About |
| | Research |
| | Publications |
| | Contact |
-
An Automated Alternative to JA3 Hashing for SSL/TLS Library Analysis:
Our project introduces an innovative, automated approach to host identification that serves as an alternative to the traditional JA3 hashing technique. This new method focuses on analyzing SSL/TLS libraries to accurately identify host devices, employing advanced algorithms to enhance the identification process. The system is designed to be fully automated, reducing the need for expert intervention while increasing the accuracy and efficiency of host detection. By optimizing the way SSL/TLS library characteristics are analyzed and interpreted, this approach aims to provide a more robust and scalable solution for network security professionals monitoring encrypted traffic.
-
Enhancing Automated Incident Classification with Genetic Algorithms and Explainable AI:
Our project explores the use of explainable AI (XAI) and genetic algorithms (GAs) to develop a novel approach for automated incident classification. This system is designed to not only classify incidents effectively but also to optimize the feature set used in the classification process, ensuring that each feature contributes meaningfully to the accuracy of the model. By employing genetic algorithms, we fine-tune the selection of features, while explainable AI provides insights into the decision-making processes of the algorithms, making the outcomes understandable and trustworthy. This integration aims to create a transparent, efficient, and fully automated classification system that requires minimal human oversight, enhancing both the performance and accountability of incident response strategies.
-
Genetic Algorithms for Enhanced Numeric Feature Quantization:
Our research employs genetic algorithms to optimize the numeric feature quantization process by automating the selection of optimal cluster numbers for k-means clustering. This optimization aims to improve the efficiency of the SILEA inductive learning algorithm, which generates accurate IF-THEN rules by producing more precise and reliable clusters. This approach seeks to enhance rule-based machine learning models, making them more interpretable and effective for applications that require clear decision-making processes. Our tool is available here Our dataset is available here
-
Automated Network Incident Classification:
Our research introduces an innovative approach for automated incident classification based on the analysis of a single network packet. By integrating genetic algorithms (GA) with machine learning techniques, we aim to develop a fully automated system that does not require expert intervention. This methodology leverages the adaptive nature of GAs to optimize the feature selection and parameter tuning processes of machine learning models, ensuring efficient and accurate classification of network incidents. The goal is to provide a robust, non-expert-based solution that quickly identifies and categorizes network anomalies or security threats from minimal data, enhancing the speed and scalability of cybersecurity measures. Our tool is available here Our dataset for DoS GoldenEye & Hulk Network Attack is available here
-
Automated IoT Device Fingerprinting:
Our research focuses on developing a fully automated classification system for Internet of Things (IoT) devices, capable of identifying device types from just a single network packet. We utilize a genetic algorithm (GA) alongside various machine learning techniques to craft an approach that operates independently of expert knowledge. This system leverages the adaptability of GAs to optimize both feature extraction and model parameters, ensuring that the classification process is both efficient and accurate. The ultimate aim is to enable quick, scalable detection and classification of IoT devices, facilitating enhanced network management and security without the need for specialized human oversight. Our tool is available here
-
Automated Operating System Fingerprinting:
Our research introduces a fully automated method for passive operating system (OS) fingerprinting, crucial for enhancing network security by identifying the OS used on a target device without active engagement. We utilize a combination of genetic algorithms and machine learning techniques to streamline this process, aiming for a system that operates independently of expert input. This approach employs genetic algorithms to optimize the feature selection and machine learning model parameters, thereby improving the accuracy and efficiency of OS detection. The development of such a system allows for continuous, non-intrusive monitoring of networked devices, providing essential security insights without the need for specialized knowledge, thus bolstering network defenses against potential vulnerabilities. Our tool is available here Our dataset for Operating System Identification is available here