Skip to main content

Cyber Training, and Intrusion Detection and Response

Research

Focus

Develop intrusion detection, mitigation and forensic analysis capabilities for CASE-V to defend against future advanced threats, and develop integrated training capabilities for cyber defense and response

Research Projects

  • Develop a training system to improve cyber defense and response capabilities for a diverse set of trainees ranging from K-12 to experienced cybersecurity professionals
  • Develop an intelligent intrusion detection system which incorporates various machine learning algorithms to detect novel attacks
  • Develop techniques to combine intrusion detection and digital forensics to provide a system to defend against future APTs

Research Challenges

  • Repeatable experiments, and reproducible/verifiable research results
  • Scalability vs. functionality/capability/granularity tradeoffs
  • Portability and interoperability of operations, experiments, training and test beds

People

  • Faculty

    • Dr. Jonathan Graham (Lead)
    • Dr. George Hsieh
    • Dr. Cheryl Hinds
    • Dr. Aurelia Williams
    • Dr. Sachin Shetty
    • Dr. Claude Turner
    • Dr. Frank Hu
    • Dr. Abdinur Ali
    • Ms. Tonya Fields
  • Graduate Students

    • Darryl Walden
    • Christopher Okonkwo
    • Kaila Perry

Publications

  • Faculty Publications


     Turner, C. and Joseph, A., "A Wavelet and Mel-Frequency Cepstral Coefficients-Based Feature Extraction Method for Speaker Identification," Procedia Computer Science, Vol. 61, November 2015, pp. 416-421.

    Ali, A., Hsieh, G. and Khan, M., "Performance Metrics for Machine Learning Algorithms," Mathematical Association of America Conference, Saint Mary’s City, Maryland, November 6-7, 2015.

    Turner, C., Turner, C., Richards, D. and Yan, J., "PingFloodViz: A Visualization Tool Targeted to a Non-Technical Cyber Defense Competition Audience," abstract submitted to Complex Adaptive Systems Conference, Nov 2-4, 2016, Los Angeles, CA.

    Shetty, S., Hsieh, G., Padilla, J.J., Graham, J.M., Kamhoua, C.A. and Kwiat, K.A., "Cyber Intelligence and Cyber Defense," accepted (session presentation) by CISSE 2016 to be held in June 2016, Philadelphia, PA.

    Fields, T. and Graham, J., "Classifying Network Attack Data Using Random Forest" Proceedings 2016 CATA Conference, April 2016, Las Vegas, NV.

    Hinds, C., "Securing Smart Meters in the Smart Grid" CYBERSEC-16 Cybersecurity Symposium: Your Security, Your Future, April 2016, Coeur d'Alene, Idaho.

    Hsieh, G., Kotut, L. and Ali, A., "Big Data Analytic Techniques for Cybersecurity Applications,”" (Poster). CYBERSEC-16 Cybersecurity Symposium: Your Security, Your Future, April 2016, Coeur d'Alene, Idaho.

    Turner, C., Jeremiah, R., Joseph, A., "A Study of Snort Rule Performance, Categorization and Statistics," abstract submitted to Complex Adaptive Systems Conference, Nov 2-4, 2016, Los Angeles, CA

    (30) Jeremiah, R., Turner, C., Richards, D., Joseph, A., "Intrusion Detection and Visualization of Password Compromise Through Linux Security Auditd Daemon," abstract submitted to Complex Adaptive Systems Conference, Nov 2-4, 2016, Los Angeles, CA.

     

  • Graduate Thesis

    Alexander Eng. "Forensic Mobile Imaging: An on-The-Go solution." M.S. Project. Completed May 2013.

    Latoya Rich. "Android Forensics: Forensic Analysis of an Android Device." M.S. Project. Completed May 2013.

     

  • Presentations

    G. Hsieh. "Building a Secure Virtual Lab Infrastructure for IT Education," in 2012 Int'l Conf. on Frontiers in Education: Computer Science and Computer Engineering (FECS'12), July 2012, Las Vegas, NV.

    G. Hsieh. "Design for a Secure Interoperable Cloud-Based Personal Health Record Service," in IEEE CloudCom 2012 Conf., Dec. 2012, Taipei, Taiwan, R.O.C.

