COMBAT (COntinuous Monitoring of Behavior to protect devices from evolving mobile Application Threats)
COMBAT is a behavior-based intelligent mobile malware detection system. Attacker strategies are changing and current defenses are hard to cope up with new variants of malware, which makes mobile malware detection a challenging problem. As opposed to static analysis, dynamic analysis and signature based approaches; machine learning approaches are widely used to detect malware. However, machine learning algorithms can be easily spoofed by carefully pertaining the inputs presented to the detector. This is especially true in the case of repackaged malware. We address this problem by designing a safe and adversarial resistant algorithm. We use a combination of adversarial learning algorithms such as defensive distilled neural networks, artificial malware generation and explainable AI on various features derived from Android code including class names, packages, and permissions to build adversarial resistant machine learning algorithms. Testing our approach on a new set of most recent malware apps (unique variants capable of evading detectors) we achieved 90% detection rate as opposed to vanilla neural network with 49.5%.
CASTRA (Context-Aware Security Technology for Responsive and Adaptive Protection)
CASTRA aims at providing a friction-less multifactor authentication mechanism for secure access using subliminal characteristics of the smartphone user. We developed a mobile device based solution to detect walking patterns by using smartphone sensors. We achieved 99:9% detection accuracy by applying LSTM (Long Short Term Memory) neural networks for learning gait biometrics from raw accelerometer and gyroscope data. CASTRA is capable of identifying users within 5-6 steps (using 50 Hz sensor sampling rate).
WASH (Warfighter Analytics using Smartphones for Health)
WASH is a research project aimed at detecting PTSD by unobtrusively leveraging human interactions with smartphone. We use the sensor data collected from the smartphones to train models for activity classification and anomaly detection.
This project analyzes the user behavior in the context of email phishing in an attempt to understand whether the user can identify phishing email or not in a real-world setting. And if so, then which cues do they use to classify an email. Our work introduces an empirical study focusing on task settings similar to those in the real-world that captures user behavioral information of fine granularity. In this study participants sorted legitimate and phishing emails. Subgroups of these remote users performed a secondary question-answering task and/or were incentivized by a monetary reward based on email sorting accuracy. In the preliminary result analysis, we discovered that the monetary incentive can positively affect users’ behavior and performance, but not in a straightforward manner. Multitasking, on the other hand, has a negative effect on users’ ability to correctly classify emails.