Research
CCI has been involved in various research projects throughout the years. Below are various projects, past and present, that we have worked on.
Current Research
National Security Agency Center of Academic Excellence
MSU is designated as a National Center of Academic Excellence in Cybersecurity (NCAE-C) by the National Security Agency (NSA). MSU is the only university in Mississippi designated as an NCAE-C and one of only a few universities nationally to hold all three academic designations awarded by the NSA. MSU is designated as a:
More information about MSU's designation, visit MSU's Department of Computer Science and Engineering.
MSU is designated as a National Center of Academic Excellence in Cybersecurity (NCAE-C) by the National Security Agency (NSA). MSU is the only university in Mississippi designated as an NCAE-C and one of only a few universities nationally to hold all three academic designations awarded by the NSA. MSU is designated as a:
- Center of Academic Excellence in Cyber Defense (CAE-CD)
- Center of Academic Excellence in Cyber Research (CAE-R)
- Center of Academic Excellence in Cyber Operations (CAE-CO)
More information about MSU's designation, visit MSU's Department of Computer Science and Engineering.
Medium Range Ground Based Radar
We are partnering with industry and other academic partners on the design, development and test of a mid-range, ground-based, mobile, radar to detect and track small, unmanned threats that are increasingly being used in conventional warfare and pose a significant risk to future U.S. national security. The Mississippi State team will leverage our expertise in artificial intelligence, cyber security, and high-performance computing to help deliver the next generation of war-fighting capabilities to our nation.
We are partnering with industry and other academic partners on the design, development and test of a mid-range, ground-based, mobile, radar to detect and track small, unmanned threats that are increasingly being used in conventional warfare and pose a significant risk to future U.S. national security. The Mississippi State team will leverage our expertise in artificial intelligence, cyber security, and high-performance computing to help deliver the next generation of war-fighting capabilities to our nation.
Open-Source Intelligence
The Open-Source Intelligence (OSINT) Laboratory at Mississippi State University aims to solve some of our nation’s most pressing national security concerns by applying rigorous research methods to open-source data. Our goals are to improve the capabilities and effectiveness of practitioners in the national security community, build a pipeline of professionals ready to contribute to the Intelligence Community on Day 1, and think through the policy, legal, and ethical considerations of OSINT. For more information, visit Open-Source Intelligence Laboratory.
The Open-Source Intelligence (OSINT) Laboratory at Mississippi State University aims to solve some of our nation’s most pressing national security concerns by applying rigorous research methods to open-source data. Our goals are to improve the capabilities and effectiveness of practitioners in the national security community, build a pipeline of professionals ready to contribute to the Intelligence Community on Day 1, and think through the policy, legal, and ethical considerations of OSINT. For more information, visit Open-Source Intelligence Laboratory.
Law Enforcement and Victims Services Directory
Using a grant from the Bureau of Justice Statistics, a multidisciplinary team from Mississippi State University is providing a consolidated, updated, and searchable directory of Mississippi law enforcement and victims’ services directories. This directory is provided as a larger effort to understand prevalence, incidence, and reporting of crime in Mississippi that includes mail-in surveys and analysis of social media and other publicly available information (PAI) reporting.
Using a grant from the Bureau of Justice Statistics, a multidisciplinary team from Mississippi State University is providing a consolidated, updated, and searchable directory of Mississippi law enforcement and victims’ services directories. This directory is provided as a larger effort to understand prevalence, incidence, and reporting of crime in Mississippi that includes mail-in surveys and analysis of social media and other publicly available information (PAI) reporting.
Previous Research
NIST Controls Awareness Training (NCAT)
The NIST Controls Awareness Training (NCAT) is a project geared towards equipping companies with the knowledge necessary to make cost effective decisions on how to comply with DFARS 252.204-7012 via the NIST 800-171 security controls. By not following the 110 security controls outlined in NIST 800-171, a company puts itself in danger of having contracts revoked and/or potentially exposing important information and services to possible theft, manipulation, interruption, or other malign actions. For more information, visit NIST Controls Awareness Training (NCAT).
The NIST Controls Awareness Training (NCAT) is a project geared towards equipping companies with the knowledge necessary to make cost effective decisions on how to comply with DFARS 252.204-7012 via the NIST 800-171 security controls. By not following the 110 security controls outlined in NIST 800-171, a company puts itself in danger of having contracts revoked and/or potentially exposing important information and services to possible theft, manipulation, interruption, or other malign actions. For more information, visit NIST Controls Awareness Training (NCAT).
