Target-Aware Fuzzing (DoE-LDRD, PI: R. Ivans, co-PI: Kolias, University of Idaho budget: $185,261)
Generative Adversarial Networks (GANs) have been shown to increase the efficacy of fuzzers by decreasing the time between bug/path discoveries, learning open and proprietary protocol grammars, and initializing high-value seeds. What these techniques have in common is that they depend on evaluating the Device Under Test’s (DUT) response to stimulus and do not consider any information from the device itself. The goal of this project is to advance the state-of-the-art by extracting information from the DUT to improve the efficacy of the fuzzer, rather than relying solely on the DUT’s reaction to input. In other words, the content of the binary should influence the fuzzed input to discover more bugs while at the same time decreasing the time requirements of the process.
Adaptive Fingerprinting of Control System Devices through Generative Adversarial Networks (DoE-LDRD, PI: C. Rieger, co-PI: C. Kolias, University of Idaho budget: $214,366)
Anomaly detection based on the Electromagnetic (EM) signals emitted by a device during its operation is a novel detection approach that has gained traction by the research community in the past few years. While this type of totally external protection is highly desirable (particularly in industrial environments), it is often deemed impractical. More specifically, such practices perform data analysis to infer deviations from normalcy. Thus, the basic requirement is that signals from all possible execution states of a program have first been fingerprinted. Due to the complexity of some programs, exhaustively visiting all execution paths is not realistic. This work aims to employ Machine Learning (ML) methods, including Generative Adversarial Networks (GAN), Transfer Learning, and Domain Adaptation, towards overcoming the requirement for capturing normal training data. By providing access to the executable binary file (or even source code), the proposed system will automatically generate synthetic (but realistic) EM signals for all possible execution paths, alleviating in this way the need for manual, time-consuming, and error-prone signal gathering phase.
RAIID: Resilient Attack Interceptor for Intelligent Devices (DoE-LDRD, PI: C. Rieger, co-PI: C. Kolias, University of Idaho budget: $215,000)
RAIID is an entirely external, multi-component (both hardware and software components) system that can infer whether low-complexity hardware such as an IIoT device has transitioned from a state of normal operation to an abnormal operational mode. This is done by analyzing EM that are emitted involuntarily from the CPU of such devices during their normal operation.
Constantinos Kolias 