Security and Privacy

As more of our world gets connected online, we face growing risk of malicious attacks that can steal our data and our money, spy on us through our devices, undermine our infrastructure, and even take over our cars and put us in physical danger. We seek methods for protecting security and privacy in settings like these, leveraging techniques ranging from advanced cryptography to machine learning to Internet measurement and beyond.

• Arthur Azevedo de Amorim
• Billy Brumley
• Lingwei Chen
• Daqing Hou
• Yidan Hu
• Nick LaLone
• Yinxi Liu
• Andy Meneely
• Sumita Mishra
• Tom Oh
• Yin Pan
• Hanif Rahbari
• Nidhi Rastogi
• Leon Reznik
• David Schwartz
• Ersin Uzun
• Matthew Wright
• Bo Yuan
• Derui Zhu

• Md Tanvirul Alam (advisor: Nidhi Rastogi)
• Palavi Vinod Bhole (advisor: Ersin Uzun)
• Dipkamal Bhusal (advisor: Nidhi Rastogi)
• Justin Cole (advisor: Nick LaLone)
• Charles Devlen (advisor: Daqing Hou)
• Chandradeep Dey (advisor: Arthur Azevedo de Amorin)
• Bryce Gernon (advisor: Matthew Wright)
• Duc Viet Hoang (advisor: Billy B. Brumley)
• Tanaya Krishna Jupalli (advisor: Nidhi Rastogi)
• Brandon Keller (advisor: Andy Meneely & Rajendra Raj & Bo Yuan)
• Dmitrii Korobeinikov (advisor: Leon Reznik)
• Luke Kurlandski (advisor: Yin Pan & Matthew Wright)
• Xinyi Liu (advisor: Yidan Hu)
• Gursimran Singh Lnu (advisor: H.B. Acharya)
• Hoang Chau Luong (advisor: Lingwei Chen)
• Deze Lyu (advisor: Hanif Rahbari)
• Nathanael James Mathews (advisor: Matthew Wright)
• Ahmed Najeeb (advisor: Billy Brumley)
• Maliha Noushin Raida (advisor: Daqing Hou)
• Ishmam Bin Rofi (advisor: Ersin Uzun)
• Shafizur Rahman Seeam (advisor: Yidan Hu)
• Shaikh Akib Shahriyar (advisor: Matthew Wright)
• Saniat Javid Sohrawardi (advisor: Matthew Wright)
• Jeremy Stratton-Smith (advisor: Arthur Azevedo de Amorim)
• Ahmad Daudu Suleiman (advisor: Daqing Hou)
• Dongyu Wu (advisor: Arthur Azevedo de Amorim)
• Yijing Wu (advisor: Matthew Wright)
• Raman Zatsarenko (advisor: Leon Reznik)
• Ye Zheng (advisor: Yidan Hu)

