project thumbnail

Audit Log Collection And Management

Modern auditing frameworks struggle to scale in line with contemporary computing paradigms, particularly due to the expansive volume of audit log data which is both resource-intensive to store and complex to analyze centrally. Challenges also arise from inaccuracies in causality analyses due to the dependency explosion, which stems from the semantic gap between system-layer events and application-layer behaviors. Additionally, ensuring the integrity of audit logs remains a pressing concern, with many logs vulnerable to tampering. In response to these challenges, we have developed a series of techniques aimed at streamlining the audit logging process, enhancing causality analysis, and bolstering the security and integrity of stored logs.
project thumbnail

Threat Detection

In the rapidly evolving landscape of cyber threats, Advanced Persistent Threats (APTs) and stealthy attacks remain some of the most insidious and sophisticated challenges for security professionals. These threats often operate under the radar, making detection a daunting task. Our project is at the forefront of this battle, dedicated to developing cutting-edge techniques designed to detect APTs and stealthy attacks with increased accuracy and efficiency. Recognizing the ubiquity and diversity of modern digital platforms, our techniques are not limited to traditional computing hosts.
project thumbnail

Incident Response and Remediation

In the ever-evolving cybersecurity landscape, professionals are inundated with a myriad of threat alerts, making it challenging to discern legitimate threats from false alarms. This volume often leads to "threat alert fatigue", a scenario where vital alerts might be buried under benign notifications. To address this, we design techniques to prioritize alerts based on their contextual significance. Additionally, recognizing the limitations of traditional Endpoint Detection and Response (EDR) systems, we develop novel methods to better triage and manage these alerts, streamlining investigations.
project thumbnail

Forensics in Emerging Technologies

Our research focuses on establishing transparency in complex, emerging systems like the Internet of Things (IoT) and Augmented/Virtual Reality (AR/VR) environments. We have identified significant challenges in diagnosing incorrect behavior within these automated and intricate systems. In response, our lab is developing advanced threat detection and forensic investigation techniques tailored to these technologies. Our methods integrate data analytics, machine learning algorithms, and AI-driven predictive models to identify, analyze, and anticipate vulnerabilities and potential threats. Additionally, we are committed to addressing ethical and privacy concerns, ensuring our solutions are responsible and uphold user privacy. This research aims to pioneer forensic methodologies for emerging technologies, balancing innovation with security and privacy, and ultimately fostering safer digital environments.