Physical Sciences and Mathematics Commons^™

Adding Differential Privacy In An Open Board Discussion Board System, Pragya Rana

Master's Projects

This project implements a privacy system for statistics generated by the Yioop search and discussion board system. Statistical data for such a system consists of various counts, sums, and averages that might be displayed for groups, threads, etc. When statistical data is made publicly available, there is no guarantee of preserving the privacy of an individual. Ideally, any data extracted should not reveal any sensitive information about an individual. In order to help achieve this, we implemented a Differential Privacy mechanism for Yioop. Differential privacy preserves privacy up to some controllable parameters of the number of items or individuals being …

Policy-Agnostic Programming On The Client-Side, Kushal Palesha

Master's Projects

Browser security has become a major concern especially due to web pages becoming more complex. These web applications handle a lot of information, including sensitive data that may be vulnerable to attacks like data exfiltration, cross-site scripting (XSS), etc. Most modern browsers have security mechanisms in place to prevent such attacks but they still fall short in preventing more advanced attacks like evolved variants of data exfiltration. Moreover, there is no standard that is followed to implement security into the browser.

A lot of research has been done in the field of information flow security that could prove to be …

Dynamic Information Flow Analysis In Ruby, Vigneshwari Chandrasekaran

Master's Projects

With the rapid increase in usage of the internet and online applications, there is a huge demand for applications to handle data privacy and integrity. Applications are already complex with business logic; adding the data safety logic would make them more complicated. The more complex the code becomes, the more possibilities it opens for security-critical bugs. To solve this conundrum, we can push this data safety handling feature to the language level rather than the application level. With a secure language, developers can write their application without having to worry about data security.

This project introduces dynamic information flow analysis …

Black Box Analysis Of Android Malware Detectors, Guruswamy Nellaivadivelu

Master's Projects

Code obfuscation can make it challenging to detect malware in Android devices. Malware writers obfuscate the code of their programs by employing various techniques that attempt to hide the true purpose of the program. Malware detectors can use a number of features to classify a program as a malware. If the malware detector uses a feature that is obfuscated, then the malware detector will likely fail to classify the malware as malicious software. In this research, we obfuscate selected features of known malware and determine whether the malware can still be detected by a given detector. Using this approach, we …

Transcriptase–Light: A Polymorphic Virus Construction Kit, Saurabh Borwankar

Master's Projects

Many websites use JavaScript to display dynamic and interactive content. Hence, attackers are developing JavaScript–based malware. In this paper, we focus on Transcriptase JavaScript malware.

The high–level and dynamic nature of the JavaScript language helps malware writers to create polymorphic and metamorphic malware using obfuscation techniques. These types of malware change their internal structure on each infection, making them difficult to detect with traditional methods. These types of malware can be detected using machine learning methods.

This project creates Transcriptase–Light, a new polymorphic construction kit. We perform an experiment with the Transcriptase–Light against a hidden Markov model. Our experiment shows …

Masquerade Detection On Mobile Devices, Swathi Nambiar Kadala Manikoth

Master's Projects

A masquerade is an attack where the attacker avoids detection by impersonating an authorized user of a system. In this research we consider the problem of masquerade detection on mobile devices. Our goal is to improve on previous work by considering more features and a wide variety of machine learning techniques. Our approach consists of verifying the authenticity of users based on individual features and combinations of features for all users to determine which features contribute the most to masquerade detection. Also, we determine which of the two approaches - the combination of features or using individual features has performed …

Implementing Dynamic Coarse & Fine Grained Taint Analysis For Rhino Javascript, Tejas Saoji

Master's Projects

Web application systems today are at great risk from attackers. They use methods like cross-site scripting, SQL injection, and format string attacks to exploit vulnerabilities in an application. Standard techniques like static analysis, code audits seem to be inadequate in successfully combating attacks like these. Both the techniques point out the vulnerabilities before an application is run. However, static analysis may result in a higher rate of false positives, and code audits are time-consuming and costly. Hence, there is a need for reliable detection mechanisms.

Dynamic taint analysis offers an alternate solution — it marks the incoming data from the …

Malware Scores Based On Image Processing, Vikash Raja Samuel Selvin

Master's Projects

Malware analysis can be based on static or dynamic analysis. Static analysis includes signature-based detection and other forms of analysis rely only on features that can be extracted without code execution or emulation. In contrast, dynamic analysis depends on features extracted at runtime (or via emulation) such as API calls, patterns of memory access, and so on. Dynamic analysis can be more informative and is generally more robust, but static analysis is typically more efficient. In this research, we implement, test, and analyze malware scores based on image processing. Previous work has shown that useful malware scores can be obtained …

Analysis Of Periodicity In Botnets, Prathiba Nagarajan

Master's Projects

A botnet consists of a network of infected computers which are controlled re- motely via a command and control (C&C) server. A typical botnet requires frequent communication between the C&C server and the infected nodes. Previous approaches to detecting botnets have employed various machine learning techniques, based on features extracted from network tra c. In this research, we carefully analyze the pe- riodicity of tra c as a means for detecting a variety of botnets by applying machine learning to publicly available datasets.

Image Spam Detection, Aneri Chavda

Master's Projects

Email is one of the most common forms of digital communication. Spam can be de ned as unsolicited bulk email, while image spam includes spam text embedded inside images. Image spam is used by spammers so as to evade text-based spam lters and hence it poses a threat to email based communication. In this research, we analyze image spam detection methods based on various combinations of image processing and machine learning techniques.

Malware Detection Using The Index Of Coincidence, Bhavna Gurnani

Master's Projects

In this research, we apply the Index of Coincidence (IC) to problems in malware analysis. The IC, which is often used in cryptanalysis of classic ciphers, is a technique for measuring the repeat rate in a string of symbols. A score based on the IC is applied to a variety of challenging malware families. We nd that this relatively simple IC score performs surprisingly well, with superior results in comparison to various machine learning based scores, at least in some cases.

Human-Centered Authentication Guidelines, Jeremiah Still, Ashley Cain, David Schuster

Faculty Publications

PurposeDespite the widespread use of authentication schemes and the rapid emergence of novel authentication schemes, a general set of domain-specific guidelines has not yet been developed. This paper aims to present and explain a list of human-centered guidelines for developing usable authentication schemes.Design/methodology/approachThe guidelines stem from research findings within the fields of psychology, human–computer interaction and information/computer science.FindingsInstead of viewing users as the inevitable weak point in the authentication process, this study proposes that authentication interfaces be designed to take advantage of users’ natural abilities. This approach requires that one understands how interactions with authentication interfaces can be improved and …