In December, students in the Johns Hopkins University Information Security Institute’s Master of Science in Security Informatics program presented their capstone projects. These projects address real-world problems, include technology and non-technology components, and are informed by guidance from faculty and industry mentors.
MSSI student Anais Huang led a capstone project called TorEye, in which she proposed a mechanism to detect malicious Tor traffic. Tor is a type of network that anonymizes web traffic by hiding internet protocol (IP) addresses and browsing activity. Huang utilized a scaled-down Tor network to perform simulations and experimental attacks to generate traffic for the development of datasets to be used in the future. Tor attacks aim to harm privacy and anonymity, she says.
“As a security researcher, I think it is important to know whether a relay is up, but it’s also important to know whether it is malicious,” Huang explains. “I consider detecting malicious relays to be the duty of security researchers like me. A practical detection mechanism is needed so that we don’t transfer this responsibility to Tor users. Personally, I think that TorEye can help to accelerate Tor’s flag voting process.”
MSSI students Aditya Gaur and Preetham Nagesh presented another capstone project called rSentinel, a ransomware detection and diagnosis tool designed for environments with multiple nodes that are performing various tasks in a distributed network. The students say they developed the tool “to mitigate the impact of ransomware outbreaks by preventing their propagation across distributed networks.”
Gaur and Nagesh explain that they had the inspiration to develop rSentinel after a surge in ransomware attacks—including the one on MGM Resorts—that caused significant disruptions and financial losses.
“Traditional signature-based detection methods proved inadequate, prompting our pursuit of a distributed detection system focused on ransomware behavior,” they explain. “By prioritizing behavioral analysis over other traditional methods, we aim to detect threats early and comprehensively across distributed systems.”
Many ransomware attacks target large organizations or government agencies, and Gaur and Nagesh say that there are not many solutions to address these issues. rSentinel not only improves attack detection capabilities, but also allows network nodes to identify and isolate potential threats, the students say.