Research on practical/technical aspects of digital forensics, threat hunting and threat intelligence is always inspiring me. Please note, although I do use all sorts of different computer science techniques (e.g., machine learning, data analytics, etc.) in my works, I am only interested in solving hunting/investigation problems, and not interested in advancing the field in other areas. Also, note that I am not interested in Cryptography and intrusion detection in the general sense. Current attacks are more sophisticated and specific and although what I do is related to IDS, but I target more specific problems to have more effective solutions (e.g., APT detection, exploitation detection, etc.) as follow:
Forensically Sound Cyber Threat Hunting and Intelligence
Today's adversaries including Advanced Persistent Threat (APT) actors accomplish their goals using advanced tools and techniques designed to circumvent most conventional computer network defence mechanisms, go undetected during the intrusion, and then remain undetected on networks over long periods of time. Hence it is necessary to build tools, techniques and strategies to hunt for attackers’ remnants on different host and network locations and utilise different fuzzy learning and deep learning techniques to analyse collected data to build intelligence that can be used for determining threat actors’ tactics, techniques and procedures (TTPs). It is equally important to guarantee forensics soundness during collection and preservation of threat actors remnants (forensically sound threat hunting) and preserve user's privacy in collection of only relevant data to the given investigation case. Following are couple of more focused research areas in this domain:
Cyber Threat Hunting and Intelligence in Internet of Things (IoT) and Industrial Control Systems (ICS)
With the fast integration of computation and networking in all physical process and development of lots of smart-contexts, the spectrum of devices that can be investigated is extensive. A range of devices and protocols from PDAs and mobile devices to automobiles, sensors, and robots which are interconnected pervasively! The examination of these devices is a crucial component in future legal, governmental, and business investigations. Therefore, we need models and frameworks that for forensically sound collection, preservation, analysis and documentation of evidence in these environments.
Real-Time Malware Detection in IoT/ICS Networks
IoT platforms are the best means of spreading and dispatching malicious programs as these systems are usually lacking of standard detection/protection systems (i.e. Firewalls, IDS,..) and end-nodes are usually not employing any defensive mechanism. Therefore, developing light weight and generalizable techniques for real-time detection of malicious programs is important for securing IoT networks .
Attack Profiling using Attackers TTPs
While many of existing attack attribution techniques are relying on easy to change Indications of Compromise (IOCs), a reliable attack profiling should be based on attackers Tactics, Techniques and Procedures (TTPs) which are hard to change (refer to the hackers Pyramid of Pain). Utilising pattern recognition, fuzzy and deep learning techniques to detect proprties of attackers TTPs and automate the detection process to be suitable for large scale deployment is an interesting research challenge.
Detecting Software Vulnerabilities and 0-Day Exploits
With the fast growth of IT industry and huge pressure on quickly developing software programs; tones of vulnerabilities are released every day! Timely detection and properly handling these vulnerabilities require a lot of consistent research. Developing (semi) automated tools and techniques for detection of 0-day vulnerabilities and mechanisms to mitigate risks of 0-day exploits are important goals of this project.
I am always looking for active degree, master and Ph.D students and post-doc candidates interested to work in practical aspects of cyber-security and digital forensics! If you are having interests in cyber-security and digital forensics, I would love to hear from you! We can further discuss and define specific projects suitable for your level as follow:
Please feel free to contact me for further information or to make an appointment.