Below is a brief discussion of some of my projects. You can check my online publications for more details. Come speak to me to get more specifics as to what I'm looking for to be done in each of these areas.
Digital Forensics: The application of forensic processes to digital mediums.
Computer Forensics: The analysis of computers and hard drives from crime scenes, etc.
o Developing interaction and visualization techniques for the analysis of computer hard drives
o Developing techniques for identifying and collecting data hidden in unusual hardware locations.
o Developing techniques for collecting and analyzing data from mobile devices
o Evauation and comparison of available techniques.
Network Forensics: The application of forensic processes to networks of interconnected devices. Mainly relates to systems compromised from a network based intrusion.
o Techniques for forensically collecting applicable data. How can this data be validated for forensic use, i.e., such the it can be used in criminal proceedings.
o Analysis of attacks in order to determine what data needs to be collected in order for said attacks to be collected. The ultimate goal is to allow for the more efficient collection of networked data.
o Techniques for the analysis of very large scale data associated with networks of computers and mobile devices. This will include network traffic data, system log data, router data, DNS data, etc.
Computer Security: Whereas forensics deals with the analysis of data in a post-mortem fashion, computer security deals with attempting to protect computer systems or detect attacks before they are successful.
Database Security: How can databases be better protected such that the loss of personal information often reported in the media can not happen. How can such techniques be more fully evaluated.
Attack Detection: The goal here is to identify attacks at their earliest stages before they are successful. The goal is to differentiate sophisticated vs. naive attacks.
Botnet Detection: Botnets have emerged as a leading threat to computer networks. We must examine mechanisms for detecting such attacks. We are looking at multiple integrated techniques for the detection of botnets, including: mining of DNS data, mining of network traffic data, mining of system log data, visualization, signature based techniques, etc.
Remote Agents: The air force has particular interest in this area. Specifically, the goal is to explore how remote agents can be used to initiate a defensive capability. The idea is to have a modular, remotely upgradeable capability to rapidly deploy new defensive capabilities or postures. These agents must interact with local policies and rules and thus a rule system is also needed to specify policies.