Cyberspace is defined as "a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures" and Information Intelligence is defined as "knowledge resulting from discovery, collection, processing, integration, analysis, evaluation, interpretation, and/or understanding of available information." Cyberspace is the dynamic globally interconnected information infrastructure critical and essential to our nationís security, economy, and the interaction of modern society.
The Cyber and Information Security Research (CISR) Group conduct cutting-edge research in cyber warfare, situational understanding, visual analytics, and information dominance to defend the nationís critical infrastructures against attacks from known and future adversaries, understand the threat to provide real-time actionable intelligence from diverse data, secure the supply chain and critical infrastructure, and continuing operational capabilities, and defeat known and future adversaries.
Our objective is rapid research, development and delivery of innovative end-to-end integrated solutions to hard and challenging cyber and information security problems.
Defending the Network
Beholder: Exploiting Timing Information to Detect Remote Intrusion and Zero-Day Attacks
Choreographer: Modifies DNS mappings to detect malicious content and connections, and to break the intruder kill chain
Concordia: Executable fragment forensics, clustering of software executable, similarity measures for malware, correlation and fusion of cyber information
STASH: Ultra secure two-factor authentication using Quantum Technology
SAPPY: End-to-End Unbreakable Encryption over traditional channels based on Quantum Technology
USB-ARM: Automated Prevention of inadvertent and malicious injection of virus and malware
Understanding the Threat
AVUD: Automated Vulnerability Detection for Compiled Smart Grid Software
NV (Nessus Vulnerability Visualization): Web-based visualization tool for analyzing system vulnerabilities
Pico: National Malware Repository for automated security analysis and exploitation
SiTU (Situational Understanding and Discovery of Cyber Attacks): Timely discovery and understanding of novel and sophisticated cyber attacks from vast quantities of cyber data
STUCCO (Situation and Threat Understanding by Correlating Contextual Observations): Leveraging endogenous and exogenous data sources to provide context to cyber security events
Securing the Supply Chain and Critical Infrastructure
Hyperion: Automated sleeper code detection, vulnerability detection for defense or offense, zero-day malware detection and mitigation
Miru: Non-destructive automated hardware functionality analysis for Supply Chain Security. Detection of malicious or "sleeper" circuitry in microelectronic components; and vulnerabilities in microelectronics
Perseus: Detecting counterfeit hardware
PLAC (PLC Logic Audit Control): Auditing System to verify contents of PLC are Free of Tampering
Thor: Software tamper resistance (e.g.digital rights management), hardware tamper resistance, key management, number generation
Defeat the Adversaries
Marco Polo: Real-time geophysical location of internet users for prosecution of online criminals; and pin-point potential adversaries