More data, more vulnerabilities

Protecting and securing data takes on many forms at Iowa State, where researchers in electrical and computer engineering are tackling big threats in the digital world: detecting malware on apps, improving online privacy and eliminating insider threats.

Mathematical abstraction and software reasoning

Suraj Kothari, Richardson Professor of Electrical and Computer Engineering, mixes theoretical ideas and practical application together as he looks for ways to improve the quality and security of software. The tools he has developed utilize visual mathematical models to dissect and conquer larger problems.

Recently, his models have been applied to detecting malware attacks within mobile applications for a Defense Advanced Research Projects Agency project. Kothari’s team designed a tool that gathered important information about an app as it scanned code for malware. This data is then presented in a compact form for a human analyst to review, allowing for more accurate assessments about an app’s intentions than systems currently in place. The tool is flexible enough to be refined and extended to address future malware attacks.

Machine learning to secure information

Morris Chang, associate professor of electrical and computer engineering, wants to make sure data collected by third-parties (think: healthcare workers or employers performing background checks) stays private. He says individuals providing personal information are increasingly exposed to vulnerabilities that may exist within a third-party’s data-collection system.

Through DARPA’s “Brandeis” Program, Chang is creating technology that helps secure privacy over the Internet through distributed algorithms that protect user’s data on mobile devices. Chang’s approach focuses on securing data before it is transmitted via Internet to remote cloud services. These services then use machine learning techniques to process data, allowing the data to be transferred in an irreversible way before reaching the Internet.

The project brings together researchers from several universities and segments the work to propose a solution to addresses the efficiency, privacy, security and flexibility of Internet computation.

Parsing big data to identify threats

Srikanta Tirthapura, associate professor of computer engineering, makes big data more manageable with methods that analyze extremely large data sets, especially data that quickly changes, which are often referred to as data streams.

Part of Tirthapura’s research is applied to cyber security, where he looks at how to convert, store and analyze information to find anomalous user behavior or unauthorized access. One example is insider threat detection, where someone within an organization who has authorized access to some parts of the system misuses his or her access.

He says detecting insider threats adds an extra challenge because the user is familiar with the system. In this case, technology is essential to search through gigabytes of files to identify unusual behaviors. That’s why Tirthapura has created tools that can be used across a variety of datasets and problems to efficiently retrieve and process information.