Cybersecurity Research

AdobeStock_276525806
AdobeStock_230441943

CoVA CCI is conducting research that will lead to breakthroughs in cyber physical systems, contributing to the CCI mission of establishing Virginia as a global leader in secure CPS and in the digital economy. This research is focused in the areas of cyber physical systems (CPSS), 5G, and Artificial Intelligence in the Maritime, Defense and Transportation business sectors. CoVA CCI will partner with local cybersecurity businesses as well as researchers from across the Commonwealth to accomplish this goal by supporting three objectives. 

CoVA CCI will create a secure shared research environment (COVA SHARE) for researchers, faculty and businesses to conduct cybersecurity research and instruction in state-of-art computer labs.
We will develop a 5G testbed to conduct research on the vulnerabilities and opportunities of 5G (and future generation) wireless communication technology.
CoVA CCI will sponsor cybersecurity research projects focused on CPSS, 5G, AI and other emerging fields with through collaborative research partnerships within CCI institutions and business partners.

FY 2022 Cybersecurity Research Projects

Project: Developing A Smart City Virtual Lab to Support CPS Experiential Learning

Project Team: Murat Kuzlu, ODU and Sherif Abdelwahed, VCU

Project Abstract: In this project, our team will develop a virtual smart city lab environment, called VirtualLab@OpenCity, which engages researchers, students, and companies with smart city challenges, such as automation, data analysis, service reliability and sustainability. VirtualLab@OpenCity will provide an experimental environment using a standardized service that supports remote connectivity, data collection, visualization, analysis, resource management and control. VirtualLab@OpenCity aims to build Virginia’s cyber-physical systems (CPS) workforce with hands-on-experience on new technologies that ultimately lead to innovative smart city solutions. This project will contribute to positioning Virginia as a global leader in secure and trustworthy cyber-physical systems by (a) providing students, researchers, and developers a virtual ecosystem of advanced CPS  technologies, (b) providing guidance and support to employ advanced technologies and innovative management systems for ongoing and future smart city plans and (c) foster fruitful collaboration between academia and industry to build a Commonwealth-wide smart city innovation workforce.

Complete Proposal: CV-008-Kuzlu_COVA_CCI_21_Final
Project Presentation: Developing a SmartCity Virtual Lab to Support CPS Experiential Learning (Mural Kuzlu)

smartcity

Project: Comprehensive Assessment and Diagnostics for Federated AI Algorithms in Cyber-Physical Systems

Project Team: Rui Ning, ODU, Jiang Li, ODU, Chunsheng Xin, ODU, Xinwei Deng, VT, Yili Hong, VT, and Luara Freeman, VT.

Project Abstract: Federated Artificial Intelligence (AI) is becoming a critical part of cyber physical systems (CPS) in modern maritime, defense and transportation industry, with its game-changing capability for handling large volumes of data and making collaborative complex decisions in support of self-control and self-actuation systems. While the Federated AI is actively
integrated into CPS applications, its malfunction can cause catastrophic failure or even be life-threatening for security-essential and safety-critical CPS such as in transportation and defense. Worse yet, as the Federated AI system incorporates AI and distributed devices, it inevitably introduces heterogeneity, randomness, contamination. Specifically, local data of different participants can be noisy and imbalanced, resulting in performance degradation. Moreover, it is also vulnerable to data poisoning attacks. The overarching
goals of this project include (1) establishing a design of experiments (DoE) framework to enable systematical investigation of the security and robustness of the Federated AI system; (2) investigating, assessing and unveiling characteristics of Federated AI models under different data imperfections; (3) developing effective schemes to comprehensively
diagnose given Federated AI models for potential data imperfections; (4) developing experimental environment for secure and robust Federated AI research. The project will also develop training modules of secure and robust Federated AI, aiming to prepare students and practitioners with advanced skills to succeed in a cybersecurity career. Overall, the proposed work will lead to enabling technologies for secure and robust Federated AI systems, accelerating their development and broadening their adoption in various application domains, especially the transportation, defense, and maritime sectors.

