Research


Resilient, Connected Traffic Infrastructure

Computer networks are complex systems whose components make independent decisions through interactions with neighboring components. The sophisticated behavior of computer network systems has been examined using the theory of self-organization, which is applicable to such fields as nano-communication, sensor networks, and engineering optimization.

Current funded projects:

Title: Understanding the Implications of a Self-Organized Traffic Grid
Investigators: Goel, S. (PI)
Program: 21st Century Science Initiative Grant: Studying Complex Systems
Organization:
James S. McDonnell Foundation
Amount: $378,375
Duration: 01/01/11 – 12/31/17
Proposed Work: Develop self-organized of traffic signals that adapt their behavior to their immediate neighbors and self-time signals to minimize wait at intersections.
This traffic project is an effort to implement principles of self-organization in traffic control. Instead of controlling traffic flow through a centralized system, the goal is to promote optimal behavior at the local level that, in turn, will cascade into system-wide optimization. Work in this area has been funded by the University Transportation Research Center Region II, NYSERDA, and the James S. McDonnell Foundation. We worked with the City of Albany’s Traffic Engineering Services, part of the City of Albany Police Department, to implement a self-organizing system onto several corridors in the City of Albany. The project is now in the implementation phase in Schenectady, New York, where we are experimenting with the use of surveillance cameras, in collaboration with Sensity Systems, for more accurate traffic counts in real-time. 

Behavioral Security
While information security tools and technologies have evolved significantly, firms continue to be breached regularly, primarily by exploiting human vulnerabilities. Online piracy is costing media companies significant market revenue based on illegal copyright infringement and distribution. Advanced persistent threats often start with phishing attacks and backdoor entries to computers, or credential theft. Finally, insider threats are a major challenge for private corporations, intelligence agencies and governments. This most recent and active research stream in the FACETS portfolio focuses on understanding human behavioral issues in the context of information security.

Current funded projects:

Title:  THE NEW SECURITY CALCULUS: Incentivizing Good User Security Behavior
Investigators: Sanjay Goel (PI) / Kevin Williams (Co-PI)
Organization: National Science Foundation
Program: Secure and Trustworthy Computing (SaTC) / SBE
Amount: $497,000
Duration: 09/15/2016 – 09/14/2018
Proposed Work: Behavioral analysis to understand impact of incentives on organizational security compliance.
This research project will address a significant gap in the scientific investigations of user cybersecurity hygiene by providing concrete, personally relevant motivations for users to comply with organizational cybersecurity policies and procedures.  The research describes the insider cybersecurity problem, evaluates the current research approaches, identifies the gap in the present cybersecurity decision calculus, presents an empirical research program to discover the components of our new cybersecurity calculus, and identifies the opportunity to improve the effectiveness of managerial programs to improve employee cybersecurity hygiene.

Title: Insider Threat Detection in Organizations and Enterprises
Investigators: Satish Iyengar (GE PI) / Sanjay Goel (UAlbany PI – Overall Co-PI)
Organization: Intelligence Advanced Research Project Activity
Program: Scientific advances to Continuous Insider Threat Detection (SCITE) Program
Amount: $5.4 million – (UAlbany Share: $1.516 million)
Duration: 03/01/16 – 02/28/19
Proposed Work: Develop and test methodologies for detection of insider threat in organizations
Insider threats are the focus of this research project funded by IARPA, conducted in collaboration with General Electric.  Most insider threat detection methods rely on forensics data analysis. The fundamental challenge with most of these data analytic systems is that they rely on analysis post incident. The detection may take weeks or months, and such passive post-hoc analyses are not sufficient; the damage is often done by the time the incident is discovered and mitigated. Identifying individuals who pose risks a priori, and preventing insider theft from happening is certainly more desirable. The objective in this study is to get a broad understanding of the insider threat problem by creating various contexts within which such behavior is likely to happen, and then creating probes/triggers, and testing their efficacy. 

Privacy
Ensuring the privacy of data is an imperative for organizational security.  Security and privacy are inseparable; the enigma that experts face today is that we continue to persuasively argue for increased privacy protection for consumers, while ordinary citizens continue to voluntarily disclose personal information on online media. Securing greater data privacy will require a better understanding of individual perceptions, behaviors and biases. Such issues on the individual level also represent exponential challenges as information technology becomes embedded into physical systems.

Current funded projects:

Title: Privacy Preserving Cooperation among Microgrids for Efficient Load Management on the Grid
Investigators: Yuan Hong (PI) / Sanjay Goel (Co-PI)
Organization: National Science Foundation
Program: Secure and Trustworthy Computing (SaTC) / CISE
Amount: $497,000
Duration: 09/01/2016 – 08/31/2018
Proposed Work: Develop Algorithms for Privacy Preserving Cooperation in Microgrids
Microgrids have begun to develop cooperative models in integrating with the existing power grid, to further improve the performance of global and local load management, such as global/local load balancing, energy exchange, and power transmission network topology design/upgrade. However, such cooperation requires that they share sensitive local grid operational information, causing privacy risks and compromises; concerns that could hamper ongoing and increased participation. This project tackles the privacy concerns in such cooperation, and enables microgrids to efficiently manage their local loads while facilitating the main grid’s manipulation of the global load with limited disclosure.