  • Student Productivity

    G. Hsieh and R. -J. Chen, "Desing for a Secure Interoperable Cloud-Based Personal Health Record Service," in Proc. IEEE CloudCom 2012 Conf., pp. 472-479, Dec. 2012, Taipei, Taiwan, R.O.C.

    G. Hsieh and E. Nwafor. "A Self-Protecting Security Framework for CDA Document" 2013 International Conference on Security and Management (SAM' 13). July 2013, Las Vegas, NV.

    D. Butts and F. Doswell. Poster: "Contradition: Public Access to Private Social Network Accounts, " Tapia Conference, Seattle, Washington. February 5-8, 2014.

    T. Ezekwenna and F. Doswell. Poster: Secure Education Content through a Mobile Cloud Environment" Tapia Conference, Seattle, Washington. February 5-8, 2014.

    D. Butts and F. Doswell. Paper and Presentation: "Design of a Comprehensive Tool to Decrease Public Access to Private Social Netowrk Accounts". Tapia Conference, Seattle, Washington. February 5-8, 2014.

    D. Butts and F. Doswell. Paper and Presentation: "Design of a Comprehensive Tool to Decrease Public Access to Private Social Netowrk Accounts". ADMI 2014 Conference. Virginia Beach, VA, April 3-5, 2014.

    Tyisha Fennell. Design of a Residential Keyless Access Solution Using a Mobile Device. (First Place Award for Graduate Poster Presentation). ADMI 2013 Conference. Virginia Beach, VA, April 11-13, 2013.

Resources

  • Additional Hardware

    • 8 PC's,
    • 2 Workstations
    • 16-port gigabit LAN switch
  • Additional Software

    • Microsoft Active Directory Server and DNS Server for identity and access management;
    • VMware vCenter Server for centralized management of the virtualization infrastructures
    • VMware vSphere ESX for hypervisor host
    • VMware View (Manager, Connection Server, Composer, Transfer Server, and Client) for virtual desktop infrastructures
    • VMware VMs (Windows 7, Windows XP, Ubuntu Linux, Windows 2008 Server.
  • Resources

    • The Information Security Laboratory, with equipment in RTC 300, RTC 304 and Computer Science Server Room, is a state-of-the-art facility designed to support student learning and research in network security, cloud computing and big data. For network security experimentation, this lab is equipped with Cisco Networking Academy curriculum and equipment including: (a) nine Cisco Integrated Service Routers configured with Advanced Security (e.g., firewall, intrusion detection/prevention systems, and VPN), Wireless, and VoIP feature packages; (b) six Cisco Catalyst Ethernet switches with VLAN and port security features; and (c) sixteen PC’s loaded with VMware software for running multiple VMs of different operating systems on each physical PC.
    • The “Production” Hadoop Cluster is comprised of 12 data nodes and 5 master nodes with a total of 408 Intel Xeon 64-bit Cores, 1.4 TB RAM, and 312 TB hard disk storage. Two high-performance 10/40 Gb switches are used to connect the nodes within the cluster and the outside. The “Integration and Test” Hadoop Cluster is comprised of 5 nodes with a total of 120 Xeon 64-bit Cores, 640 GB RAM, and 18 TB hard disk storage.
    • The “Production” Cloud Computing System is comprised of four servers with a total of 64 Xeon 64-bit Cores, 1 TB RAM, and 30 TB hard disk storage. The “Integration and Test” Cloud Computing System is comprised of an enterprise-grade server (16 Xeon 64-bit Cores, 512 GB RAM, and 438 GB hard disk storage), one iSCSI SAN (7.2 TB hard disk storage), and two departmental-level servers (24 Xeon 64-bit Cores, 256 GB RAM, and 1.2 TB hard disk storage total). For learning, research, and development, there are additional servers (4), workstations (13), and PC’s (8) configured to support three developmental Hadoop clusters and two cloud computing systems. A third high-performance 10/40 Gb switch and two additional 1/10 Gb switches are used to provide 1 Gb+ connectivity for the equipment in the lab.
    • Overall, there will be approximately 630 Xeon-64 bit Cores, 3.8 TB RAM, and 370 TB hard disk storage available in this high-performance computing lab, representing an investment of over $600,000 in the past three years.