Author Attribution of Binaries (available)

Attributing binaries, whether malicious or benign, is a difficult and time consuming task however, there is an increase demand for this either for attributing cyber attacks or preventing plagiarism. The goal of this project is to use machine learning to predict authorship of binaries. You will use a corpus of open source software either for … full description “Author Attribution of Binaries (available)”

Building an internal malware repository (available)

The goal of the project is to build a malware repository that can be queried internally by members of S3Lab using a consistent web interface or API, similarly to existing malware repository (e.g., VirusTotal, VirusShare), but for internal use only. In the first phases of the project, the student will need to interact with members … full description “Building an internal malware repository (available)”

Machine Learning vs Machine Learning in Malware Evasion (available)

Machine learning is a popular approach to signature-less malware detection because it can generalize to new (unseen) malware families. Some recent works have proposed the use of AI/ML-powered malware to bypass machine learning anti-malware systems. The goal of the project is to model the system of malware vs anti-malware systems as two opponents using various … full description “Machine Learning vs Machine Learning in Malware Evasion (available)”

Mitigating Anti-Sandboxing Tricks used by Malware (available)

Aims: Detecting and Mitigating some Evasion Techniques used by Malware Background: Several malware samples exploit advanced tactics to detect whether they are run in a sandboxed/virtual analysis environment. In such cases, malware samples do not perform any malicious actions to evade analysis and detection by security researchers. The goal of the project is to analyse … full description “Mitigating Anti-Sandboxing Tricks used by Malware (available)”

Virtual Trusted Platform Module (vTPM) Migration in Cloud Environments (completed)

TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used to authenticate a computer platform. For instance, a TPM can be used to store platform measurements that help ensure that the platform remains trustworthy. Authentication (ensuring that the platform can prove that it is what it claims to be) and … full description “Virtual Trusted Platform Module (vTPM) Migration in Cloud Environments (completed)”