Sorry, you need to enable JavaScript to visit this website.

Research

Research Areas

Researchers in the Center are working in the following areas.

Cyber Analytics: Applying Machine Learning to Security and Privacy

Dan Krutz
Self-adaptive systems, decision-support systems, and computing education
Andy Meneely
Empirical software engineering using machine learning and data mining, software security, collaborative software development, metrics and measurement
Mehdi Mirakhorli
Machine learning and data mining applied to software architecture analysis, software security, compliance and verification, and source code comprehension.
Yin Pan
Adversarial machine learning in image recognition and in intelligent malware detection using memory forensics, solid-state drive forensics challenges
Leon Reznik
Security and data quality evaluation; Intelligent systems and sensor networks design, machine learning and neural networks techniques, Big Data analysis
Matt Wright
Adversarial machine learning as applied to traffic analysis, Deepfake detection and generation, and image manipulation.
Jay Yang
Machine learning, attack modeling, and simulation systems to provide predictive analysis of cyber attacks, enabling anticipatory or proactive cyber defense.

Security and Privacy in Distributed Systems

H.B. Acharya
Routers, middleboxes such as firewalls, and SDN flow tables; Censorship on the Internet
Peizhao Hu
Blockchain, mobile and pervasive computing, SDN, and wireless mesh and opportunistic networks
Tijay Chung
Measurement for Internet security and privacy, IoT security, DNS security, PKI
Minseok Kwon
Packet forwarding, SDN, Container networking, Datacenter networks, Network security, Filter technologies, Distributed systems, and IoT
Sumita Mishra
Critical infrastructure protection, including smart grid security and privacy, communications in the future electric grid, anonymity, and resilience metrics
Tom Oh
Vehicular Area Networks, Data Acquisition and Analytics, Mobile Device Security, Internet of Things (IoT) Security, Sensor Networks and Assistive Technology (Smart Cane)
Hanif Rahbari
PHY-layer security and frame preamble design; Wireless transmission obfuscation; IoT device authentication; Trusted vehicle-to-vehicle (V2V) communications.
Matthew Wright
Adversarial machine learning; Anonymity on the Internet (mainly Tor) and traffic analysis; Usable security and privacy (e.g. phishing, passwords)
Jay Yang
Machine learning, attack modeling, and simulation systems to provide predictive analysis of cyber attacks, enabling anticipatory or proactive cyber defense.

Cryptography and Trusted Hardware

Peizhao Hu
Privacy-preserving cloud data analytics, specifically homomorphic encryption and multiparty computations; Blockchain
Marcin Lukowiak
Cryptographic engineering, Secure communication technologies, Reconfigurable computing, High performance computing, Hardware-software systems
Sumita Mishra
Critical Infrastructure Protection; Smart grid security and privacy; Anonymous communications; Resilience Metrics
Ziming Zhao
Hardware-assisted security, cache-based covert channels, system security, and software security with applications to IoT and Automotive systems.

Cybersecurity Education

Daryl Johnson
Security competitions for education, covert communications, IoT/SCADA security
Dan Krutz
Teaching secure software development, outreach to women/girls in cybersecurity
Sumita Mishra
Gamification in cybersecurity education, critical infrastructure, graduate education
Yin Pan
Gamification in cybersecurity education, PhD training and education, information security audits
Bill Stackpole
Security competitions for education, penetration testing
Leonid Reznik
Data quality and security, automated quiz generation
Carlos Rivero
Computer-aided program comprehension, instructor analytics, K-12 outreach
Stacey Watson
Gamification in cybersecurity education, secure programming education
Bo Yuan
CyberCorps Scholarships for Service (SFS); Department Chair of Computing Security; cyber analytics

Deployment and Usability of Security

Rob Olson
Penetration testing, web and mobile application security, and privacy
Victor Pirotti
Social ties among companies, qualitative market research, applications to security technology
Esa Rantenen
Human factors in complex and dynamic systems, mental workload, and human error and reliability
Stacey Watson
User-introduced vulnerabilities, security data visualization, platforms for security evaluation and testing
Matt Wright
Phishing and clickbait in social media, deception, password alternatives
Jay Yang
Modeling attackers to provide predictive analysis of cyber attacks, deployment of predictive analytics
Ziming Zhao
Telephone scams, user deception, vulnerabilities in graphical password alternatives

Research Projects

The Center has been funded on a number of research proejcts from NSF, DARPA, ONR, industry partners, foundations, and more. Recent projects include:

SIRA: Socio-Technical Approaches to Cybersecurity
  • Sponsor: RIT
  • Amount: $2,100,000
  • Period: June 2016 to May 2021

This project provides the initial funding to launch the Center and for six interdisciplinary seed projects.

