CNS-1643207/CNS-1809000
EAGER: Collaborative: Towards Understanding the Attack Vector of Privacy Technologies
Funding Agency: National Science Foundation
Period of Performance: 09/2016-08/2019
Abstract and Scope
Advances in privacy-enhancing technologies, including cryptographic mechanisms, standardized security protocols, and infrastructure, significantly improved privacy and had a significant impact on society by protecting users. At the same time, the success of such infrastructure has attracted abuse from illegal activities, including sophisticated botnets and ransomware, and has become a marketplace for drugs and contraband; botnets rose to be a major tool for cybercrime and their developers proved to be highly resourceful. It is contended that the next waves of botnets will extensively attempt to subvert privacy infrastructure and cryptographic mechanisms, which has the potential of both undermining their legal basis and future performance. This project will develop the theoretical and experimental foundations for analyzing, monitoring and mitigating the next generation of botnets that subvert privacy-enhancing technologies. Towards that goal, the project will develop tools for: 1) Analytical framework: the project develops a concrete strategy for approaching the detection, characterization, and mitigation of abuse of privacy infrastructure by crystallizing an analytical framework for reasoning about such botnets. This includes the identification and formalization of their key properties (e.g., traceback and tomography resiliency, stealthy monetization), enabling mechanisms (e.g., IP address de-coupling, control/data traffic indistinguishability), fundamental limitations, and evaluation metrics. The project will explore analogous scenarios of abuse in future Internet architectures where anonymity is facilitated by design. 2) Monitoring and analysis: the project develops an experimental framework to track activities of the next generation of botnets for scalable and effective mitigation. Such framework will exploit their ideal design and behavioral properties, and draws on various preliminary measurement results in related contexts. 3) Mitigation: The project has the ultimate goal of proactively developing an arsenal of mitigation techniques grounded in a sound theoretical foundation, analyzed within the theoretical framework, and evaluated within the experimental framework. The mitigation techniques span the gamut of increasing the cost of operating such botnets, to actively containing and neutralizing bots, to proposing modifications to the privacy-enhancing protocols. The results of this project will be communicated with the concerned communities for having a direct and immediate impact on existing and future privacy infrastructure. The project will also develop educational material to train students in the foundations and systems for enabling privacy enhancing technologies.
Personnel
The project provided training opportunities to several students, graduate and undergraduates, and results in multiple research publications in top research venues. The following provides a permanent record for the personnel (besides the PI) and associated publications. For any data related to the publications below, free to contact me (last_name=mohaisen@ucf.edu)Doctoral Students
Jeff Spaulding, PhD Candidate, CS
First Position: Tenure-track Asst. Prof. at Niagara University
Jeman Park, PhD Candidate, CS
First Job: Postdoctoral Research at Georgia Tech
Ulku Meteriz, PhD Student, CS
Started: Fall 2018
Afsah Anwar, PhD Candidate, CS
Started: Fall 2017
Ahmed Abusnaina, PhD Student, CS
Started: Fall 2018
Master's students
Mr. Amin Khormali.
M.Sc., CS, 2019
First Position: Ph.D. student at the University of Central Florida
Ms. S. Upadhyay.
M.Sc., CS, 2020
First Position: unknown
Ms. Priyanka Gona, M.Sc., CS, 2020
First Position: Amazon
Undergraduate students
Connor Austin,
B.Sc. (Flit-Path/RA; 2018--2019)
Topic: Malware analysis
Coty Tuggle,
B.Sc. (Flit-Path/RA; 2018-2019)
Topic: Web security
Key Publications
- PDF
Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks
Ahmed Abusnaina, Aminollah Khormali, Daehun Nyang, Murat Yuksel and Aziz Mohaisen The 2019 IEEE Conference on Dependable and Secure Computing (IEEE DSC 2019) - PDF
Adversarial Learning Attacks on Graph-based IoT Malware Detection Systems.
- PDF
Where Are You Taking Me? Behavioral Analysis of Open DNS Resolvers.
J. Park, A. Khormali, M. Mohaisen, A. Mohaisen.
IEEE International Conference on Dependable Systems and Networks (IEEE DSN 2019) - PDF
Analyzing and Detecting Emerging Internet of Things Malware: A Graph-based Approach
H. Alasmary, A. Khormali, A. Anwar, J. Park, J. Choi, A. Abusnaina, A. Awad, D. Nyang, A. Mohaisen IEEE Internet of Things Journal (IEEE IoT Journal 2019) - PDF
SSD-Insider: Internal Defense of Solid-State Drive against Ransomware with Perfect Data Recovery.
S. Baek, Y. Jung, A. Mohaisen, S. Lee and D. Nyang.
IEEE International Conference on Distributed Computing Systems (IEEE ICDCS 2018) - PDF
Delving Into Internet DDoS Attacks by Botnets: Characterization and Analysis
A. Wang, W. Chang, S. Chen, and A. Mohaisen
IEEE/ACM Transactions on Networking (IEEE/ACM TNET 2018) - PDF
QOI: Assessing Participation in Threat Information Sharing.
J. Park, H. Alasmary, O. Al-Ibrahim, C. Kamhoua, K. Kwiat, L. Njilla, A. Mohaisen.
IEEE International Conference on Acoustics, Speech, and Signal Processing (IEEE ICASSP 2018). - PDF
ABC: Enabling Smartphone Authentication with Built-in Camera.
Z. Ba, S. Piao, X. Fu, D. Koutsonikolas, A. Mohaisen, K. Ren:
ISOC Network and Distributed System Security Symposium (ISOC NDSS 2018) - PDF
Timing is Almost Everything: Realistic Evaluation of the Very Short Intermittent DDoS Attacks.
J. Park, D. Nyang, and A. Mohaisen.
IEEE Annual Conference on Privacy, Security and Trust (IEEE PST 2018) - PDF
Understanding Adversarial Strategies from Bot Recruitment to Scheduling
W. Chang, A. Mohaisen, A. Wang and S. Chen:
International Conference on Security and Privacy in Communication Networks (SECURECOMM 2017) - PDF
Proactive detection of command and control domains in internet of things‐scale botnets using DRIFT
J. Spaulding, J. Park, J. Kim, D. Nyang, A. Mohaisen
Transactions on Emerging Telecommunications Technologies (ETT 2018).
Key Outreach Activities
- [06/08/2018] SEAL hosted 80 high school students for a security summer camp with material on malware attacks, and IoT security.