Our general research area is cybersecurity in the Internet of Things(IoT). The Internet of Things proposes an unprecedented opportunity as everything can be interconnected; however, it also raises countless security risks. Adversely, a network of bots can be deployed to attack a variety of systems and devices, causing malicious activity. We are working on creating an online real-time intrusion detection system that recognizes different malware types to help secure the network. We used various IoT datasets and are attempting to apply machine learning to increase the efficiency and accuracy of detecting botnet traffic. So far, we have performed feature extraction on several large datasets using Python, and Scapy. The datasets were up to 100 gigabytes, so we had to use the RedHawk Cluster, a high-performance computing cluster. Scapy is a powerful Python package for packet manipulation and analysis. We were able to process the datasets in their PCAP(raw packet dump) form, extract relevant information, and create CSV files, which we can train machine learning algorithms and are human-readable, unlike the PCAP files. Additionally, we ran some machine learning algorithms on the data using the RedHawk Cluster. Currently, we have found a relationship between the response bytes and the type of attack. We found that if the response bytes are more than 3 kilobytes, this connection could be associated with a File Download attack, and, if the response bytes are less than 1 byte and with similar periodic connections, this could be associated with the Heart Beat attack. We are working on developing sophisticated data analysis for fine-grain malware classification. This experience has helped us gain hands-on experience in computer networks, cybersecurity, and data science in depth. Moreover, it has immensely helped us get internships and prepared us to ace interviews.
Authors: Ryan Schuerkamp, Nam Hoang, and Tom Deep
Faculty Advisor: Suman Bhunia, Computer Science and Software Engineering
You must be logged in to post a comment.