MSU SBDC Cybersecurity
The Mississippi State University Small Business Development Center CyberSecurity (MSU-SCS) project is focused on developing and deploying initiatives to support businesses in several key areas for data protection:
The Mississippi State University Small Business Development Center CyberSecurity (MSU-SCS) project is focused on developing and deploying initiatives to support businesses in several key areas for data protection:
- Securing the intellectual property of businesses
- Understanding and preparing for potential effects of disruptions in day-to-day operations
- Creating cybersecurity plans to protect online sales, marketing, and online distribution and delivery of products and services
- Establishing secure work environments for teleworking and business operations
Digital Forensics
Using Physical Memory Relationships to Identify Malware This research aims to provide a novel approach for detecting malware and understanding how it affects random access memory (RAM). Its' anticipated use is by incident responders and malware analysts to quickly triage which artifacts are most relevant for analysis. In RAM there are a number of objects that work with one another to ensure that a system functions properly. For instance, when a process is started it will load several dynamic link libraries (DLLs). That same process could create a network connection, interact with registry entries, and have handles to other files that it needs to perform its designed actions. This work uses memory forensics, community detection, and machine learning with the end goal of distinguishing between how malicious artifacts interact with memory compared with the benign.
Using Physical Memory Relationships to Identify Malware This research aims to provide a novel approach for detecting malware and understanding how it affects random access memory (RAM). Its' anticipated use is by incident responders and malware analysts to quickly triage which artifacts are most relevant for analysis. In RAM there are a number of objects that work with one another to ensure that a system functions properly. For instance, when a process is started it will load several dynamic link libraries (DLLs). That same process could create a network connection, interact with registry entries, and have handles to other files that it needs to perform its designed actions. This work uses memory forensics, community detection, and machine learning with the end goal of distinguishing between how malicious artifacts interact with memory compared with the benign.
Malware Detection Via Code Clones
The development of malware variants is as simple as making slight changes to the source code or even changing compiler settings, which would render signature-based detection tools unreliable. In addition, variants are now being automated within the code or evolution of malware creation of variants by any means being automated within the code also known as polymorphic malware. This reuse of code by malicious agents make the workload of analyzing malware more difficult, due to the amount of malware that needs to be analyzed. The process of analyzing malware through either dynamic or statistical means is always costly, either by time, computationally or both. The goal of this research is to deduce the viability of code clones as features in hierarchical clustering of malware to determine phylogenetic relationships.
The development of malware variants is as simple as making slight changes to the source code or even changing compiler settings, which would render signature-based detection tools unreliable. In addition, variants are now being automated within the code or evolution of malware creation of variants by any means being automated within the code also known as polymorphic malware. This reuse of code by malicious agents make the workload of analyzing malware more difficult, due to the amount of malware that needs to be analyzed. The process of analyzing malware through either dynamic or statistical means is always costly, either by time, computationally or both. The goal of this research is to deduce the viability of code clones as features in hierarchical clustering of malware to determine phylogenetic relationships.
Virtualized IoT (Internet of Things) Project
We propose the research and development including a proof-of-concept implementation of a framework that is capable of simulating devices’ vulnerabilities for training purposes, as well as emulating a specific list of supported devices for which firmware is available. This approach will allow for more flexibility in the number of scenarios and devices available for training and will allow for potential inclusion of emulated devices in addition to pseudo devices.
We propose the research and development including a proof-of-concept implementation of a framework that is capable of simulating devices’ vulnerabilities for training purposes, as well as emulating a specific list of supported devices for which firmware is available. This approach will allow for more flexibility in the number of scenarios and devices available for training and will allow for potential inclusion of emulated devices in addition to pseudo devices.
Netmapper
The intent of the Netmapper project, is to create a light weight tool that can extract enough information from a physical or virtual network to build a virtual copy of that network at a later date. In the process of doing this, we have also created a network hardware/software inventory tool, a network mapping tool that can create editable Visio maps of a network, and a network debugging tool. A snapshot can also be taken of the network and compared with another snapshot from a different time and the differences between the networks can be displayed in a “diff” format or graphically in a network plot. Netmapper can also be used to merge maps of networks together. For example, it can be used to map sub domains separately and then merge them together into one network map or plot.
Netmapper is written in Python 3 and currently does not require use of an external database. Data extracted from the network is stored in XML format which simplifies the building of custom queries to extract whatever information is required by the user. The tool runs under Windows or Centos 7 and can be used to map and inventory Windows or Linux networks. In addition, when integrated into an Ansible/Packer framework developed by our customer, it can not only extract the information to virtualize a network but greatly simply the process of actually standing up networks by automating parts of the framework flow which require manual effort to put into place.
The intent of the Netmapper project, is to create a light weight tool that can extract enough information from a physical or virtual network to build a virtual copy of that network at a later date. In the process of doing this, we have also created a network hardware/software inventory tool, a network mapping tool that can create editable Visio maps of a network, and a network debugging tool. A snapshot can also be taken of the network and compared with another snapshot from a different time and the differences between the networks can be displayed in a “diff” format or graphically in a network plot. Netmapper can also be used to merge maps of networks together. For example, it can be used to map sub domains separately and then merge them together into one network map or plot.
Netmapper is written in Python 3 and currently does not require use of an external database. Data extracted from the network is stored in XML format which simplifies the building of custom queries to extract whatever information is required by the user. The tool runs under Windows or Centos 7 and can be used to map and inventory Windows or Linux networks. In addition, when integrated into an Ansible/Packer framework developed by our customer, it can not only extract the information to virtualize a network but greatly simply the process of actually standing up networks by automating parts of the framework flow which require manual effort to put into place.