Complete Proposal: CV-006-Ning-COVA CCI Cybersecurity Research and Innovation_Rui_updated
Project Presentation: Ning_Presentation Rui Ning

Federated AI Algorithms in CPS

Project: CIVIIC: Cybercrime in Virginia: Impacts on Industry and Citizens

Project Team: Randy Gainey, ODU, Tancy Vandecar-Burdin, ODU, Jay Albanese, VCU, James Hawdon, VT, Katalin Parti, VT, and Thomas Dearden, VT

Project Abstract: Victimization from cybercrime is a major concern in Virginia, the US, and the world. It is estimated that in 2020, cybercrime resulted in Americans losing an estimated $4.2 billion (FBI 2021). Yet, precise measurement and understanding of the nature of the problem, methods, types, and targets is lacking. While the FBI maintains the Internet Crime Report (IC3), these data are limited to only those crimes reported by victims,
which is only a small fraction of the cybercrimes that occur. While a few  national citizen and business surveys have been conducted on specific types of cybercrime, the samples have been small, and there is reason to believe their findings may not represent the experience in the Commonwealth. Virginia presents a unique intersection of cyber physical systems with its large workforce in the maritime, defense, and transportation sectors, combined with an educated and mobile workforce making it a uniquely targeted area compared to many other states. This project will create, deploy,
analyze, and report on a statewide cybercrime survey of both citizens and businesses. A study and analysis specifically focused on Virginia will enable the delineation of the highest priority threats, identify cybercrime methods used, and provide an assessment of geographic, demographic and industry variation in victimization across the state. The project will provide baseline knowledge and data for future policy, research, and interventions to reduce exposure to cyber victimization in the Commonwealth.

Complete Proposal: CV-004-Gainey-CIVIIC_CCI_track2_FINAL
Project Presentation: Cybercrime in Virginia_ppt_6.2022
Final Survey Report: Survey and Final Report
cybercrime

 

Project: A Real-Time Dependency Network Approach to Quantifying Risks and
Ripple Effects from Cyberattacks in Shipbuilding and Repair Supply Networks

Project Team: Rafael Diaz, ODU and Helen Shen, UVA

Project Abstract: The evolution of defense shipbuilding supply networks toward digital environments increases operational complexity and requires reliable communication and coordination to regulate information exchange. As workers and suppliers transition to digital platforms, interconnection,
information transparency, and decentralized decisions become prevalent. The appearance and extensive use of these digital platforms inexorably increase their exposure to cyberattacks. Unfortunately, the effects of a systematic cyberattack on one or more nodes belonging to the shipbuilding supply network (e.g., Colonial Pipeline) are unknown. This collectively may represent
a substantial source of disruption. Cybersecurity protection of these networks requires a systemic approach to evaluate their vulnerability and understand ripple effects. However, current evaluation technologies and techniques are primarily applied to individual nodes or firms (if they are applied at all) and commonly lack systemic perspectives that consider overlapping risks and tiered hierarchies. To overcome these limitations, we propose developing a cybersecurity supply network Artificial Intelligence (A.I.) framework that enables characterizing and monitoring shipbuilding
supply networks and determining ripple effects from disruptions caused by cyberattacks. By representing and replicating the collective behavior of relevant shipbuilding supply network nodes, shipbuilders can monitor and measure the impact of cybersecurity disruptions and test the reconfiguration options that minimize the detrimental effects on the supply network. This
framework extends a novel risk management framework developed by Diaz and Smith (2021) and Smith and Diaz (2021) that considers complex tiered networks and systemic hypervulnerabilities (COVA CCI – 2021ODU-06.005) and is currently tested in the port security cyber physical setting. 

