Enhancing Malware Analysis and Detection Using Adversarial Machine Learning Techniques

In the realm of modern technology, malware has become a paramount concern. Defined as any software designed with malicious intent, malware manifests in numerous types that infect computer systems and devices. As of 2023, executable files account for 53% of computer viruses\u27 spread. Compounded by the emergence of AI and polymorphic malware, attackers have intensified their efforts to obfuscate malicious code, rendering traditional defenses, such as signature-based detection systems, ineffective. To counter the evolving nature of modern malware, the adoption of machine learning (ML) models for detection has gained prominence. These models are able to continuously analyze memory and other data, identifying new patterns and features that aid in uncovering previously hidden malware variants. While ML-based detection systems demonstrate commendable performance, they still have vulnerabilities that necessitate further exploration. In this research proposal, we aim to address the aforementioned gaps and challenges by developing novel techniques to robustify ML-based malware detection systems. Specifically, we will focus on designing a testing framework that utilizes adversarial machine learning to generate AEs as variants of known modern malware datasets. These AEs will simulate real-world attack strategies, thereby enabling researchers to continuously update detection systems and enhance their resilience against emerging threats. Additionally, we will explore the development of comprehensive evaluation methods that incorporate robustness as a central metric to gauge the effectiveness of ML-based detection systems

Integrity Coded Databases (ICDB) - An Evaluation of Efficiency, Performance, and Practicality

Recently, cloud database storage has become an inexpensive and convenient option to store information; however, this relatively new area of service can be vulnerable to security breaches. Storing data in a foreign location requires the owner to relinquish control of their information. This opens the possibility for internal, malicious attacks that can involve the manipulation, omission, or addition of data. Our research tests a potential solution for retaining data as it was intended to be stored (known as integrity) in these cloud-stored databases: by converting the original databases to Integrity-Coded Databases (ICDB). ICDBs utilize Integrity Codes: cryptographic codes created for the data by a private key that only the data owner has access to. When the database is queried, an integrity code is returned along with the queried information. The owner is able to verify that the information is correct, complete, and fresh. Consequently, ICDBs also incur performance and memory penalties. In our research, we explore, test, and benchmark ICDBs to determine the costs and benefits of maintaining an ICDB versus a standard database

Analysis on the Security and Use of Password Managers

Cybersecurity has become one of the largest growing fields in computer science and the technology industry. According to CNBC, the global economy lost over 450 billion dollars due to faulty security. Oftentimes, the pitfall in such financial loss is due to the security of passwords. Companies and regular people alike do not do enough to enforce strict password guidelines like the NIST (National Institute of Standard Technology) recommends; so when big security breaches happen, thousands to millions of passwords can be exposed and stored into files, meaning people are susceptible to brute-force attacks In this paper we will be going over three open-source password managers, each chosen for their own uniqueness. Our results will conclude on the overall security of each password manager using a list of established attacks and development of new potential attacks on such software. Additionally, we will show the results of a survey to give us a closer look as to why such software is not so popular; and we will compare our research with the limited research already conducted on password managers in the literature; and finally we will provide some general guidelines of how to develop a better and more secure password manager

Developing AI/ML for Online Age Verification

Most online age verification tools require users to simply hit “yes” or “no” indicating they are above the specific age that an age-gated site might need, allowing users an easy out if they are not the required age. Some age-gated sites require users to prove their age with government-issued records which is a very invasive way to validate a user\u27s age. We want to create a tool using AI and machine learning that will allow all users to confirm their age in a simple, non-invasive way. This research is important because it will prevent minors from having inappropriate internet access and allow vendors to ensure their users are of age. To emphasize, our main goal in this research is to create a non-invasive, interactive, and accurate tool to identify a user’s age online

