The Cyber Science Lab (CSL) is a research lab focused on advancing knowledge and practice in security and privacy of machine learning systems to build trustable ML agents for a variety of threat hunting, threat attribution and digital forensics tasks. CSL’s researchers are working on different  ML security and privacy challenges including wide-range of poisoning and evasion attacks in the adversarial setting, defensive mechanism, approaches to hardening  ML and methods to preserve differential privacy.

Furthermore, CSL’s researchers are working on novel ML-based approaches to apply on security and digital forensic domains. A variety of R&D researches and projects have been conducted to protect infrastructures, Internet of Things (IoT) networks, Industrial Control System (ICS) devices and endpoint nodes as well as detecting cyberattacks and malicious activities using state-of-the-art ML techniques. In addition, CSL’s team have been working on AI-based method to propose accurate, swift and intelligent methods for digital forensic investigation. Our research areas are as following:

Cyber Threat Intelligence and Analytics: Cyber attack triage is among most complicated and time-consuming tasks of security analysts. These triage activities are mainly focused on analyzing malware, exploit-kits and other attack payloads for timely identification of attack payloads (i.e. the malware). AI has a lot to offer to cyber threat triage and may significantly reduce the required time and resources to respond to an incident. Cyber Science Lab built a number of unique datasets for AI-Aided cyber threat triage as lack of suitable security datasets for AI tasks is among most important barriers in advancing research in this field. CSL has contributed to several researches for AI-aided Malware Analysis, Ransomware Analysis, AI-aided threat attribution and Cyber Threat Analytics.

Adversarial machine learning for building anti-forensics and anti-anti forensics systems: Machine learning algorithms are developed for stationary environments. However, intelligent and adaptive adversaries can carefully craft input data to always bypass AI-based cybersecurity systems. Therefore, direct utilization of machine learning algorithms would provide limited benefit in the cyber security domain. In adversarial machine learning, we try to first identify potential vulnerabilities of machine learning algorithms during learning and classification and build attacks that correspond to detected vulnerabilities (anti-forensics). Afterward, we are building countermeasures to improve the security of machine learning algorithms (anti-anti-forensics).

Security of Critical Infrastructure: Emergence of IoT devices and applications, introduced many new challenges for cybersecurity community. Cyber Science Lab has an extensive research track in IoT/ICS network defense, AI-aided attack detection and analysis in IoT networks and IoT digital investigation.

Digital Forensic: Cyber Science Lab enjoys an extensive research track and contributions in digital forensics and incident response with a special focus on cloud, big data and mobile forensics. The wide adoption of cloud services and big data storage systems made cloud and big data computing storage as a prime target for cybercriminals and investigation of these platforms is a challenge for forensic examiners. Every cloud and big data platform have its own structure and require specific investigation tools and techniques. Mobile device investigation is a major challenge as each device has customized features, operating systems, and data management process.