Complete Proposal: CV-002-Diaz-210682_Diaz, Rafael
Project Presentation: An Artificial Intelligence Approach to Assess Shipbuilding and Repair Supply Networks (Rafael Diaz)

AI Shipbuilding

 

Project: Towards Trustworthiness in Autonomous Vehicles

Project Team: Evgenia Smirni, W&M and Homa Alemzadeh, UVA

Project Abstract: Autonomous vehicles (AVs) are one of the most complex software-intensive Cyber-Physical Systems (CPS). In addition to the basic car machinery, they are equipped with driving assistance mechanisms that use smart sensors and machine learning (ML) for environment perception, pathfinding, and navigation. Even though tremendous progress has been made in advancing the safety and security of AVs, they are shown to be vulnerable to accidental and malicious faults that negatively affect their perception and control functionality and result in safety incidents. Recent works have highlighted two major challenges in safety validation and assurance of AVs: (i) With the increasing use of specialized hardware accelerators (GPUs) for running ML-based perception algorithms, AV control systems have become susceptible to transient faults (soft errors) that can result in erroneous ML inference and unsafe decision making and control. (ii) Safety assurance for AVs requires testing their resilience by identifying and simulating realistic safety-critical fault and attack scenarios by mining a tremendous fault space. To address these challenges, this project brings together a team of experts in GPU and CPS resilience from two CCI nodes to develop a holistic approach for end-to-end resilience assessment of AVs. We combine strategic fault injection at both hardware accelerator and controller software levels to assess the sensitivity of the ML components and control system to accidental or malicious faults and identify critical components and system states. The results from this project will make a firm step towards achieving trustworthiness in autonomous vehicles.

Complete Proposal: CV-007-Smirni-COVA_CCI_2021_AV_WM-UVA
Project Presentation: Towards Trustworthiness in Autonomous Vehicles (Evgenia Smirni)

Towards Trustworthiness in Autonomous Vehicles (Evgenia Smirni)

 

FY 2020-2021 Cybersecurity Research and Innovation Projects.

COVA CC released a Request for Proposals in March 2020 for researchers to conduct fundamental research leading to breakthroughs in CPSS. A total of five projects were selected for this first round of cybersecurity research funding.

The selected projects for this RFP are…

Leveraging AI and Machine Learning to Develop New CPSS and Workforce Development Solutions

Project Abstract: Data breaches and cyberattacks are now a daily reality for entities across the globe. As these attacks increase in frequency and sophistication, organizations are faced with an increasing shortage of quality trained cyber security professionals with the most current knowledge to meet this growing crisis. The proposed research & development project will seek to determine how to effectively automate the match of candidates to cyber jobs and associated training using Artificial Intelligence, analytics and novel data collection methodologies. The project will leverage crowd-sourced content and input to surface new approaches to developing disruptive cyber-physical systems through the use of workforce assessment and experiential education via a secure platform (www.idispla.org) and planned cloud-based cyber Insights Engine. The proprietary Insights Engine will apply Artificial Intelligence and Machine Learning, to power talent aptitude assessment and identification, and deliver smart training to match and develop personnel specifically for the roles for which they are best suited. This first ever effort will be led by researchers at Old Dominion University, supported by a team which includes: Melvin Greer, Chief Data Scientist, Americas, Intel Corp; and Dr. Nibir Dhar, Chief Scientist at Army Night Vision & Electronic Sensors Directorate; and Carlos Rivero, Chief Data Officer for the Commonwealth of Virginia, and CivilianCyber of Richmond, Virginia.

Project Team: Dr. Deri Draper, Old Dominion University, ddraper@odu.edu; Bobby Kenner, CivilianCyber, bobby@civiliancyber.com

Encouraging Positive Changes in Cyber Hygiene Behaviors and Knowledge in the Department of Defense.

Project Abstract: Requesting funding to develop SCORE to identify poor cyber-hygiene behavior, and to design an interface that effectively increases users’ awareness of their cyber risk. The system will alert users to at-risk behaviors and creates reports. The goal is to show SCORE can raise the awareness of cybersecurity policy violations. Both the technology and user experience will be developed to increase users’ cyber awareness, knowledge, and willingness to comply with cybersecurity policies.

Project Team: Dr. Jeremiah Still, Old Dominion University, jstill@odu.edu and Mike Ihrig, MI Technical Solutions.

