoring as first-class properties. Through functional validation and adversarial evaluation, we show that MeDUSA provides predictable security behavior under both normal and malformed conditions, forming a practical foundation for education, research, and future regulatory-aligned development of connected medical devices.

Students: Dibyajyoti Nath, Ramit Saraswat

Faculty Mentor: Rushanan, Michael

Abstract: The rapid integration of embedded systems, software applications, cloud services, and machine learning into modern medical devices has significantly increased the exposure and complexity of potential cybersecurity attacks, creating critical challenges for ensuring patient safety and regulatory compliance. Despite guidance from the FDA, NIST, ISO, and other regulatory bodies, medical device cybersecurity practice remains fragmented, with limited reproducible references for education, research, and secure-by-design development. MeDUSA (Medical Device Universal Security Alignment), is an open-source, secure-by-design reference platform that operationalizes modern cybersecurity and regulatory expectations within a fully implemented device-to-cloud system. MeDUSA integrates a deterministic and hardened Buildroot-based operating system, secure BLE provisioning, authenticated MQTT/TLS telemetry, and a defense-in-depth AWS cloud backend. The platform also includes a machine learning component along with regulatory artifacts, including threat models, SBOMs, risk analyses, and penetration-testing documentation aligned with FDA Premarket Cybersecurity Guidance and NIST SP 800-53. MeDUSA provides a reproducible, standards-aligned platform for education, research, and prototyping of secure medical technologies.

Students: Jiarou Deng, Yang Yang

Faculty Mentor: Rushanan, Michael

Abstract: Recent regulatory initiatives require medical device manufacturers to produce and maintain Software Bills of Materials (SBOMs) to enhance visibility into the software supply chain and associated vulnerability risks. However, public release of SBOMs introduces a new attack surface by exposing component-level information that adversaries can exploit. Our prior work demonstrates that even de-identified SBOMs can be paired with public vulnerability databases and large language models (LLMs) to generate functional attack blueprints, reducing adversarial effort and successfully exploiting 77.8% of known vulnerabilities in a controlled environment. This transparency vs. exposure dilemma motivates the need for privacy-preserving validation mechanisms. We propose a Zero-Knowledge Proof (ZKP) framework that enables stakeholders to verify SBOM properties, such as the absence of critical vulnerabilities, without disclosing sensitive supply chain details.

Students: Hannah Ohm, Yi Li

Faculty Mentor: Rye, Erik

Abstract: Wi-Fi Positioning Systems (WPSes) provide geographic location services when GPS is not helpful or available, and rely on large databases that map Wi-Fi access point IDs (BSSIDs) to geographic locations, passively collected from end-users’ machines. Although successful, previous work has revealed that WPS deployments can even inadvertently leak sensitive location information or even large-scale tracking, making the privacy and security issues very severe. In our project, we compare Google’s geolocation API and Apple’s iOS WPS to get a better understanding of its functionality and impact. Our experiments explore four aspects of system behaviour: how the databases are built, how duplicate BSSIDs are handled, the physical distance of the addresses to be probed and the Wi-Fi channels being returned. Using a Raspberry Pi, we performed controlled experiments and probed each API, in turn, and extracted quantities with which we could evaluate each one. By comparing these results, we also look for common weaknesses, vendor weaknesses, and broader forensic insights about the role of WPS in today’s world.

Students: Simone Green, Abby Nelson, Aimee Liang

Faculty Mentor: Watkins, Lanier

Research Assistant: Zimo (Gloria) Zhang (MSSI Student)

Abstract: The rapid growth of network traffic and increasing sophistication of cyber threats have created a need for anomaly detection systems that are both scalable and adaptive. While prior research proposed many individual techniques and advanced algorithms for anomaly detection, these efforts often focus on theoretical models rather than integrated pipelines. As a result, existing approaches lack the interactive capabilities needed to support real-world intelligence workflows, limiting their ability to keep pace with operational data volumes and analytic demands. Meanwhile, recent advances in GPU-accelerated analytics and large language models offer new opportunities for systems that combine adaptive detection with practical analysts’ usability.

We present ADaS 2.0, a GPU-accelerated, LLM-enabled extension of the Autonomous Data Scientist framework that integrates anomaly detection, actionable insights, and natural-language interaction within a single system. ADaS 2.0 introduces (i) a GPU-enabled backend that accelerates data preprocessing, feature selection, and clustering through the RAPIDS AI framework; (ii) an intent-parsing layer that converts free-text queries into validated analytic actions using structured schemas; and (iii) a conversational frontend designed for accessible, human-centered anomaly exploration. Together, these components form an integrated pipeline that reduces computation time, enhances interpretability, and lowers the technical barriers of data-driven cybersecurity analysis. 

Students: Seonuk Kim, Harsh Bhaskar, Stephen Guzzarlapudi

Faculty Mentor: Watkins, Lanier

External Mentors: Ahmed Abdo (JHU/APL), Ilya Sabnani (JHU/APL)

Abstract: This project develops a lightweight data platform to improve V2X security and resilience in vehicular fog computing (VFC) environments, and we demonstrate that the proposed platform is optimized for fog computing settings. We also demonstrate a novel approach to V2X cybersecurity by applying autonomous cybersecurity principles consisting of micro-intrusion detection systems (IDSs) and an aggregator for better explainability and autonomy. To our knowledge, this approach has not been applied to V2X settings before. Finally, this project applies the autonomous cybersecurity approach using our proposed data platform to detect and filter out malicious Basic Safety Messages (BSMs) during a protocol-compliant BSM flooding and fabricated data attack.