Prevention, Detection and Response

Research Areas

• End System Security
• Network Security
• Assured Identity and Privacy
• Prevention, Detection and Response
• Policy, Law and Management
• Human Centric Security

Systems are attacked, and sometimes attacks succeed. This area of our expertise includes intrusion and misuse detection, integrity management issues, audit and logging analysis, sensor and alarm design, strike-back mechanisms, dynamic reconfiguration, honeypots and “jails”, cyberforensics, hacker profiling, deception and psychological operations, information warfare, cyberterrorism, criminal law and computer crime.

Precise Calling Context Encoding

Calling contexts are very important for a wide range of applications such as intrusion detection, event logging, profiling, and debugging. Most applications perform expensive stack walking to recover contexts. The resulting contexts are often explicitly represented as a sequence of call sites and hence bulky. We propose a technique to encode the current calling context of any point during an execution. In particular, an acyclic call path is encoded into one number through only integer additions. Recursive call paths are divided into acyclic subsequences and encoded independently. We leverage stack depth in a safe way to optimize encoding: if a calling context can be safely and uniquely identified by its stack depth, we do not perform encoding. We propose an algorithm to seamlessly fuse encoding and stack depth based identification. The algorithm is safe because different contexts are guaranteed to have different IDs. It also ensures contexts can be faithfully decoded. Our experiments show that our technique incurs negligible overhead (1.89% on average). For most medium-sized programs (<100k LOC), it can encode all contexts with just one number. For large programs, we are able to encode most calling contexts to a few numbers.

Virtual Law Enforcement Machine Network (VLEMN)

VLEMN is a project using virtual machines as tools for investigators. Investigators can conduct investigations and research from a secure remote non-government location on a virtual machine. The virtual environment provides an efficient means to conduct online activities.

Assessing the Relationship between Hacking and Various Personality Traits

Surveys indicate that there is an increasing risk of computer intrusion, computer crime and attacks on personal and business information. Computer criminality is a serious problem that affects individuals, businesses, and our nation’s security. The current study has four specific aims. First, we explore whether deviant computer behavior is part of a larger syndrome of deviance. Much research has shown that non-computer-related delinquent/criminal activities, substance use, and early/risky sexual behavior are typically seen in the same individuals and can be considered part of a larger syndrome of deviance. Second, we examine whether the personality profiles of those committing deviant computer behaviors are similar to the profiles obtained from those who engage in more general deviance. Several meta-analyses have demonstrated that interpersonal antagonism (i.e., lack of empathy, oppositionality, grandiosity, and selfishness) and problems with impulse control are the most consistent personality correlates of a variety of antisocial and deviant behavior. Our third aim is to examine a potentially unique correlate of deviant computer behavior—Asperger’s syndrome. Within the past decade, questions are emerging regarding the possibility of there being a link between computer criminality and a disorder known as Asperger syndrome. Finally, our fourth objective is to further validate certain psychometric instruments for use with the “hacker” sub-culture. This project is currently in the preliminary stages of data collection.

Categorization of Various Types of Online Pornography Users & Personality Assessments

Do individuals view, download, and share various types of Internet pornography and are different personality characteristics related to a person’s pornography preference? This research project gathered data from online respondents regarding their use of adult, animal, and child pornography as well as various personality characteristics. Data has been collected and is currently being analyzed.

Direct Commander

State and Local Law Enforcement Agencies cannot afford the small scale digital device forensic tools that exist, do not have adequate small scale digital device forensic tools, do not have a comprehensive knowledge of how the small scale digital device forensic tools work, and do not have a central repository for sharing their experiences about the small scale digital device forensic tools. To this end, and to fill this void, it is our objective to build a cost-effective forensic tool that acquires evidence from small scale digital devices; presents and explains the protocols and the specific commands used to acquire and interpret evidence as the evidence is acquired and interpreted; and report or export the evidence for further analysis. Additionally, development will include a central repository for the tools users to communicate specifically regarding the use, success, and education of the protocols and their application.

Unusual Sources of Digital Evidence

As in the world of car modification, “modding”, we are starting to see mods of computer systems. As simple as a Sushi thumb drives, to the more meticulous Pez MP3 player, digital evidence is finding more ways to hide. It is important to make our investigators aware of the various methods of computer modding. 


Purdue Phone Phorensics

Considered to be the “Underwriters Lab” of Mobile Device Forensics, P3, or “Purdue Phone Phorensics” is intended to help investigators cut through the morass of literally hundreds of unique models of mobile phones and their accompanying requirements. This resource will literally take the guesswork out of processing most mobile devices. Don’t know what hardware and software to use? P3 will guide you. Just enter the brand and model, and P3 provides all the essential details you will need to examine the device. The hardware, software, and accompanying instructions will all have been tested for specific model of device under examination. Not sure what model you have in your hand? Use the “Phone Phinder” tool to identify the device by answering a few simple questions.

Small Scale Digital Device Forensics

As ubiquitous devices of our daily social fabric, the research of mobile device is imperative. The work done in our lab relates to the exploitation of such devices for investigative and intelligence purposes. Mobile devices may include, but are not limited to mobile phones, PDAs, smart phones, voip phones, gps devices, flash memory devices, audio and video devices, and other small scale digital devices that can be carried in a pocket or purse.

Botnet Analysis

As part of current research into malware behavior, the Botnet Analysis Team is developing standardized architectures and processes with which to detect, isolate, observe, analyze and potentially defend against or destroy botnets. Botnets are typically used for illegal activities, and are often made up of thousands of compromised computers. Botnet simulation will use a cluster of PCs configured with typical operating system and software configurations used by homes and businesses today.

Malware Reverse Engineering, Code Analysis, & Development

In order to fully understand how malware functions, the Malware Analysis team must perform reverse engineering and code analysis before malware development capabilities can be exercised. Malware is being developed in a modular approach, dissecting the various functional stages of malware execution into components. Malware will be tested in terms of its capabilities to avoid detection and to utilize anti-forensic techniques.

Footer

Intranet Site