Explore Privacy-Preserving in Deep Image Retrieval Systems

With the rapid growth of visual content, deep learning to hash is gaining popularity in the image retrieval community recently. Although it facilitates search efficiency, privacy is also at risks when images on the web are retrieved at a large scale and exploited as a rich mine of personal information. An adversary can extract private images by querying similar images from the targeted category for any usable model. Existing methods based on image processing preserve privacy at a sacrifice of perceptual quality. In this research, we propose a novel privacy-preserving mechanism based on adversarial learning to “stash” private images in the deep hash space while still maintaining perceptual similarity in both white-box and black-box settings. The research is expected to establish and deepen multi-institutional collaboration between William Mary, ODU and Hampton University and provide opportunities to include undergraduate and minority students into AI and security research. The ubiquityof AI technology brings both opportunities and challenges: offering convenience at the expense of our privacy. This research targets at a unique angle of the pervasive privacy challenges on the Internet and exploits a new vulnerability of AI algorithms to preserve privacy. If successful, the fundamental algorithms and tools provided will be transformative to enhance the ongoing research of AI security.

Project Team: Dr. Cong Wang, Old Dominion University, c1wang@odu.edu, Dr. Qun Li, William and Mary, liqun@cs.wm.edu, and Dr. Janett Walters-Williams, Hampton University, janett.williams@hampton.edu.

Securing IoT Devices through Power Side Channel Auditing and Privacy Preserved Convolutional Neural Networks

Internet of Things (IoT) devices have become the new cybercrime intermediaries to process cyber attacks and deploy malicious contents. The reasons are two folds. First, the popularity of IoT devices has attracted cybercriminals to conduct large-scale cyber attacks. Second, the cybercriminals also take advantage of the innocence of IoT devices, compared to the dedicated hosts, to deploy cyber attacks and evade the IP blacklist-based detection. Further, some of the IoT devices, such as web cameras and routers, were known for their weak security protection. Although there have been indications of IoT devices misuse, identifying and understanding how such devices are abused are challenging, because IoT bot attacks are stealthy, IoT devices are diverse and resource limited, and desired IoT bot detections need to be non-invasive. As a result, existing techniques cannot be directly applied to capture IoT bots, because they require invasive devices upgrade or modification. Also, these techniques are typically limited to detecting homogeneous devices (e.g., just PCs). Therefore, we propose a novel scheme to exploit IoT devices’ power side channel information to identify the compromised IoT devices.Specifically, we propose a universal Smart Plug design that provides power for heterogeneous IoT devices while at the same time detect malicious bot behaviors through Convolutional Neural Networks (CNN). A LEAP framework is proposed to offload CNN computation from IoT devices to the cloud while at the same time ensuring data privacy of IoT devices.

Project Team: Dr. Gang Zhou, William and Mary, gzhou@cs.wm.edu, Dr. Chunsheng Xin, Old Dominion University, cxin@odu.edu, and Dr. Danella Zhao, Old Dominion University, dzhao@odu.edu.

Trust, Interoperability and Inclusion: A Framework for Creating Cyber-Trust in Connected Homes

Internet-of-Things (IoT) devices are a growing part of people’s lives, collecting and communicating everything from health information to data on appliance use in homes. Users may be aware of some data collection practices, but there are also hidden ways in which devices collect data. These issues can be exacerbated when people are on the spectrum (hearing, vision, physical/motor, autism) because devices may not adjust to accommodate these differences. Furthermore, these pools of data are susceptible to cyber attacks and misuse in ways that may not be readily apparent to users. There is a gap in trust between devices in spaces and the people who inhabit those spaces. Therefore, we want to create, implement, and test a cyber-trust framework (CTF) that considers elements such as manufacturer information; background and experience of users, focusing specifically on people on the spectrum; and content collection (disclosed and undisclosed). The CTF will be rooted in technical, empirical, and theoretical thrusts, and this research will contribute to CCI’s mission, as noted in the blueprint, of establishing Virginia as a global leader in secure cyberphysical systems and the digital economy.

Project Team: Dr. Stephanie Blackmon, William and Mary, sjblackmon@wm.edu, Dr. Saikou Diallo, Old Dominion University, sdiallo@odu.edu, and Dr. D.E. Wittkower, Old Dominion University, dwittkower@odu.edu.

logo

COVA CCI is supported by the Commonwealth Cyber Initiative and funded through the Commonwealth of Virginia.

Contact: covacci@odu.edu

cci-logo