Privacy Preserving Location Based Service

Location-based services (LBSs) play a significant role in our lives, offering personalized experiences based on our location data. However, sharing this data raises valid privacy concerns. These concerns have been escalating in parallel with the widespread usage of the Internet and the World Wide Web. This research aims to design an effective privacy-preserving approach for LBS by utilizing Geohash-based data aggregation and secure multiparty computation (SMPC) protocols. Geohash allows higher-level data aggregation while preserving individual privacy by representing locations with unique character combinations. SMPC ensures secure communication, computation, and result sharing among parties, protecting sensitive information during joint computations. Yao\u27s garbled circuit stands out as a cryptographic technique that ensures SMPC. A custom-designed Garbled Circuit shall be used for substring matching for location data processing, adding an extra layer of privacy. The research addresses questions about cryptographic protocols and their real-world implications, aiming to advance privacy-preserving location-based services while offering seamless, personalized experiences to users

Semantic Hiding Databases: Cloud Encryption

Using cloud services, users are able to store information from one device and easily access the same data from a completely different device. Data stored on the cloud is usually secure from outside attack; however, it not secure against insider threats and can be viewed by anyone with access to the server, i.e. an employee of the cloud service. A Semantic Hiding Database (SHDB) is a cloud security strategy where data is selectively and strategically encrypted before it is stored in a cloud server, which renders the data unintelligible to both outside attackers and malicious insiders. The strategic encryption allows for queries to be run over the encrypted data on the server without decryption. Decryption keys are stored within the data owner’s organization and are never revealed to the server, meaning it cannot be decrypted by anyone besides the owner. This allows entities to store highly sensitive data on cloud services without the extra risk associated with cloud storage

Developing Accessible P2P Email Encryption Based on CLOW-GKA

Secure email encryption is increasingly fundamental to successful personal and corporate communication. This is especially true as perpetual technological innovation makes assuring the integrity and authenticity of data more challenging. However current information technology standards places little emphasis on email encryption. CLOW-GKA (Certificateless One Way Group Key Agreement Scheme) is a new P2P (Point to Point) encryption system that eliminates the need for third party verification. The cryptosystem draws from such other schemes as Phil Zimmerman’s PGP (Pretty Good Privacy), Shamir’s ID-PKC (Identity Based Public Key Cryptosystem), and Al-Riyami’s CL-PKC (Certificateless PKC). This project’s purpose is developing an accessible graphical user-interface (GUI) that implements CLOW-GKA. In particular, we focus on devising a GUI that is compatible with Gmail services, performs with comparable functionality, and offers better security

The Use of Integrity Coded Database (ICDB) to Prevent Data Tampering in Clouds

With the cloud becoming an ever cheaper, reliable and more efficient option, companies will be looking to abandon their costly infrastructure and move to an offsite storage system. The only remaining concern is data security. While many people have focused on the external threats, our research has focused on creating a database that cannot be tampered with. While the service provider hosting the cloud may be trustworthy it is impossible to know if every employee who has access to the database is. By converting the original database into an Integrity Coded Database (ICDB) all data have corresponding cryptographic codes generated by the user. Anyone other than the user, who alters the database will unable to generate this code. This allows for an automatic check if the data has been tampered with. This research will focus on the most efficient way to implement this in terms of size and speed

Completeness Integrity Protection for Outsourced Databases Using Semantic Fake Data

As cloud storage and computing gains popularity, data entrusted to the cloud has the potential to be exposed to more people and thus more vulnerable to attacks. It is important to develop mechanisms to protect data privacy and integrity so that clients can safely outsource their data to cloud. We present a method for ensuring data completeness which is one facet of the data integrity problem. Our approach is to convert a standard database to a Completeness Protected Database (CPDB) by injecting some semantic fake data and then outsource it to the cloud. These fake data are initially generated by a pseudo-random but deterministic function so that the data owner is able to regenerate the fake data and match them to fake data returned from a range query to check for completeness. The CPDB is innovative in the following ways: (1) fake data is randomly generated but is semantically indistinguishable from other existing data; (2) since fake data is generated by deterministic functions, data owners do not need to remember what fake data have been injected, instead they can re-generate fake data using the functions; (3) there is no costly cryptographic encryption/signature used in our scheme