• Resilient Design [Mirakhorli]: Architecture-first approach is more increasingly becoming the mainstream development approach for addressing cyber resiliency concerns in mission-critical and software-intensive systems. In such an approach, resilience and security is built in the system from the ground up and starts with robust architecture design. Therefore, the weaknesses in the architecture of a software system can have a greater impact on the system’s ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources. Despite the importance of the architecture-first approach to enhancing and ensuring the resiliency of mission-critical systems, the state of the art and practice lack automated tools to help engineers and architects reason the resiliency of their architecture, verify the correctness of architectural decisions, and detect the design weaknesses. In this project, we work on the development of practical solutions for addressing the above challenges.
• Developing a lightweight privacy preserving framework for the Smart Grid [Mishra]: One of the impeding factors in the deployment of smart meters is the risk to consumer privacy. The functioning of the smart grid relies on the granular collection of smart metering data, which may reveal sensitive information related to consumer electricity usage. The objective of this research project is to develop a lightweight privacy preserving framework for smart metering data. We seek to develop this framework, without relying on trusted third parties.
• Designing a resilient malware detection system against adversarial machine learning attacks [Pan, Yuan]: Adversarial machine learning is an emerging area that attempts to subvert machine learning models to produce misclassifications. we are trying evolutionary algorithms to regenerate adversarial examples to attack deep-learning malware detection models.
• Detecting DeepFakes [Wright, Hickerson, Ptucha]: DeepFake videos like a fake presidential address could be used to undermine democracy and legitimate news. We are working with journalists to develop and deploy an AI-based tool to robustly detect DeepFakes and prevent their spread.
• Website Fingerprinting in Tor [Wright]: The Tor anonymity system is vulnerable to traffic analysis attacks like website fingerprinting, and our project explores attacks and defenses based on deep learning and adversarial machine learning.
• Dynamic Malware Detection System using Machine Learning Approaches for IoT Devices [Oh]: Internet of Things (IoT) is a term used to denote various appliances, low-level devices, and machines that have been connected to the Internet. In this project, we investigate security issues and solutions of IoT devices by examining different IoT protocols, services, devices, malware, and solutions. Several IoT devices and malware were selected from a particular application and evaluated for a security analysis. The results were used to propose a mitigation system for IoT devices. Our team is responsible for creating and developing the mitigation system using machine learning model approaches.
• Detecting Android Malware using Cloud based Solution [Oh]: This research focuses on mobile device malware detection, especially in Android. A research team was created to dedicate significant effort to create cloud-based Android malware mitigation system with a focus on detecting botnet malware. The system considers signature-based as well as behavior-based analysis methods. Multiple levels of data collection were taken into consideration to obtain better analysis results. Our team has developed new algorithms that were used in both signature-based and behavior based analysis efficiently and efficiently. We planned to expand the research to detect malware more efficiently and effectively using real-time-based data analytic approaches.
• Detection, Characterization, and Circumvention of Internet Censorship [Acharya]: The first focus of this research is to detect various forms of Internet Censorship: IP and URL blocking, DNS poisoning, and so on. We are interested in the policies as well as the mechanisms of censorship used by various countries. A question of particular interest is whether the censorship carried out by a country can affect its neighbors, as this is usually a violation of international law. Finally, we also study tools such as Decoy Routing, which aim to provide unblocked access to Internet users - particularly those who cannot otherwise access content censored by their ISP or government.
• Machine learning for efficient modulation obfuscation [Rahbari]: Modulation obfuscation in wireless communications aims at hiding the payload's modulation scheme (hence, its transmission rate); eventually enhancing user privacy. The performance of modulation obfuscation is susceptible to residual carrier frequency offset (CFO). We investigate efficient machine learning methods to solve the complex problem of CFO-aware modulation obfuscation.
• User anonymity without MAC address randomization [Rahbari]: Wi-Fi packets carry a MAC address in plaintext, which reveals the identity of the transmitter. In this project, we are investigating ways in which the frame preamble at the physical can convey a temporary transmitter identifier, allowing us to conceal the MAC address for better anonymity protection.
• Trust in emerging wireless systems and communications [Rahbari]: Establishing trust between devices in IoT networks and among vehicles in emerging connected vehicle communications needs to be both lightweight and scalable. We are investigating physical-layer techniques, e.g., device fingerprinting and signal watermarking, to facilitate lightweight authentication.
• Applied cryptography [Lukowiak, Radziszowski]: Our current research interests are in the applied cross-disciplinary area involving cryptographic engineering, secure communication technologies, reconfigurable computing, hardware and hardware-software systems, and high-performance computing.  In particular we have been involved in research to advance secure communication technologies in military and government domains, side channel attacks on cryptographic primitives, and most recently in hardware-software solutions that would support deployment of homomorphic encryption (HE) techniques in the cloud.
• CyberAMPS - Cyberattack Analytics, Modeling, Prediction, and Simulation [Yang]: CyberAMPS encompassses multiple projects and software prototypes, including CAPTURE, ASSERT, CASCADES, and SynGAN. ASSERT provides timely separation of intrusion alerts and empirically generated attack models to enhance cyber situation awareness. CASCADES integrates data-driven and theoretically grounded understanding of adversary behaviors to simulate synthetic cyber attack scenarios subject to a variety of network configurations. CAPTURE forecasts occurrences of future cyber attacks using a large number of seemingly irrelevant signals from the publicly accessible domains. SynGAN learns from moderate amount of intrusion logs to generate synthetic data that maintains critical and essential part of the joint feature distribution. In addition, an ongoing project aims at developing a unified front-end visual analytics to provide not only access to data consumed and generated by the aforementioned prototypes but also user interaction with the algorithmic processes that leads to a “trusted anticipatory intelligence” that will be essential to a much stronger cyber defense.

• Global Cybersecurity Institute's Collaborative Research Space [Acharya, Hu, Krutz, Meneely, Mirakhorli, Mishra, Nunes, Oh, Pan, Rahbari, Raj, Rastogi, Reznik, Rivero, Wright, Yang, Yuan, Zampieri]
• Wireless & lo T Security and Privacy lab (WISP) [Rahbari]: http://www.rit.edu/wisplab
• The Applied Cryptography and Information Security (ACIS) Research Laboratory  [Lukowiak, Radziszowski]
• Network and Information Processing (NetIP) Lab [Yang, Kwasinski]