Potential course-long projects for CISC/COGS 499. Focus may be on the development of subcomponents of a large system, prototytes of initial research discovery for demonstration, passive/active data collection pipline for threat intelligence, or benchmark experiment on system/solutions for a specific research problem. Independent research, an oral presentation, and a written report are required. More detailed requirements and procedures can be found at the course website. The research projects listed below are part of the L1NNA labs ongoing research with industrial partners. Please contact us for more details.
Kam1n0 v2.x: An assembly binary clone search platform Kam1n0 is a scalable assembly management and analysis platform. It allows a user to first index a (large) collection of binaries into different repositories and provide different analytic services such as clone search. It supports multi-tenancy access and management of assembly repositories by using the concept of Application. An application instance contains its own exclusive repository and provides a specialized analytic service. Considering the versatility of reverse engineering tasks, Kam1n0 v2.x server currently provides three different types of clone-search applications: Asm-Clone, Sym1n0, and Asm2Vec. New application type can be further added to the platform. The purpose of this project is to enrich the funcionalities, the usability, promote compatability, and improve the code quality of the code base. Current objectives:
- add more supported decompilers
- add more supported architectures
- porting certain modules to a different platform and a different language for other projects
- evaluate test cases and improve the current CI pipline
(Your contribution to this project will be listed on the webpage)
JARV1S: A Heterogeneous Clone Search-based Binary Intake and Processing Pipline With the introduction of ultra-fast 5G network, companies and organizational infrastructures are facing an ever-increasing number of endpoint devices such as PCs, mobile devices, Internet-of-Thing (IoT) sensors, and actuators. These endpoint devices significantly enlarge the attack surface, and the attackers have been vastly shifting their targets from server and perimeter to endpoint devices. Malware infection is one of the major rapidly evolving threats against endpoint security. 929 million malware has been registered up to August 2019, which is already 79 million more than the total of 2018. Behind the massive amount of data, organizations and security companies rely on critical backbone binary intake and processing pipelines to gain insight and reuse the learned knowledge to identify and understand future emerging threats. Traditional binary intake pipeline heavily rely on legacy signature-based static analysis that cannot detect unseen attacks. This system relies on an Information Retrieval (IR) approach to decompose any binary executable into existing known information from the repositroy. We are building up the complete system and the CI processing pipeline leveraging some modules from Kam1n0.
V1K1NG: Vulnerability, Weakness and Exploitation Discovery and Scanning TBA (or contact us for details)
Light-weight Endpoint Fileless Atttack Detection TBA (or contact us for details)
StyloMatrix: Writing Style Authorship Verification for Email Applications TBA (or contact us for details)
Real-time Rumor Detection on Social Network Stream. TBA (or contact us for details). The team will be working on this competition for fake news detection.