Apply now

Seminars & Events


Short introduction to C3I Center's Research

Bio:Currently, I am doing M. Tech in Cyber Security from Computer Science and Engineering department, Dr. A.P.J. Abdul Kalam Technical University. I have done B.Tech. in Computer Science and Engineering from Uttar Pradesh Technical university, Vira College of Engineering Bijnor (2009-2013). I am working in area of cyber security and also have great interest in Web Vulnerability Assessment and Penetration Testing (WVAPT).

Area of Interest- Network and Information Security, Cryptography.

Project- Deep Packet Inspection (DPI) in Network.

Abstract- Computer networks become larger day by day and connected to the internet is the subject of cyber-attacks. Economic cost of cyber-attack is commercial loss arising from theft of corporate and financial information, reputational damage, and legal consequence of cyber breach. Many forensic tools and strong security measure contribute together to detect those attacks and re-establishing the network. Hence increasing security of the network is much more important. Various Forensic tools are used to capture, filter and inspect packets. In this work, I will use these tools for deep packet Inspection and analysis the malicious traffic on the network.

Bio: I am pursuing M.Tech in Computer Science (with specialization Cyber Security) at the Centre for Advanced Studies, Dr. A.P.J. Abdul Kalam Technical University, Lucknow and I have done B.Tech degree in Computer Science Engineering from Shri Ram MurtiSmarak College of Engineering & Technology at Bareilly.

Area of Interest:  Cyber Security, Malware Analysis & Web VAPT

Title: Detection of loopholes in web application

Vulnerability Assessment and Penetration Testing (VAPT) techniques help them to go looking out security loopholes. These security loopholes could also be utilized by attackers to launch attacks on technical assets. It divides into 3- phases like Web Application Development Cycle, Web Application Security Testing and Web based attacks, Security aspect in Development Cycle. According to the news of OWASP for web applications vulnerability like Broken Authentication & Session Management, Cross-site Scripting (XSS), Insecure Direct Object References. In my work I am doing detection of some loopholes in web application.

Bio: I am an undergraduate Computer Science Engineering student from Gandhi Engineering College, Odisha. By day am a full-time student and at night am an Ethical Hacker and a Cyber Security Researcher. Till yet worked and acknowledged by more than 100+ companies, most of counted from Silicon Valley.

Area of Interest: VAPT (Vulnerability Assessment and Penetration Testing ). Basically, at C3I center am testing the security vulnerabilities of the SCADA systems.

Abstract: Detection of a malware when a new binary is downloaded, to distinguish it from ‘benign-ware’ is an important part of computer security.  There exist various techniques proposed by researchers using both static and dynamic analyses to detect malware. But day by day, malware authors have improved its evasion capability using non-persistence, obfuscation techniques, and use of  volatile payloads that operate only in memory.  With obfuscation techniques, malware authors make the reverse engineering of binary tougher. So now malware analysis is not limited to static and dynamic analysis. By memory forensics techniques we can get a comprehensive view of the actions of an executable. We have used an interval-based approach to take the memory dumps and then selected one memory dump for further analysis. In this work we have extracted various features from memory dump such registry bindings, suspicious DLLs, hidden processes, orphan threads, code injection, injected DLLs, file system etc., and automated the classification of malware vs. benign-ware. For evaluation purposes we used 1730 malware and 1571 benign files. We achieved 99.09% accuracy with 0.43% false positive rate using XG-Boost
classification method.

Abstract: Functional Encryption and Obfuscation are two of the most exciting primitives in modern cryptography. Functional Encryption generalizes public key encryption and allows fine grained access on encrypted data. Obfuscation asks to garble a program such that its input output behaviour is preserved but all its internal workings are hidden. These two primitives are deeply connected, and finding efficient constructions for them, provably secure from well understood hardness assumptions is one of the key themes of modern crypto research.

In this talk, I will summarize the state of art in this space as well as discuss some new results.