.jpg)
This project focuses on indentifying novel cyber attacks and root cause analysis of threat actors. We are solving Advanced and Persistent Threat (APT) detection as a graph analysis problem using Graph Neural Network (GNN) because of it’s impressive performance.
Insider threat is one of the most damaging threat in enterprise network where a legitimate personnel of an organization uses his/her authorized access in a way that affects the confidentiality, integrity, or availability of information or service. Unintentional or deliberate actions of an enterprise employee can cause insider attack which costs on average $11.45 per threat incident. The frequency of insider threat spiked by 47% in last two years where near about 63% incidents occurs because of employee negligence. According to a report, it takes on average 77 days to detect such threat actors. It is very challenging to detect (un)intentional threat actors analysing the host monitoring data. Therefore, in this research project we are focusing on developing novel Artificial Intelligence (AI) models leveraging deep learning algorithms to push the boundary of insider threat detection strategies. We are incorporating Human Factor (HF) in Cyber behavior analysis to fascilitate extensive analysis of insider threat behavior.
Published in Optical Engineering, 2016
We report on a polymer-based porous-core photonic crystal fiber for simultaneous high-birefringent and low-loss propagation of narrowband terahertz (THz) electromagnetic waves. The high birefringence is induced by using rotated elliptical air holes inside the porous-core. The fiber is numerically analyzed with an efficient finite-element method. The simulation results exhibit an extremely high birefringence of ∼0.042 and a very low effective material loss of ∼0.07 cm−1 at an operating frequency of 1 THz. Moreover, we have found an optimal rotation angle (θ)=n30 deg (n is an odd integer). Other modal features of the fiber, such as confinement loss, power fraction, effective area, bending loss, and dispersion, also have been analyzed. We anticipate that the proposed fiber would be suitable in polarization maintaining THz wave guidance applications.
Download here
Published in Sandia National Lab.(SNL-NM), Albuquerque, NM (United States), 2019
The cybersecurity research community has focused primarily on the analysis and automation of intrusion detection systems by examining network traffic behaviors. Expanding on this expertise, advanced cyber defense analysis is turning to host-based data to use in research and development to produce the next generation network defense tools. The ability to perform deep packet inspection of network traffic is increasingly harder with most boundary network traffic moving to HTTPS. Additionally, network data alone does not provide a full picture of end-to-end activity. These are some of the reasons that necessitate looking at other data sources such as host data. We outline our investigation into the processing, formatting, and storing of the data along with the preliminary results from our exploratory data analysis. In writing this report, it is our goal to aid in guiding future research by providing foundational understanding for an area of cybersecurity that is rich with a variety of complex, categorical, and sparse data, with a strong human influence component. Including suggestions for guiding potential directions for future research.
Download here
Published in Information Systems Frontiers - Springer Journal, 1-17, 2020
Ransomware is a self-propagating malware encrypting file systems of the compromised computers to extort victims for financial gains. Hundreds of schools, hospitals, and local government municipalities have been disrupted by ransomware that already caused 12.1 days of system downtime on average (Siegel 2019). This study aims at developing a deep learning-based detector DeepRan for ransomware early detection and classification to prevent network-wide data encryption. DeepRan applies an attention-based bi-directional Long Short Term Memory (BiLSTM) with a fully connected (FC) layer to model normalcy of hosts in an operational enterprise system and detects abnormal activity from a large volume of ambient host logging data collected from bare metal servers.
Download here
Published in IEEE Internet of Things Journal, ( Volume: 8, Issue: 18, Sept.15, 15 2021), 2020
As increasingly more vehicles are connected to the Internet, cyber attacks against vehicles are becoming a real threat with devastating consequences. This highlights the importance of detecting vehicle cyber attacks before fatal accidents occur. One natural method for tackling this problem is to adapt existing approaches for detecting attacks in enterprize networks, but which has achieved limited success. In this article, we propose a new approach to treat vehicles as cyber–physical–human systems, leading to a novel framework called exploiting human, physical and driving behaviors to detect vehicle cyber attacks (ExHPD). The framework has four detectors: 1) a human detector; 2) a physical behavior-based detector; 3) a driving behavior-based detector (DBD); and 4) an integrated physical and DBD. As the proof of concept, we recruited 50 drivers to conduct institutional review board-approved simulation-based driving tests. The experimental results show that ExHPD is effective to detect vehicle cyber attacks and avoid deadly crashes by offering drivers adequate time to safely pull over their compromised vehicle. The impact of driver’s impulsiveness (one aspect of human factors) on the detectors’ effectiveness and limitations of the present study are discussed. Future research directions toward an ultimately usable solution are outlined.
Download here
Published:
Published:
Published:
Department of Electrical and Electronic Engineering, Bangladesh University
2015
Department of Electrical and Computer Engineering, The University of Texas at San Antonio
2018
Department of Electrical Engineering, New Mexico Tech
2022