Highlights of Recent Research Projects

Systems, Software, and Web Security, and Machine Learning for Security

Cyber-Physical Systems Security

Privacy-Preserving Biometrics Based Authentication and Surveillance

User Interface Security

Past Research Activities

  1. Transparency of information access on the Internet: identifying censorship attempts and developing techniques to circumvent/defeat censorship, funded by NSF and the industry.
  2. PEASOUP: Preventing Exploits Against Software of Uncertain Provenance, funded by Air Force (led by GrammaTech).
  3. Botnet modeling, analysis, detection and attribution, funded by NSF, DHS, and ONR MURI.
  4. "CLEANSE: Cross-Layer Large-Scale Efficient Analysis of Network Activities to Secure the Internet", funded by NSF (Large Team project).
  5. Malware analysis algorithms and platforms, funded by NSF and industry.
  6. Host-based Security, in particular, virtual machine monitoring techniques, funded by NSF, IARPA, and industry.
  7. Web security and privacy, in particular, access control and information flow, funded by industry.
  8. Foundational and Systems Support for Quantitative Trust Management, ONR MURI (led by U Penn).
  9. An Information-Theoretic Framework for Evaluating and Optimizing Intrusion Detection Performance, funded by Army Research Office.
  10. Preventing SQL Code Injection by Combining Static and Runtime Analysis, funded by Department of Homeland Security.
  11. Anomaly and Misuse Detection in Network Traffic Streams -Checking and Machine Learning Approaches, funded by Office of Naval Research (ONR MURI).
  12. Intrusion Detection Techniques for Mobile Ad Hoc Networks, funded by NSF.
  13. CAREER: Adaptive Intrusion Detection Systems, funded by NSF.
  14. Agile Security for Storing Sensitive and Critical Information, funded by NSF.
  15. Guarding the Next Internet Frontier: Countering Denial of Information, funded by NSF.
  16. Vulnerability Assessment Tools for Complex Information Networks, funded by Army Research Office (ARO MURI).
  17. Cost-sensitive intrusion detection, funded by DARPA, 5/200-8/2003.

Technology Transfer Efforts

  1. Co-founded Damballa in 2006, based on the botnet detection technologies developed by my research group.