With the rapid growth of information technology, many rich applications are developed to make our life more convenient. However, unwanted applications, such as worms, bots, backdoors, and adware, are developed intentionally to disrupt the network, gather sensitive information, or illegally gain control of your device. Understanding their adverse actions is essential to malware research, and developing adequate security analysis tools is critical to identify certain peculiar behavior made by malware.

I notice a paradox of security that we are eager to understand attacks, but often we fail to comprehend them because security is difficult to learn and practice. We need to develop a framework to solve such a paradox, and it requires 1) an accurate monitoring infrastructure for profiling the target subjects, 2) a formal model to describe the research targets appropriately, 3) an analysis platform having modern scientific computation capability, and 4) proper analytic models and core algorithms to study them from different aspects. 

Pasyt Research Project Highlights

• Combining Dynamic Passive Analysis and Malware Profiling by Virtual Machine Introspection

  • Propose a profiling system that leverages the virtualization technology to perform dynamic analysis to introspect and analyze the target malware. It can perform active fingerprinting to identify malware.

• Spectrum Analysis for Detecting Slow-Paced Persistent Activities in Network Security

  • Stealthy Botnet exhibits long-term, slow-paced and persistent communica-tion patterns hidden in the network traffic. I propose a detection model by transforming time series data to frequency domain to identify attacks.

• Probabilistic Inference Model for Early Intrusion Detection

  • Adopt Markov process to build a probabilistic inference model to compute the belief score of on-going attacks. It ensures a certain level of confidence in the attack assessment, and significantly reduces the false positives.

• Service Behavior Profiling for Network Anomaly Detection

  • Propose a novel method to model a complex network attack activity jointly at three levels. The state of each level is monitored by finite state machine, and the significant states are analyzed by Principal Component Analysis.

• Real-time Continuous Security Protection System for Security Isolation Management in Virtualized Cloud

  • Propose a real-time continuous security protection system in Cloud, which can monitor and inspect the operation of a VM or a guest process in re-al-time by Windows API hooking in a hardware-assistant virtualization environment.

• Malware Profiling & Anomaly Detection for Mobile Cyber-Physical System.

  • Develop a system for inspecting Android Apps by hacking Android Dalvik VM and traversing Android memory. Sequence and similarity analysis are applied on the malware profiles for Android malware family classification.

• A Security Proxy-Based Cross-Domain Communication for Web Mashups.

  • Propose a secure cross-domain communication mechanism that supports fi-ne-grained access control of web elements that belong to different sources in a web mashup to guarantee the confidentiality, integrity, and authenticity.

• Design and Implementation of the Specification Language, Compiler and Engine for Stateful Content-based Processing in SoC Environment.

  • Design and implement a stateful content-based packet classification system, SConPaC, which could inspect packet content, maintain and track protocol state for deep packet analysis with 300+ Mbps throughput of SoC design.

Please see my Linkedin profile for more information.

To be continued.