MEWS research group aims to advance cybersecurity knowledge in emerging mobile, embedded, and wireless environments. We conduct innovative research at the intersection of machine learning and cybersecurity. Current and past projects have explored machine learning and deep learning techniques for intrusion detection, mobile malware analysis and detection, security issues related to Internet of Things, embedded medical devices, and designing secure mobile health applications. Some of our on-going projects are listed below:
Current Projects
Data leak and Privacy Concerns of EEG devices
Electroencephalography (EEG) signals are commonly used in the medical field for recording electrical activity in the brain to diagnose epilepsy, stroke, encephalopathy, and brain death. In recent years, EEG devices for home use have become popular with their ability to improve mental acuity, concentration and sleep management among other health related applications.
EEG data is one of the most important and sensitive human health data that can reveal an individual’s sensitive health conditions. An attacker can steal a victim’s brain wave data over-the-air without accessing the victim’s device when in close proximity to the victim. Recent research has also shown that these EEG devices for home use can be easily hacked, where potential hackers can get access to users’ password by monitoring their brainwaves.
In this project, we demonstrate how malicious hackers can gain access to EEG signals. Instead of random guessing, we will explore the use of deep learning techniques to evaluate the feasibility of inferring user activity based on their neural signals with high accuracy.
Poisoning attacks on Federated learning Model
Federated machine learning is gaining increased adoption in recent years to address and improve user privacy in mobile and emerging IoT environments. Federated learning allows practitioners to train models with the data on a user’s device without the contents or details of that data ever leaving that device. However, the server in a federated learning system does not have access to the users’ training data or insight into an individual users’ proposed model update. This approach therefore introduces the possibility of a malicious user intentionally sabotaging the model either by participating in the training process with mislabeled data or by directly contributing model updates intended to harm the performance of the shared model. In this project, our goal is to develop and deploy effective defenses against poisoning attacks in federated learning to ensure that these models generated with collaborative learning can be deployed in confidence.
Deep Learning Approach for ECG Authentication on Connected Medical Devices
Wireless Medical Devices are now increasingly connected to the Internet allowing for improved patient outcomes and quality of care. As the number of connected devices continues to grow, so does the attack surface, increasing the already critical need for more robust medical device security.
In this project, our goal is to enhance security of medical devices by using patients’ electrocardiogram (ECG) signals to authenticate devices. Our group is currently developing a deep learning framework to allow a device to learn its user’s ECG in order to authenticate them against untrusted entities. Specifically, we design recurrent neural network (RNN) and convolutional neural network (CNN) based heartbeat classification techniques to examine their suitability to perform device authentication. We also examine the ECG signal variations of a person under different physical and emotional states and evaluate the impact of such variations on use of ECG as a viable authentication solution.
Secure Framework for Mobile Health Applications
Wireless and mobile health systems represent the evolution of m-health systems from traditional telemedicine platforms to wireless and mobile configurations. Given the highly sensitive nature of personal health data transmitted and because of perceived risk to users’ health, secure and trustworthy communication in these systems is of utmost importance.
In this research, we develop a secure platform for mobile health applications. Specifically, our goal is to provide a multi-level security solution that focuses on authenticating the identity of the user, encrypting the data stored on the mobile device, encrypting the data that is transmitted as well as securing the cloud system often used to retrieve and analyze the data collected from the application. The secure mobile framework is currently developed for Android platform but will be extended to include other mobile platforms in future.
Select Former Students
- Allison Gibson (NBC Security)
- Illestar Wu (Microsoft)
- Saransh Sharma (Amazon)
- Medha Srivastava (Google)
- Erin Beckwith (Lockheed Martin)
- William Schneble (NBC Security)
- Julio Perez
- Jeremy Woods (Google)
- Shiven Chawla (Amazon)
- Sida Gao (Facebook Security)
- Christopher Lakin (Dropbox)
- Soheli Sultana
- Adedayo Odesile
- Chris Luong
- Ngoc Luu
- Pavel Krivopustov