Internet of Things (IoT) systems have been deployed in many cost-critical and life-critical applications, but the tightly constrained nature IoT system design makes them less secure than traditional computer and server-based systems. Our research develops defenses for IoT systems against existing and future attack types. We investigate both host-based and network-based solutions, using software and hardware implementations. We are also developing a cyber test range which is used to evaluate the performance of a system under a realistic attack. This work is supported by a generous gift from the Herman P. & Sophia Taubman Foundation.
This work has been referenced in an article in the OC Register, Record-breaking year UC Irvine nets 441 million in research funding , 8/10/2019.
Social engineering attacks, also known as “scams”, are an extremely common and dangerous threat today. Scams typically result in financial loss by convincing a victim to perform an ill-advised action such as sending money, or convincing him to provide private information. There has been a great deal of research studying phishing emails, but phone-based social engineering attacks are not well understood. Our research in phone-based social engineering attacks is two-fold, 1) evaluating the effectiveness of different types of attacks, and 2) developing a tool to automatically detect attacks. We are performing a study in which we attempt different phone scams against participants to see what they are vulnerable to. We are also developing a scam detection approach which uses Natural Language Understanding techniques to identify suspicious intent in a conversation. This work is supported by the National Science Foundation under Grant No. 1813858.
We have distributed an open source tool implementing our first approach to this problem, Social Engineering Defense. This tool has garnered significant attention in several online news media sites.
- Natural Language Processing Fights Social Engineers
- Four Cool Tools Expected Out of Black Hat
- 3 storylines to watch during Black Hat 2018
- The biggest threat to your online security is you
It is typical for programmers to implement their code based on an understanding of the intended behavior expressed in a natural language document. The programming task is heavily manual since the job of interpreting natural language specifications is typically left to humans. Our research seeks to simplify programming tasks by automatically interpreting natural language specifications and generating code artifacts with matching functionality. For instance, a specification may describe a pre-condition property of a function we could automatically generate an assertion statement to check the property.The ultimate goal of the work is to automate the generation of segments of code in order to allow the programmer to focus on more abstract design issues.