Jeremy Abramson

Data Driven CyberSecurity @ ISI

The Data Driven Cybersecurity @ ISI group is looking for talented researchers to assist with the following projects:

  1. Social Graph Analysis and Attribution of Software Exploit Contributors Using GitHub: 
    Attribution of threat actors is an increasingly important and difficult problem. One potential mitigation is the early detection of potential threat actors via analysis of open-source intelligence (OSINT). This project will analyze the social graph of users who contribute to, follow, star, and otherwise interact with proof-of-concept CVE implementations and other relevant potentially malicious (e.g. software vulnerability) repositories.  These social graphs will be analyzed to see if potential “black hat” threat actors have networks that differ from their “white hat” counterparts.  If successful, such a project could help speed the discovery of dangerous threat actors, as well as aiding in linking threat actor personas on the internet. 

  2. Integration of Frame Semantics to Cyber Ontologies
    Cyber ontologies such as STIX and ATT&CK can represent complex relationships between cyber threat actors, attacks and infrastructure.  While such representations are conducive to interoperability between systems, they are often unwieldy for human cyber analysts to deal with directly.  Conversely, Natural language generation (NLG) frameworks like FrameNet represent language in a structured manner, but frame specifications are often not specific enough for specialized domains (such as cyber security).  Leveraging and combining the semantic structure of both forms can create a tool that can translate cyber threat data in standard interoperable formats (such as STIX) to human-readable reports, via existing NLG frameworks.  Working on a project such as this provides an opportunity for significant impact, as the fusion of these two structures could greatly increase both the adoption and the utility of cyber threat ontologies.

  3. Social Network Expansion: Construction of a human-subject spearphishing experiment:
    Social Network Expansion (SNE) aims to explore the relationship between various factors of “cost” in creating social networking personas, and these personas’ efficacy in connecting and interacting with a target populace.  A more complete understanding of this relationship between required adversarial complexity/resources and connection/interaction efficacy will enhance our ability to detect and mitigate a number of threats, including (but not limited to) spearphishing, persona hijacking and the spread of fake news.  

  4. Textual, Structural and Semantic Analysis of Phishing Datasets
    Phishing attacks – both specifically and broadly targeted – are an increasingly dangerous vector for malice. Because of the textual and semantic similarities between potentially malicious and benign emails, detection of subtle phishing attacks can be difficult. This project aims to provide a high-level textual and structural analysis of different phishing datasets to determine what features in a conversational chain may be useful in increasing detection of phishing attacks. Students will work on textual extraction of features (intent, sentiment, tone, etc.) and analysis of externally verifiable content (company affiliation, etc.)

  5. Detecting Malware Campaign Lifecycles from Behavioral Analysis:
    This project aims to detect and coalesce families of malware articles and campaigns by analyzing their behavior and interactions with the outside world. Features such as network activity, system component interactions and others can be used to cluster malware articles and determine the duration of malware campaigns otherwise thought to be independent. Students will work on Exploration of open-source malware API contents (e.g. VirusTotal), construction of malware behavioral data set, generation of similarity metrics (network traffic access patterns, system interactions, etc.) and analysis and clustering of malware articles and campaigns.

Note that we are not currently hiring for student working positions.  If you are a Ph.D. student or interested in a directed research, please contact Dr. Jeremy Abramson (abramson at ISI dot edu) with the following information:

  • Name
  • Year of study (3rd year, MS student, etc.)
  • Degree program (Computer Science, Data Science, etc.)
  • Project(s) that you want to work on (note: you will only work on one project at a time, but you can specify a preference list)
  • Number of units of DR requested (if applicable)
  • A current resume

Thank you so much, and looking forward to working wtth you!