PI's:
Matthew Wright
Defending Against Website Fingerprinting in Tor
  • Sponsor: NSF SaTC
  • Amount: $500,000 ($150,000 RIT share)
  • Period: Sep. 2016 to Aug. 2019

In this transitions to practice (TTP) project, RIT will work with the Tor Project to implement a new defense against traffic analysis attacks in the Tor system.

PI's:
Matthew Wright
NSF SFS: Preparing Crosscutting Cybersecurity Scholars
  • Sponsor: NSF
  • Amount: $3,549,663
  • Period: Jan. 2015-Dec. 2019

This project seeks to establish a new CyberCorps®: Scholarship for Service (SFS) program at the Rochester Institute of Technology (RIT) to prepare highly-qualified Cybersecurity professionals for entry into the federal, state, local, and tribal government workforce.

PI's:
Rajendra K. Raj
Andy Meneely
Examining Industrial Control and IoT Devices

Sponsor: Eaton Corporation

Amount: $142,325

Period: Sept 2018 to Aug 2019

The goal of this project is to provide a cybersecurity assessment of industrial control and loT devices.

PI's:
Justin Pelletier
SaTC-EAGER: A Criminology-Based Simulation of Dynamic Adversarial Behavior in Cyberattacks

Sponsor: NSF SaTC

Amount: $149,611.00

Period: Sept 2017 to Aug 2019

Cybersecurity can use anticipatory or proactive defense measures based on adversarial behavior and decision making, which are currently downplayed in existing technical research. Imagine a criminological theory that captures the dynamics of cyber crime and a corresponding simulator to generate attack scenarios that adapts to ever changing and diverse cyber vulnerabilities, defense, and adversary tactics. This collaborative project between RIT (PI Yang) and Temple University (PI Rege) aims at developing and evaluating an integrated Dynamic Routine Activities Theory (DRAT) aided by Monte-Carlo simulation so as to understand adversarial attack trajectories impacted by the various intrinsic and extrinsic factors.

 

PI's:
Shanchieh Yang
Cyber Attack Forecasting using Nonconventional Data

Sponsor: USAF/Leidos, Inc.

Amount: $499,479.00

Period: Aug 2016 to March 2019

The project aims at developing and testing new automated methods that forecast cyber-attacks before they happen using unconventional sensors and signals. The unconventional sensors leverage data not typically used in practice today for cybersecurity (at least not in the way the data was originally intended), and may not be directly related to the potential victims or exploits used of the forecasted attacks. PI Yang and Co-PI McConky from RIT is part of a multidisciplinary industry-academia team to research, develop, integrate and test a prototype solution with cyber attack forecast models and algorithms.

 

PI's:
Shanchieh Yang
Security and Vulnerability Pentesting

Sponsor: VisualDx

Amount: $11,292.00

Period: June 2018-July 2018

SAFE lab will evaluate the extent to which a malicious agent could compromise VisaulDX customer data throught it's website.

PI's:
Rob Olson
DoD IASP Scholarship

Sponsor: Department of Defense

Amount: $100,202

Period: Aug 2018- Aug 2019

This scholarship is provided to a undergraduate students via Information Assurance Scholarship Program sponsored by the Department of Defense.

PI's:
Examining Human Dimensions of Secure Coding

Sponsor: DARPA/Secure Decisions

Amount: $48,500.00

Period: Oct 2017 to July 2018

Vulnerable software affords external attackers an easy way of gaining access to critical DoD and commercial systems. The significant number of weaknesses (both quality and security) per application provides camouflage for insider threats to insert vulnerabilities without drawing attention. Current automated tools for detecting security-related weaknesses in source code suffer from both false negatives and false positives: for example, they fail to find all types of vulnerabilities (false negatives) and produce thousands of unactionable findings (false positives). Sifting through the findings of source code analyzers in search of true positives is time-consuming and is most efficient when guided by heuristics that prioritize where to search first. While manual code reviews can find weaknesses that the automated tools miss,1 manual reviews are resource-intensive and need to be targeted to the code that is likely to contain significant quality and security issues.

PI's:
Andy Meneely
Software Vulnerability Analysis Patterns

Sponsor: NSF/Ball State University

Amount: $160,000.00

Period: July 2017 to July 2019

Software defect data has long been used to drive improvement of the software development process. Knowledge of how security defects, which are referred to as vulnerabilities, are discovered and resolved can be used to guide development of more accurate software assurance tools. In the security community there have been two approaches in utilizing this knowledge. Several researchers have used this knowledge and developed a number of different techniques such as fuzzing, static and dynamic code verifiers to verify if code contains security vulnerabilities. Another group of researchers have attempted to use this knowledge, extract metrics and leverage data mining and statistical techniques to perform vulnerability analysis. In this proposal, we empirically compare and validate each of these techniques.

