In the current era of cyber warfare and security threat attacks, it comes as a crucial need to constantly monitor and analyse the ongoing threats and day to day malicious activities. The Cyber Threat Intelligence Analysis project created by me deals with real-time extraction of raw threat intelligence data like malicious IP addresses, latest information regarding botnets, malwares, spams, phishing domains across the world from multiple reliable sources and threat feeds across the internet, and make a statistical dashboard of this data, which includes real-time updation of multiple statistical visualisations like threat intelligence pie-charts, GeoIP maps, country comparisons, date-time analysis and other data aggregation techniques. This Threat intelligence Dashboard will help analysing the day to day cyber attacks happening in different regions of the world and their impact on organisations. It will also help in making the current system security better by analysing the threats and taking measures in accordance with the same.
Akshat AggarwalIndian Institute of Information Technology, Allahabad
Mazhar Imam KhanIndian Institute of Engineering Science & Technology, Shibpur
In this internship I will be working on Honeysystem which is a collective term used to describe different varieties of Honeypots like client-side Honeypots, server-side Honeypots, and Honeytokens. Honeypot is a server that is configured to detect an intruder by mirroring a real production system. It appears as an ordinary server doing work, but all the data and transactions are phony. My main focus will be on one of the two broad categories of Honeypots available today on the basis of interaction offered by them, high interaction and low-interaction. I will also be learning about different Honeypots based on their deployment, client-side and server-side Honeypots . The main task will be to use these Honeypots and study how they detect and deceive the attack or attacker to gain maximum information about the attack vector and the types of threats captured by the client-side and server-side Honeypots.
Critical Infrastructures are the most important assets for any country in terms of economic and financial aspects and they vary from country to country. For India power and water supplies are some of the critical infrastructures that are controlled using Industrial control systems. SCADA (supervisory control and data acquisition systems) plays an important role in Industrial control systems. Recently they have become attractive target for highly skilled and organized cyber attackers who are looking to harm these assets for disturbing there economic and financial growth and disturb the lives of the people of the country. In the past a malware named STUXNET targeted industrial site of Iran- uranium enrichment plant. The malware manipulated set point at which the centrifuges are supposed to rotate which changed the speed of the centrifuges without the knowledge of the uranium enrichment plant-operators. Stuxnet is the first known reported malware that successfully infiltrated and harmed a critical infrastructure. This has led to a major concern of strengthening the cybersecurity in critical infrastructure space. And for this we need persistent security systems which can defend against zero day attacks. We have seen signature based IDS (Intrusion Detection Systems) that can defend against known or defined attack types but not unknown or zero days. For this we need Intelligent Intrusion detection systems that uses deep learning techniques like neural networks to defend against these attacks. I will develop an Anomally based IDS using Neural Networks as part of my internship.
Sagar SharmaKNIT, Sultanpur
During my internship here, at IIT Kanpur, I have researched and analysed Application Security Vulnerabilities. Vulnerabilities are flaws or weaknesses in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy. My focus was on assessment of maximum number of possible attack vectors and finding mitigation and remediation techniques for them.
During this research internship I would be working on static and dynamic malware analysis and will try to find the best approach to detect them. My next focus will be on machine learning models that will be trained to detect malware automatically.
Shobhit RastogiIIT Kanpur
My project is to deliver a SMTP server and client. The server would be able to register new users onto the mailing system. Users would be capable of sending mail to the clients in the same domain registered onto the network.
The public key cryptographic system would be deployed to ensure secure mail transmission.
I would implement this using Haraka, an open source SMTP server written in Node.js. Every new user will generate a public key-private key pair and then send the public key to the server, requesting to register itself. The server will authenticate the user with the help of an OTP. To send a mail to a client registered on the same domain, the users will request the server for the public key of the receipient which will be fetched from the database and then sent to the requesting client. I will use PGP encryption program to encrpyt/decrypt the mail to/from plaintext.
Dipanwita MukherjeeWest Bengal State University
Phishing is generally carried out by sending phishing links by email or Instant Messengers and it often redirects users to another fake website that is identical in terms of look and feel with the legitimate one. It may steal personal information from communications purporting to be from social websites, auction sites, banks, online payment processors or IT administrators who are often used to lure victim. Phishing emails may contain links to websites that are infected with malware.
