CAP6135: Malware and Software Vulnerability Analysis

Examples of Term Projects

Cliff ZouSpring 2012

Previous CAP6135 Term Projects

Web Application Vulnerabilities Spam Filtering Techniques Survey of P2P applications and inherent

security risks Building KnightBot: a covert self recovering

botNet library Rootkit A Study of IDS/IPS Spam Detection Zombies in the Clouds

Survey of Defensive Techniques for Preventing Cross Site Scripting Attacks

Computer Security/Forensic Tool Validation Exploring Steganography: Seeing the Unseen Methods of Preventing SQL Injection CAPTCHA Effectivity Survey Trojan Horses Smart card and Credit card security study Security Risks found within RFID Technology

3

Media Sterilization Survey of Malware Detection in Mobile

Environment Private Profile (a Facebook app) .NET Code Protection: Fighting Reverse

Engineering Security study in cognitive radio network Security virsualization Near Field Communication (NFC)Strengths and

Weaknesses

4

Some Suggested Hot Topics

Cloud computing security Encrypted data search Virtual machine isolation Law and policy on cloud location and storage Monitoring and log

Location-based service privacy for mobile system

Social network privacy

5

Some Interesting Topics Social network security and privacy

Social network based malware, such as previously appeared malware Boonana, Samy, RenRen, Koobface, and SpaceFlash.

Spam in social network, such as in twitter network Privacy vulnerability and protection; such as recent incident of

Facebook privacy problem Reputation assurance for online user reviewing system.

How to make user reviews reliable against malicious attackers or bots (such as fake review to boost a product)

Botnet modeling, attack method, defense (real case study, monitoring real botnet, peer-to-peer botnet)

6

Cloud computing security and privacy Virtual machine security: such as prevent information leakage

among different users on the same VM or on the same physical host.

Cloud data encryption. How to encrypt data on cloud so that the cloud provider cannot read the data and: (1). it can still be searched by client, (2) it can be shared by multiple users with efficient secure key management; (3). It can still support cloud provider to efficiently save storage by merging the same data together.

How to spread malware in cloud; how to defend malware in cloud environment

7

DNS security: DNS hijacking attack and defense DNS Poisoning attack and defense Case study of previous appeared DNS attack incidents

Email spam and phishing defense Spam detection, filtering Phishing attack defense

Wireless networking security Ad hoc network secure routing Reputation system for wireless networking Vehicular networking security and privacy Security and privacy protection in location service in wireless

networking (such as among smart phone users)

8

Security and privacy issues in smartphones Jail breaking in iPhone Worm propagation in smartphone: propagation theory, previous

incident case study, etc. Bluetooth security issue in smartphones

Web security Detection of malicious web sites (for example, by using crawling

and honeypots) Detecting of phishing/fake websites Detecting malicious code injection Verifying security for all web plug-ins or extensions Browser history or cookie security issues and protection

9

CAPTCHA security Image-based CAPTCHA, video-based CAPTCHA Improving text-based CAPTCHA Defense against CAPTCHA human-solver attack

RFID security and privacy Privacy protection in RFID systems Security protocols for RFID systems Real attacks against car key, gas station remote key, etc.

Anonymity Privacy-preserving data sharing Attacks against various anonymity protocols and systems Design of new/improved anonymity protocols

Black market study of hackers

10

Computer architecture based security Secure CPU design Secure memory design (e.g., each memory byte has a security

bit support) Secure cache design to defend against side channel attack

Peer-to-peer system security New attack methods against existing p2p protocols such as

bitTorrent Security issues in p2p video streaming

Network security Defense against distributed denial-of-service attack BGP router security Network traffic-based monitoring and attack detection Stepping stone identification

11