Cybersecurity Research

CoVA CCI is conducting research that will lead to breakthroughs in cyber physical systems, contributing to the CCI mission of establishing Virginia as a global leader in secure CPS and in the digital economy. This research is focused in the areas of cyber physical systems (CPSS), 5G, and Artificial Intelligence in the Maritime, Defense and Transportation business sectors. CoVA CCI will partner with local cybersecurity businesses as well as researchers from across the Commonwealth to accomplish this goal by supporting three objectives. 

CoVA CCI will create a secure shared research environment (COVA SHARE) for researchers, faculty and businesses to conduct cybersecurity research and instruction in state-of-art computer labs.
We will develop a 5G testbed to conduct research on the vulnerabilities and opportunities of 5G (and future generation) wireless communication technology.
CoVA CCI will sponsor cybersecurity research projects focused on CPSS, 5G, AI and other emerging fields with through collaborative research partnerships within CCI institutions and business partners.

FY 2020-2021 Cybersecurity Research and Innovation Funding.

COVA CC released a Request for Proposals in March 2020 for researchers to conduct fundamental research leading to breakthroughs in CPSS. A total of five projects were selected for this first round of cybersecurity research funding.

The selected projects for this RFP are…

Leveraging AI and Machine Learning to Develop New CPSS and Workforce Development Solutions

Project Abstract: Data breaches and cyberattacks are now a daily reality for entities across the globe.As these attacks increase in frequency and sophistication, organizations are faced with an increasing shortage of quality trained cyber security professionals with the most current knowledge to meet this growing crisis. The proposed research & development project will seek to determine how to effectively automate the match of candidates to cyber jobs and associated training usingArtificial Intelligence, analytics and novel data collection methodologies. The project will leverage crowd-sourced content and input to surface new approaches to developing disruptive cyber-physical systems through the use of workforce assessment and experiential education via a secure platform (www.idispla.org) and planned cloud-based cyber Insights Engine. The proprietary Insights Engine will apply Artificial Intelligence and Machine Learning, to power talent aptitude assessment and identification, and deliver smart training to match and develop personnel specifically for the roles for which they are best suited. This first ever effort will be led by researchers at Old Dominion University, supported by a team which includes: Melvin Greer, Chief Data Scientist, Americas, Intel Corp; and Dr. Nibir Dhar, Chief Scientist at Army Night Vision & Electronic Sensors Directorate; and Carlos Rivero, Chief Data Officer for the Commonwealth of Virginia, and CivilianCyber of Richmond, Virginia.

Project Team: Dr. Deri Draper, Old Dominion University, ddraper@odu.edu; Bobby Kenner, CivilianCyber, bobby@civiliancyber.com

Encouraging Positive Changes in Cyber Hygiene Behaviors and Knowledge in the Department of Defense.

Project Abstract: Requesting funding to develop SCORE to identify poor cyber-hygiene behavior, and to design an interface that effectively increases users’ awareness of their cyber risk. The system will alert users to at-risk behaviors and creates reports. The goal is to show SCORE can raise the awareness of cybersecurity policy violations. Both the technology and user experience will be developed to increase users’ cyber awareness, knowledge, and willingness to comply with cybersecurity policies.

Project Team: Dr. Jeremiah Still, Old Dominion University, jstill@odu.edu and Mike Ihrig, MI Technical Solutions.

Explore Privacy-Preserving in Deep Image Retrieval Systems

With the rapid growth of visual content, deep learning to hash is gaining popularity in the image retrieval community recently. Although it facilitates search efficiency, privacy is also at risks when images on the web are retrieved at a large scale and exploited as a rich mine of personal information. An adversary can extract private images by querying similar images from the targeted category for any usable model. Existing methods based on image processing preserve privacy at a sacrifice of perceptual quality. In this research, we propose a novel privacy-preserving mechanism based on adversarial learning to “stash” private images in the deep hash space while still maintaining perceptual similarity in both white-box and black-box settings. The research is expected to establish and deepen multi-institutional collaboration between William Mary, ODU and Hampton University and provide opportunities to include undergraduate and minority students into AI and security research. The ubiquityof AI technology brings both opportunities and challenges: offering convenience at the expense of our privacy. This research targets at a unique angle of the pervasive privacy challenges on the Internet and exploits a new vulnerability of AI algorithms to preserve privacy. If successful, the fundamental algorithms and tools provided will be transformative to enhance the ongoing research of AI security.

Project Team: Dr. Cong Wang, Old Dominion University, c1wang@odu.edu, Dr. Qun Li, William and Mary, liqun@cs.wm.edu, and Dr. Janett Walters-Williams, Hampton University, janett.williams@hampton.edu.

Securing IoT Devices through Power Side Channel Auditing and Privacy Preserved Convolutional Neural Networks

Internet of Things (IoT) devices have become the new cybercrime intermediaries to process cyber attacks and deploy malicious contents. The reasons are two folds. First, the popularity of IoT devices has attracted cybercriminals to conduct large-scale cyber attacks. Second, the cybercriminals also take advantage of the innocence of IoT devices, compared to the dedicated hosts, to deploy cyber attacks and evade the IP blacklist-based detection. Further, some of the IoT devices, such as web cameras and routers, were known for their weak security protection. Although there have been indications of IoT devices misuse, identifying and understanding how such devices are abused are challenging, because IoT bot attacks are stealthy, IoT devices are diverse and resource limited, and desired IoT bot detections need to be non-invasive. As a result, existing techniques cannot be directly applied to capture IoT bots, because they require invasive devices upgrade or modification. Also, these techniques are typically limited to detecting homogeneous devices (e.g., just PCs). Therefore, we propose a novel scheme to exploit IoT devices’ power side channel information to identify the compromised IoT devices.Specifically, we propose a universal Smart Plug design that provides power for heterogeneous IoT devices while at the same time detect malicious bot behaviors through Convolutional Neural Networks (CNN). A LEAP framework is proposed to offload CNN computation from IoT devices to the cloud while at the same time ensuring data privacy of IoT devices.

Project Team: Dr. Gang Zhou, William and Mary, gzhou@cs.wm.edu, Dr. Chunsheng Xin, Old Dominion University, cxin@odu.edu, and Dr. Danella Zhao, Old Dominion University, dzhao@odu.edu.

Trust, Interoperability and Inclusion: A Framework for Creating Cyber-Trust in Connected Homes

Internet-of-Things (IoT) devices are a growing part of people’s lives, collecting and communicating everything from health information to data on appliance use in homes. Users may be aware of some data collection practices, but there are also hidden ways in which devices collect data. These issues can be exacerbated when people are on the spectrum (hearing, vision, physical/motor, autism) because devices may not adjust to accommodate these differences. Furthermore, these pools of data are susceptible to cyber attacks and misuse in ways that may not be readily apparent to users. There is a gap in trust between devices in spaces and the people who inhabit those spaces. Therefore, we want to create, implement, and test a cyber-trust framework (CTF) that considers elements such as manufacturer information; background and experience of users, focusing specifically on people on the spectrum; and content collection (disclosed and undisclosed). The CTF will be rooted in technical, empirical, and theoretical thrusts, and this research will contribute to CCI’s mission, as noted in the blueprint, of establishing Virginia as a global leader in secure cyberphysical systems and the digital economy.

Project Team: Dr. Stephanie Blackmon, William and Mary, sjblackmon@wm.edu, Dr. Saikou Diallo, Old Dominion University, sdiallo@odu.edu, and Dr. D.E. Wittkower, Old Dominion University, dwittkower@odu.edu.