The purpose of the project is to design and implementation of a Browser Add-on having cross-browser compatibility using Web extension API to alert users about phishing websites and also block them.
During this one month of internship, I designed an add-on thatwill alert users about each and every domain they are about to visit and unless and until the user won’t allow it, neither the website will be accessible nor the website can affect the computer in any way. The user prompt is voice based highlighting the domain name resulting in alerting phishing attempts.
This keeps a log of the URLs it has been visiting and whether the alert should pop up next time is decided previously by the user himself.
Jayadeep Reddy GantaNational Institute of Technology, Tiruchirapalli
Being highly enticed by the intricacies of computer hardware, I developed an interest towards VLSI design. For my internship, I took up the task of designing a co-processor for deploying security solutions for LTE(4G) systems. Nowadays, LTE is in the rise, taking over the whole spectrum of mobile communication. So, data encryption has gained a lot of significance. Although, there are many software based solutions available for encrypting the data, there are a lot of vulnerabilities for such systems. My work will be mainly focused on deploying the cryptology algorithms being used in LTE communication on FPGA. After deployment, I will try to optimize all the key constraints like power consumption, Throughput, Time delay. I will also be learning about the techniques to reduce the resource usage and area of the processor. Finally, I will learn about the methods of secure communication between the master processor and co-processor.
Utsava VermaManipal Institute of Technology, Manipal
Around 3 lakhsmalwaresper day are being encountered by various antivirus companies. Analysis of such large number of malwares is a challenging task. Moreover, most of the malware are modified versions of some pre-existing malware and do not need manual analysis. However, few of the malwares requiremanual analysis to identify their signature. For this classification of malware, machine learning is being used. The attributes of the files such as Windows Portable Executable file header are analyzed for many malicious and benign files. Machine learning models are applied on the attributes of the existing training data to classify new malware correctly. Python programming language and some of its libraries are used for the task.
Ashish GahlotGovt. Engineering College, Ajmer
During this research internship I would be working on SCADA security systems. SCADA systems are a type of control system architecture that can be controlled by computers over a network communication. The communication protocol used by them is Transmission Control Protocol (TCP). During my first week of internship I learnt how various types of system attacks can be performed. This involved studying buffer overflow attacks both on stack as well as heap. After that I tried to understand how control systems work by writing ladder logic for basic controls programs and running them on raspberry pi. In the upcoming week I would be studying how to bypass firewalls and perform network scan of the internal network of SCADA systems. In the future I would try to replay the communication between the two communicating machines over some protocol by crafting network packets using scapy.
Amodini VardhanManipal Institute of Technology, Karnataka
I am working on building a Grade Management System which is scalable depending on different institutions needs,secure to cyber attacks on the system and non repudiable.I am engaged in developing both the web-based platform using Drupal as well as ensuring cyber security to the platform by penetration testing and other methods.The grade management system is split into 3 phases of pre -registration,grading and registration.It can be used by students ,instructors and the administration of the institution.
This internship helps me work on both my interests web development and cyber security simultaneously. I also have worked on a research-paper on AES Based Symmetric-Biometric Crypto System using User Password.
Mugdha JadhaoIIT Roorkee
‘VLSI’ and ‘Embedded systems’ fascinate me. During my internship, I will be working on the project ‘Designing a co-processor for implementing crypto algorithms.’ Algorithms implemented would be specifically related to deploying security solutions for LTE/SAE (4G) systems as 4G wireless networks operate entirely on the TCP/IP architectural suite, thus possessing greater risks in terms of safety and reliability. The project would be implemented on FPGA platform. My aim would be to optimize the parameters of coprocessor like throughput, power consumption, resources, time delay, area, etc. I would also have to ensure secure communication between the processor and coprocessor.
Mohit SharmaAshoka University
In this post-signature era of advance technology where everything is shifting to the online world, we are getting more and more prone to highly sophisticated malware attacks. Although most of the malwares are intended for the general public there are cases where malwares are only directed to specific targets. Thus, it is critical to figure out the motive of the malware so that it can be put on halt. Here at IIT-Kanpur we are using Machine Learning to analyse the already existing malwares to extract traits commonly known to be in malwares. These traits can then be used to train Machine Learning models that successfully predict and classify an unknown file into benign or malicious category. Food for thought: Stuxnet, Equation Group.