The Computer Security and Incident Response Research Group (CSIRG) is comprised of six academics supported by a few masters and doctoral students. The research and developmental work at the group reach from foundational issues of computer security to requirements of today’s real-world and complex security domains.
To become a nationally and internationally renowned research group in Computer Security and Incident Response.
To serve as a national digital forensics group by:
- Engaging in basic and applied research and development.
- Raising awareness through training, education, publication, and organizing conferences.
Malware is a generic term that encompasses different types of malicious software components like viruses, worms, Trojans, spyware, etc. Traditionally, signature based approach has been used for malware detection that attempts to detect a specific part of the representation of a malware instance. However, more recently, malware analysis cannot be done effectively by these techniques alone as these fail to detect previously unseen malware components, and, most notably, polymorphic malware. Therefore, focus has now shifted on how to characterize malware using its behavior or structure, which are independent of the malware’s particular representation.
A number of existing vulnerability analysis approaches have been applied to web applications. However, there are some characteristics of web applications that make them different from traditional stand-alone applications, such as the use of scripting languages, the structuring of the application logic into separate pages and code modules, and the interaction with back-end databases. Most approaches to web application vulnerability analysis have focused on single application modules to identify insecure uses of information provided as input to the application. Unfortunately, these approaches are limited in scope, and, therefore, they cannot detect multi-step attacks that exploit the interaction among multiple modules of an application.
The goal of out research is to develop novel vulnerability analysis techniques that can be applied to web application to identify hard-to-detect security flaws, such as multi-module vulnerabilities application-logic flaws.
Cyber networks have evolved into a ubiquitous infrastructure, and the Internet has become a mission-critical asset for the DoD and its partners. To assure the availability of these large-scale networks and their resources, it is necessary to maintain situation awareness of the current status of the networks during 24/7 operations. To achieve these goals, one needs to develop technologies and tools that include the assessment of the impact of observed attacks as well as predicting potential future steps of the adversary based on incomplete information. It is also necessary to have techniques that help security officers understand the impact of countermeasures in response to threats. In particular, one needs to ensure that security officers are not overwhelmed by information, so that they can make effective decisions even in high-stress situations.
In this regard, NUST-CSIRT was established in 2014 in order to achieve the research objectives of the group. NUST CSIRT is a national, Government sponsored Computer Security Incident Response Team (CSIRT) . It address the Nations security needs and safeguards the academic & cyber fronts of Pakistan to achieve technological excellence. NUST CSIRT is committed to secure use of technology through standards, best practices, risk & threat mitigation and is at the front end to disseminate the valuable information to secure Pakistan Cyber Space.