SCADA (Supervisory control and data acquisition)
The CCI SCADA lab located in the HPCC building was established to allow students to work with software and hardware that they might see in industry. The lab has been used to find zero-day exploits in commercial software and it has been used to demonstrate attacks on wireless networks. It has also been used to provide network traffic data when being attacked. At least two efforts are contemplated:
The CCI SCADA lab located in the HPCC building was established to allow students to work with software and hardware that they might see in industry. The lab has been used to find zero-day exploits in commercial software and it has been used to demonstrate attacks on wireless networks. It has also been used to provide network traffic data when being attacked. At least two efforts are contemplated:
- A study to evaluate the effects of NMAP and Netmapper on the SCADA network and what settings for these programs would minimize how much they affect the network. These programs would use the active NIC (network interface card) of the monitoring nodes and the passive NIC would be used to collect data on how they affect the network.
- There is a need for data captures of SCADA networks. This project would involve setting up the network to generate SCADA traffic and then capturing it so it could be made available for people/groups interested in this kind of traffic.
Self-Protecting Systems
One of the major trends in research on Self-Protecting Systems is to use a model of the system to be protected to predict its evolution. However, devising the model requires special knowledge of mathematical frameworks, that prevents the adoption of this technique outside of the academic environment. Furthermore, some of the proposed approaches suffer from the curse of dimensionality, as their complexity is exponential in the size of the protected system. We are developing a model-integrated approach for the design of Self-Protecting Systems, which automatically generates and solves Markov Decision Processes (MDPs) to obtain optimal defense strategies for systems under attack. MDPs are created in such a way that the size of the state space does not depend on the size of the system, but on the scope of the attack, which allows us to apply it to systems of arbitrary size.
One of the major trends in research on Self-Protecting Systems is to use a model of the system to be protected to predict its evolution. However, devising the model requires special knowledge of mathematical frameworks, that prevents the adoption of this technique outside of the academic environment. Furthermore, some of the proposed approaches suffer from the curse of dimensionality, as their complexity is exponential in the size of the protected system. We are developing a model-integrated approach for the design of Self-Protecting Systems, which automatically generates and solves Markov Decision Processes (MDPs) to obtain optimal defense strategies for systems under attack. MDPs are created in such a way that the size of the state space does not depend on the size of the system, but on the scope of the attack, which allows us to apply it to systems of arbitrary size.
NIST 800-171 Compliance (Partnered with USM)
NIST_logo graphicWorking with the DoD Office of Economic Adjustment and partnered with USM, CCI has been developing a training tool to assist Mississippi Defense Contractors comply with NIST 800-171 standards as mandated in the Defense Federal Acquisition Requirement Supplement (DFARS) clause 252.204-7012. We have created a training tool and are prototyping it with Mississippi defense contractors. CCI is also delivering the training to accompany use of the tool.
NIST_logo graphicWorking with the DoD Office of Economic Adjustment and partnered with USM, CCI has been developing a training tool to assist Mississippi Defense Contractors comply with NIST 800-171 standards as mandated in the Defense Federal Acquisition Requirement Supplement (DFARS) clause 252.204-7012. We have created a training tool and are prototyping it with Mississippi defense contractors. CCI is also delivering the training to accompany use of the tool.
DOD 8140 Information Assurance Workforce Training, Certification and
Workforce Management
The National Security Agency has supported CCI in delivering DoD 8140 certification training to the National Guard. As observed by the DoD CIO’s office, cyber training for the National Guard is a “twofer” in that it not only enhances the cyber readiness of DoD but the guardsmen bring those same cyber skills back to their civilian careers. CCI has prepared and delivered training to support the following certifications:
The National Security Agency has supported CCI in delivering DoD 8140 certification training to the National Guard. As observed by the DoD CIO’s office, cyber training for the National Guard is a “twofer” in that it not only enhances the cyber readiness of DoD but the guardsmen bring those same cyber skills back to their civilian careers. CCI has prepared and delivered training to support the following certifications:
- Certified Information System Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
- Security+
- Certified Information Security Management (CISM)
Engaging the Mississippi Delta in CyberCorps
The National Science Foundation (NSF) is supporting MSU’s efforts to better prepare Mississippi Valley State University students for government service by early engagement in Federally recognized cyber certificate programs. We developed an exportable Security+ study program that will significantly reduce the up-front cost for students to certify. Security+ certified MVSU graduates will be more competitive to enter the Federal Civil Service as well as positions in the private sector.
The National Science Foundation (NSF) is supporting MSU’s efforts to better prepare Mississippi Valley State University students for government service by early engagement in Federally recognized cyber certificate programs. We developed an exportable Security+ study program that will significantly reduce the up-front cost for students to certify. Security+ certified MVSU graduates will be more competitive to enter the Federal Civil Service as well as positions in the private sector.