Title: Smart Grid Behavioral Analysis
Investigators: Goel, S. (PI), Williams, K. (Co-PI)
Organization: University at Albany, State University of New York (FRAP B)
Amount:
$4,000
Duration: 10/13 – 10/14
Proposed Work: Preliminary work on smart meter adoption to develop initial evidence in support of the Smart Grid adoption grant. This work resulted in obtaining the 100k grant from NYSERDA. 
An unexplored gap in the IT adoption research concerns the positive role of shared benefits even when personal information is exposed. To explore the evaluation paradigm of shared benefits vs. the forfeiture of personal information, we chose the adoption of smart metering technologies (SMT) by utility consumers. In this context, utility companies are able to monitor electricity usage and directly control consumers’ appliances to disable them during peak load conditions. Such information could reveal consumers’ habits and lifestyles, stimulating concerns about their privacy and the loss of control over their appliances. Our findings suggest that, although the shared benefit of avoiding disruptions in electricity supply (brownouts) is a significant factor in electricity consumers’ decisions to adopt SMT, concerns about information privacy are also factors. Our findings extend the previous adoption research by exploring the role of shared benefits, and could provide utility companies with insights into the best ways to present SMT to alleviate consumers’ concerns and maximize its adoption.

Cybersecurity Education
Cybersecurity and Digital Forensics educational research remains an ongoing, primary research stream for Professor Goel and his team. Initial work focused on the development of a “teaching hospital” model for information security education, abstracting real information security problems from industry and government into live cases for university students and public-sector employees. With NSF funding, a flipped classroom model for cybersecurity curriculum delivery was developed, designed to improve security student outcomes and retention through early intervention.  UAlbany has built a cybersecurity  consortium with six community colleges, along with articulation agreements, and benchmarked different options for providing cloud-based student laboratories for security and forensics.  In recognition of its leadership role regionally in cybersecurity education, UAlbany has been awarded two cybersecurity economic development project grants; see Economic Development.

Current funded projects:

Title: EDU: Flipping the Online Security Classroom – Improving Retention of Security Student Pipeline through Early Intervention
Investigators: Goel, S. (PI), Williams, K. (Co-PI)
Program: Secure and Trustworthy Cyberspace (SaTC)
Organization: National Science Foundation
Amount: $298,197
Duration: 09/15/13 – 08/31/15
Proposed Work: Develop a unique pedagogic model of online flipped classroom for security education.

Title: Information Security Education in the Public Sector
Investigators: Bloniarz, P. (PI), Goel, S. (Co-PI), and Berg, G. (Co-PI)
Program: SFS-Institutional Development
Organization: National Science Foundation
Amount: $200,000
Duration: 07/01/02 – 07/01/06
Proposed Work: Developing online curriculum in cyber security in collaboration with Purdue University

Title: The Information Security Academy: A Partnership Model for Building Public Sector Capacity
Investigators: Bloniarz, P. (PI), Gangolly, J. (co-PI), Goel, S. (co-PI), Erbacher, R. (co-PI), Berg, G. (co-PI), and Bangert-Drowns, R. (co-PI)
Program: Fund for Improvement to Post-Secondary Education (FIPSE)
Organization: United States Department of Education
Amount: $485,883

Intrusion Detection
Network and Memory Forensics: This research involves analysis of data collected from different sources that will be weaved together to more accurately detect attacks (reduce false positives and negatives); data sources include file system configuration, network traffic, system calls in memory, and signature databases. Algorithms will be developed and then tested using our attack data repository. Current Intrusion Detection techniques are inadequate since they are unable to detect and stop zero-day attacks or malicious code embedded in encrypted traffic.  Currently, the signatures for detection of malicious activity are based on a single data vector (e.g. network data, memory analysis, etc.). Each vector by itself is a weak predictor of malicious behaviors. The proposed project will blend data streams collected at different levels (network, file system, and memory) and extract multiple evidence vectors that can counter-reinforce each other to improve the accuracy of existing IDS. The project will build a quarantined network and simulated usage environment to create a standardized tagged data set across a large number of attack vectors. The sensor fusion techniques developed will impact such other fields as medical fraud, accounting fraud, and money laundering, each of which have the problem of low signal-to-noise data. The datasets provided for researchers will help stimulate further cybersecurity research, particularly in relation to sensor fusion in intrusion detection.