CORES Symposium

The Cyber Operative Research Scholars (CORES) is a one year hands-on group research experience funded by the Office of Naval Research (ONR). The program focuses on training students in the area of cybersecurity research with the guidance and mentorship of principal investigators, a program manager, and graduate student research assistants. Specifically, the program aims to nurture CORES that (1) Are deeply technical doers yet multidisciplinary thinkers, and (2) Possess a cybersecurity research capacity. The principal aim of this project is to meet the rising need for a world-class Science, Technology, Engineering, and Mathematics (STEM) workforce to maintain the U.S. Navy and Marine Corps' technological superiority.

This event will include presentations from undergraduate CORES, and our two graduate student mentors. The presentations will cover findings of a one year long research project in Cybersecurity. Research topics include, offensive cyber operations and exploitation, digital forensics, intelligence gathering, and the applications of AI and Machine Learning (ML) to cybersecurity. The top two projects will be recognized, and Army Reserve Officers' Training Corps (ROTC) students will be awarded a Cyber Patch for successfully completing the CORES program.

The event is co-hosted by the Military Cyber Professionals Association (MCPA) and the University of New Haven’s Connecticut Institute of Technology (CIT) with support from ONR. All times are in EST.

Keynote Presentation by Dr. Daniel Ragsdale

Director of Defense Research and Engineering for Modernization at Office of the Under Secretary of Defense (Acting)

Dr. Ibrahim Baggili

PI Director of the Connecticut Institute of Technology

Dr. Vahid Behzadan

Co-PI

Dr. Michael Simpson

Director, Education & Workforce, ONR

Robert Clark

Army ROTC Program Coordinator

Agenda: Thursday April 29th, 2021

10:00 am – 10:10 am - Opening remarks Dr. Ibrahim Baggili, PI, Director of the Connecticut Institute of Technology

10:10 am – 10:15 am - Remarks by Dr. Vahid Behzadan, Co-PI

10:15 am – 10:20 am - Remarks by Dr. Michael Simpson, Director, Education & Workforce, ONR

10:20 am – 10:40 am - Keynote by Dr. Daniel "Rags" Ragsdale, Principal Director for Cyber in the Office of the Under Secretary of Defense for Research and Engineering and Acting Director of Defense Research and Engineering for Modernization

10:45 am – 11:10 am - Investigation of Crawling Darknet Vendors for Surface Web Discovery and De-Anonymization

Steven Atilho, B.Sc. Computer Science, ‘22

This work investigates the effectiveness of web-crawling Darknet Marketplaces (DNMs) for cyber-criminals selling Personally Identifiable Information (PII) and Malware/Exploits and parsing for text-based data such as usernames, email addresses, and crypto-wallet addresses. This data was used to gather Open-Source Intelligence (OSINT) from the surface web to discover accounts that belong to these vendors. Results demonstrate that 20% of vendors from two DNMs have a presence on the surface-web actively discussing their cyber-crimes, and these methods can assist law-enforcement agencies in de-anonymizing them.

11:10 am – 11:35 am - Adversarial Manipulation of Automated OSINT Solutions for Cyber Threat Intelligence

Rachel Blumenthal, B.Sc. Computer Science & Keelan Carey, B.Sc. National Security, ‘22

In recent years, machine learning algorithms have become ubiquitous in OSINT collection, as the algorithms can quickly classify information as being relevant to cyber threat intelligence (CTI). An important and so far, unanswered question in the field has been whether these CTI classification models are vulnerable to adversarial manipulation. Furthermore, there seemed to be no tool available to efficiently create textual perturbations without the calculation of gradient and loss for each individual input. Therefore, a modified language translation transformer is introduced that can efficiently perturb large input datasets, which can then be used offensively or in a defensive capacity to create more robust CTI classifiers.

11:35 am – 12:00 pm - Forensicast: A Nonintrusive Approach & Tool For Logical Forensic Acquisition & Analysis of The Google Chromecast TV

Nicholas Dubois, B.Sc. Cybersecurity and Networks, 24’ & Alex Sitterer, B.Sc. Cybersecurity and Networks, ‘24

Google's new Chromecast with Google TV is a small IoT device that runs Android TV 10, is always unlocked, and allows for the extraction of application data without requiring root access. We created a tool to aid in the extraction of these artifacts from system and user applications and found that there were 5 main types of artifacts: time-based identifiers, logs/activity monitoring, token/cookie, device ID, and user ID. Our findings also illustrated common artifacts found in applications that are related to developer and advertising utilities, mainly WebView, Firebase, and Facebook Analytics.

12:00 pm - 12:30 pm - Lunch break

12:30 pm – 12:55 pm - Forensic Analysis of Two-Factor Authentication Applications

Syrina Haldiman, M.Sc. Cybersecurity and Networks, ‘22 & Kaitlyn Newman, B.Sc. Cybersecurity and Networks, ‘24

2FA applications assist in stopping malicious actors from illegally accessing one’s personal registered accounts, such as in social media, academia, banking, etc. While these types of applications appear to be simple at doing their intended job, there is no prior work on the forensic artifacts they leave behind. This research focuses on the forensic analysis of (n=10) 2FA applications and the discovery of relevant digital artifacts that they may store in smart phones about the user’s linked accounts. Preliminary results demonstrate that most tested 2FA applications do not store user account data on the device, however, a few of them did prove to do slightly the opposite.

12:55 pm – 1:00 pm - A Content-Aware Network Analysis Algorithm for Identifying Sources of Cyber Threat Intelligence on Twitter

Shreya Gopal Sundari, M.Sc. Data Science

Twitter as a social network has become a valuable source of cyber threat information. However, due to the enormous volume and velocity of data on Twitter, a challenging task is to identify user accounts to monitor as sources of cyber threat intelligence (CTI). To address this, a novel approach is proposed for source identification based on the ranking of users according to their contextual and topological relevance. In this approach, both structural information of the graph network of Twitter user accounts and their tweet contents are used to find relevant source user accounts to previously identified source accounts.

1:20 pm - 1:30 pm - 10 minute break

1:30 pm – 1:55 pm - A Forensic Analysis of Anti-Forensic Web Browser Extensions

Killian Meehan, B.Sc. Cybersecurity and Networks, 23’

This work presents the primary account of the analysis of (n=13) privacy enhancing web browser extensions on Google Chrome and Mozilla Firefox. Criminals may use these extensions to suppress their web activity. This project aimed at exploring forensically relevant artifacts that the extensions produce. The results indicate that in most cases there is an abundance of artifacts left behind by the extensions.

1:55 pm – 2:20 pm - Adversarial Manipulation of EEG-Based Brain Computer Interfaces

Karrie LeDuc-Santoro, B.Sc. Cybersecurity and Networks, ‘23, Christopher Howard, B.Sc. Computer Science, 22’, Anta Fall, B.Sc. Cybersecurity and Networks, ‘23

An electroencephalogram (EEG) is a non-invasive brain computer interface with a wide range of applications in control of prosthetics and robots, non-verbal communications, and neuro-feedback control. Many of such applications rely on machine learning for signal processing and classification. Recent studies establish that machine learning models are vulnerable to various attack vectors; thus, the EEG is bound to have an exploitable vulnerability that can be used by a malicious actor. In this project, we study the viability of using visual and auditory evoked potentials as adversarial perturbations to manipulate the machine learning models used in EEG BCI systems.

2:20 pm – 2:45 pm - Closing and award ceremony