Charles Sturt University is home to some amazing minds. And those amazing minds are conducting the kind of research liable to blow ours. Nowhere is that more true than in IT. Our info tech experts work across the IT spectrum, but increasingly they’re researching ways to protect us online. With a seemingly endless sea of people using technology to do mind-bogglingly bad stuff (and we’re not just talking about uploading cat videos), we need innovative thinkers to help us stay one step ahead in the fight against cyber crime.

Dr Rafiqul Islam. An Associate Professor in Computing at Charles Sturt University’s School of Computing and Mathematics, Dr Islam is tackling online security head-on. We peeked over his shoulder to see his recent research projects. Wow. He’s a busy man.

Defending websites using code injection

With this project, Dr Islam is looking into four research areas simultaneously.

“We’re investigating the principle sources of cyber threat intelligence from the dark web, and their potential value to key stakeholders. We then want to develop a comprehensive vulnerability analysis framework.

“We’re researching the detection of code injection attacks in many different ways: using Snort program, Counter Matrix or Multiplexer Methodologies, or by using Group Managed Service Accounts (GMSA). We’re also checking website vulnerability against code injection attacks, and identifying illegal forum activities inside the dark net.”

What about data exfiltration?

It’s the practice of stealing sensitive data from a computer. It’s a huge issue for our society and it’s a practice Dr Islam is working to stop.

“Data exfiltration is a serious problem. It may have a catastrophic effect on businesses, governments, research organisations and individuals if the exfiltration involves sensitive data. The stolen data could involve business inventions, national intelligence and classified research – not to mention people’s credit card info and biometric profile.

“In recent years, data exfiltration has resulted in huge economic losses, as well as unprecedented breaches of national security. Our project looking into defence against data exfiltration aims to develop a solution to detect exfiltration attempts by both malware and human agents. Consequently, we then need to block those attempts without affecting legitimate users.”

Say this six times quickly – time variant malware analysis and classification

It sounds like something Doc shouted to Marty McFly as they clambered into the DeLorean in Back to the Future. But it’s super-scary stuff, as Dr Islam explains.

“Malware is a piece of malicious code specifically designed to perform an illicit action on data, hosts or networks. Malware is at the root of most cyber-criminal attacks. It’s one of the main tools used in a growing number of cyber threats. These threats can include, for example, identity and intellectual property thefts, financial crimes and cyber attacks on critical infrastructures.

“Malware authors use various techniques to transform a small number of malware families into numerous new undetectable and more malicious variants over time. However, the behaviour of the malware automatically changes over time. As a result, this time-variant malware can remain hidden for a long time and go undetected by existing anti-malware tools. The key objective of our research is to systematically and reliably detect time-variant malware together with functionally similar (but syntactically obfuscated) derivatives.”

The fight against cyber crime in social media

Social media is a happy playground for many of us. We get to connect with our friends and family, share what’s happening in our lives and laugh at each other’s photos: “You did what to your hair?”

But there’s a dark side.

Social media provides people who would do us harm an ideal opportunity to gather information about us. Sure, you might just post a selfie today and mention a tiny bit of information next week. Over time, however, someone can gather enough information to form a scarily detailed profile of your life. With this information, they can certainly wreak all kinds of havoc. They can manipulate your actions through feeding you false info, steal your identity, commit fraud, embarrass you or damage your reputation. However, it’s something Dr Islam and his research team are fighting.

“Our research looks at generic and more sophisticated threats in cyberspace. Then we identify their potential impact on the user’s privacy and security. Plus, our research has developed a framework to protect users, as well as organisations.”

Phew. We’re so glad Dr Islam and his team are working to protect us. But they need help.

Are you up for the fight against cyber crime?

We need more people to join the ranks of Charles Sturt IT researchers. When you do, you’ll join one of the largest IT student communities in Australia. Wherever you are in IT, from undergrad to PhD level, Charles Sturt University has the course for you. Explore our range of information technology, computing and mathematics courses. Alternatively, get in touch with our friendly team today.