PI's:
Mehdi Mirakhorli
Data quality and security evaluation framework for mobile devices platform

Sponsor: NSF

Amount: $200,042.00

Period: Sept 2016 to Aug 2019

The project builds a proof-of-the-concept design, which will be used to develop, verify and promote a comprehensive methodology for data quality and cybersecurity (DQS) evaluation focusing on an integration of cybersecurity with other diverse metrics reflecting DQS, such as accuracy, reliability, timeliness, and safety into a single methodological and technological framework. The framework will include generic data structures and algorithms covering DQS evaluation. While the developed evaluation techniques will cover a wide range of data sources from cloud based data systems to embedded sensors, the framework's implementation will concentrate on using an ordinary user's owned mobile devices and Android based smartphones in particular. Its operation will be based on incorporating data and process provenance schemes along with the methods evaluating data and system accuracy, reliability and trustworthiness. Graph and game theories, machine learning, information and control theory, probability and fuzzy logic techniques will be employed.

PI's:
Leonid Reznik
Automating Attack Strategy Recognition to Enhance Cyber Threat Prediction

Sponsor: NSF

Amount: $645,860.00

Period: Oct 2015 to Sept 2019

The Transition to Practice (TTP) option of the proposed Attack Strategy Synthesis and Ensemble Predictions of Threats (ASSERT) project will include software prototype development, deployment of ASSERT to test networks, and evaluation via a four-phase plan. The goal of this proposed optional effort is to demonstrate a robust use of ASSERT in real- world environments. In fact, the four-phase plan is to incrementally enhance the prototype in its ability to recognize attack strategies. The TTP option overlaps with the main Sa TC proposal in the last two years, and will begin with the algorithmic implementation of the semi-supervised learning framework and continue incorporating additional features and the ensemble prediction capability as they are developed.

PI's:
Shanchieh Yang
Developing Experiential Laboratories for Computing Accessibility Education

Sponsor: NSF

Amount: $299,994

Period: Oct 2018 to Sept 2021

Our collaborative effort with the National Technical Institute for the Deaf (NTID) will address the shortage of accessible software. We will develop a set of accessibility educational activities referred to as Accessibility Learning Labs (ALL), designed to educate and create awareness of accessibility needs for developers.

 

PI's:
Daniel Krutz
Characterizing Architectural Vulnerbilities

Sponsor: NSF

Amount: $439,135.00

Period: Oct 2018 to Sept 2021

 This project takes an empirical approach to study and characterize architectural vulnerabilities. In this project we identify the root causes of architectural vulnerabilities and their impact on software security, privacy and trustworthiness.

PI's:
Mehdi Mirakhorli
Adversarial ML in Traffic Analysis

Sponsor: NSF

Amount: $500,000

Period: Aug 2018 to July 2021

The goal of this project is to explore the new landscape of WF attacks and defenses in light of our recent findings with deep learning. A key aspect of the work is that we will leverage and build upon recent advances in adversarial machine learning and be the first to apply these new findings to the context of traffic analysis.

PI's:
Matthew Wright
Contructing a Community-WideSoftware Architecture Infrastructure

Sponsor: NSF

Amount: $374,238

Period: Sept 2018 to Aug 2021

The goal of this project is to develop the Software Architecture INstrument (SAIN), a first-of-its-kind integration framework for assembling architecture-related techniques and tools with the goal of enabling empirical research in this domain.

PI's:
Mehdi Mirakhorli
Security and vulnerability pentesting

Sponsor: Canandaigua City School District

Amount: $7,717

Period: July 2018 to Aug 2018

SAFE Lab will conduct a penetration test against Canandaigua Public Schools' network environment

PI's:
Rob Olson
Security Lablet: Impact through Research, Scientific Methods, and Community Development

Sponsor: NSA/NCSU

Amount: $68,679

Period: April 2018 to Sept 2022

This project will be growing the science of cybersecurity by developing metrics to predict vulnerabilities.

PI's:
Andy Meneely
GenCyber @ RIT: Secure Web and Mobile Computing

Sponsor: NSA

Amount: $130,908

Period; May 2018 to May 2019

This project calls for GenCyber camps on the RIT campus in the summer of 2018 to address the national need of skilled cybersecurity professionals.

PI's:
Rajendra Raj