Agenda: Thursday April 29th, 2021
10:00 am – 10:10 am - Opening remarks Dr. Ibrahim Baggili, PI, Director of the Connecticut Institute of Technology
10:10 am – 10:15 am - Remarks by Dr. Vahid Behzadan, Co-PI
10:15 am – 10:20 am - Remarks by Dr. Michael Simpson, Director, Education & Workforce, ONR
10:20 am – 10:40 am - Keynote by Dr. Daniel "Rags" Ragsdale, Principal Director for Cyber in the Office of the Under Secretary of Defense for Research and Engineering and Acting Director of Defense Research and Engineering for Modernization
10:45 am – 11:10 am - Investigation of Crawling Darknet Vendors for Surface Web Discovery and De-Anonymization
Steven Atilho, B.Sc. Computer Science, ‘22
This work investigates the effectiveness of web-crawling Darknet Marketplaces (DNMs) for cyber-criminals selling Personally Identifiable Information (PII) and Malware/Exploits and parsing for text-based data such as usernames, email addresses, and crypto-wallet addresses. This data was used to gather Open-Source Intelligence (OSINT) from the surface web to discover accounts that belong to these vendors. Results demonstrate that 20% of vendors from two DNMs have a presence on the surface-web actively discussing their cyber-crimes, and these methods can assist law-enforcement agencies in de-anonymizing them.
11:10 am – 11:35 am - Adversarial Manipulation of Automated OSINT Solutions for Cyber Threat Intelligence
Rachel Blumenthal, B.Sc. Computer Science & Keelan Carey, B.Sc. National Security, ‘22
In recent years, machine learning algorithms have become ubiquitous in OSINT collection, as the algorithms can quickly classify information as being relevant to cyber threat intelligence (CTI). An important and so far, unanswered question in the field has been whether these CTI classification models are vulnerable to adversarial manipulation. Furthermore, there seemed to be no tool available to efficiently create textual perturbations without the calculation of gradient and loss for each individual input. Therefore, a modified language translation transformer is introduced that can efficiently perturb large input datasets, which can then be used offensively or in a defensive capacity to create more robust CTI classifiers.
11:35 am – 12:00 pm - Forensicast: A Nonintrusive Approach & Tool For Logical Forensic Acquisition & Analysis of The Google Chromecast TV
Nicholas Dubois, B.Sc. Cybersecurity and Networks, 24’ & Alex Sitterer, B.Sc. Cybersecurity and Networks, ‘24
Google's new Chromecast with Google TV is a small IoT device that runs Android TV 10, is always unlocked, and allows for the extraction of application data without requiring root access. We created a tool to aid in the extraction of these artifacts from system and user applications and found that there were 5 main types of artifacts: time-based identifiers, logs/activity monitoring, token/cookie, device ID, and user ID. Our findings also illustrated common artifacts found in applications that are related to developer and advertising utilities, mainly WebView, Firebase, and Facebook Analytics.
12:00 pm - 12:30 pm - Lunch break
12:30 pm – 12:55 pm - Forensic Analysis of Two-Factor Authentication Applications
Syrina Haldiman, M.Sc. Cybersecurity and Networks, ‘22 & Kaitlyn Newman, B.Sc. Cybersecurity and Networks, ‘24
2FA applications assist in stopping malicious actors from illegally accessing one’s personal registered accounts, such as in social media, academia, banking, etc. While these types of applications appear to be simple at doing their intended job, there is no prior work on the forensic artifacts they leave behind. This research focuses on the forensic analysis of (n=10) 2FA applications and the discovery of relevant digital artifacts that they may store in smart phones about the user’s linked accounts. Preliminary results demonstrate that most tested 2FA applications do not store user account data on the device, however, a few of them did prove to do slightly the opposite.
12:55 pm – 1:00 pm - A Content-Aware Network Analysis Algorithm for Identifying Sources of Cyber Threat Intelligence on Twitter
Shreya Gopal Sundari, M.Sc. Data Science
Twitter as a social network has become a valuable source of cyber threat information. However, due to the enormous volume and velocity of data on Twitter, a challenging task is to identify user accounts to monitor as sources of cyber threat intelligence (CTI). To address this, a novel approach is proposed for source identification based on the ranking of users according to their contextual and topological relevance. In this approach, both structural information of the graph network of Twitter user accounts and their tweet contents are used to find relevant source user accounts to previously identified source accounts.
1:20 pm - 1:30 pm - 10 minute break
1:30 pm – 1:55 pm - A Forensic Analysis of Anti-Forensic Web Browser Extensions
Killian Meehan, B.Sc. Cybersecurity and Networks, 23’
This work presents the primary account of the analysis of (n=13) privacy enhancing web browser extensions on Google Chrome and Mozilla Firefox. Criminals may use these extensions to suppress their web activity. This project aimed at exploring forensically relevant artifacts that the extensions produce. The results indicate that in most cases there is an abundance of artifacts left behind by the extensions.
1:55 pm – 2:20 pm - Adversarial Manipulation of EEG-Based Brain Computer Interfaces
Karrie LeDuc-Santoro, B.Sc. Cybersecurity and Networks, ‘23, Christopher Howard, B.Sc. Computer Science, 22’, Anta Fall, B.Sc. Cybersecurity and Networks, ‘23
An electroencephalogram (EEG) is a non-invasive brain computer interface with a wide range of applications in control of prosthetics and robots, non-verbal communications, and neuro-feedback control. Many of such applications rely on machine learning for signal processing and classification. Recent studies establish that machine learning models are vulnerable to various attack vectors; thus, the EEG is bound to have an exploitable vulnerability that can be used by a malicious actor. In this project, we study the viability of using visual and auditory evoked potentials as adversarial perturbations to manipulate the machine learning models used in EEG BCI systems.
2:20 pm – 2:45 pm - Closing and award ceremony