Analytical Forensics
The problem of how to comb through large amounts of data produced from a computer network to identify with high-confidence breaches and misuses remains a hard problem in practice...
About Us
The Argus group was founded by Dr. Xinming (Simon) Ou in 2006 to carry out cyber security research. Our focus is on the defense aspect of the cyber space, and our philosophy is to start from real problems, and create solutions that last. Our research attempts to address the root causes of the various cybersecurity problems, and we work closely with industry to ensure our work both addresses the most pressing problems of the time, and provides the scientific basis for solutions that can stand the test of time.
We believe that successful cyber defense can only be achieved through automated coordination of various observation and action points in a network environment, and through fundamentally changing the way IT systems are created and managed to obviate the many security problems we face today. "Point solutions" like firewalls and traditional IDS systems are limited in effectiveness since they only look at one aspect of the system and lack the analytic capability of "connecting the dots" among various information sources. Moreover, they tend to focus more on dealing with the manifested problems rather than eradicating their root causes. Our research aims at providing the enabling technologies for automated security analytics, with solid theoretical foundation and empirical study. We also investigate ground-breaking new security technologies that could fundamentally change the game of cyber warfare to defender's advantage.
Argus research has been supported by the National Science Foundation, Department of Defense, Department of Homeland Security, Department of Energy, National Institute of Standards and Technology, and HP Labs. The group is named after the giant Argus in Greek mythology, who has a hundred eyes that constantly watch for enemies.
Current Projects
We start from REAL problems, and create solutions that LAST.
Android Security
We conduct research to apply static analysis on Dalvik byte code of both Android applications and libraries, for the purpose of identifying potential malicious behaviors or program vulnerabilities.
Anthropology & Security
This research applies anthropological methods to study cybersecurity analysts working in Security Operation Centers (SOC). These analysts process large amounts of data while handling cyber threats.
Secure Real-time OS
Next-generation embedded controllers for cyber-physical systems will be based on a "smart" platform. Some of the apps will bear responsibility to the safety of the physical systems being...
Past Projects
Cloud Security
Cloud computing has the potential to revolutionize the way businesses run their IT infrastructure and achieve new efficiencies of scale. However, security and long-term trustworthiness...
Moving Target Defense
The goal of this research is to understand and quantify the potential and limitations of moving-target defense (MTD) systems to protect computer networks. To achieve this goal, we are...
Software Releases
Argus-SAF
Argus-SAF is a Static Analysis Framework that we build in house to do security vetting for Android applications. It integrated two of our previously developed products Argus-Jawa and Argus-Amandroid, and have the capability to perform comprehensive, efficient and highly precise Inter-component Data Flow Analysis.
ANCOR
Moving Target Defense for Cloud-Based IT Systems (MTD CBITS) is a platform that automatically adapts multiple aspects of the network’s logical and physical configuration. The platform is targeting a cloud infrastructure and is built on top of ANCOR. ANCOR is a framework for creating and managing cloud-based IT systems using a high-level abstraction (an up-to-date IT system inventory).
SnIPS
SnIPS (Snort Intrusion Analysis using Proof Strengthening) works by mapping a Snort alert into a logic predicate describing the condition a user really cares about (e.g. machine compromised), along with a tag indicating the strength of the belief. The tagged conditions are reasoned about together and beliefs with strong corroborative evidential support are distinguished from those with only mediocre evidence, yielding high-confidence correlation graphs.
MulVAL
MulVAL stands for "Multi-host, multi-stage Vulnerability Analysis Language". It is a research tool for security practitioners and system administrators to better manage the configuration of an enterprise network such that the security risks are appropriately controlled.
Dataset Releases
AMD
Android Malware Dataset is a carefully-labeled and well-studied dataset that includes comprehensive profile information of malware. The dataset provides an up-to-date picture of the current landscape of Android malware, and is publicly shared with the community.
Group Member
Faculty
Xinming "Simon" Ou
Professor
xou at usf dot edu
Students
Guojun (Louis) Liu
PhD Student
guojunl at mail dot usf dot edu
Parvaneh Aghajani
PhD Student
parvaneh at mail dot usf dot edu
Kumar Shashwat
PhD Student
kshashwat at usf dot edu
Alumni
- Armin Ziaie Tabari (PhD, 2021. Security Researcher, OPSWAT)
- Anwesh Tuladhar (PhD, 2021. Research Scientist, Facebook)
- Jaleel Ahmed (MS, 2019. Software Engineer, Cerner)
- Daniel (Xiaolong) Wang (PhD, 2018. Product Software Security Engineer, Intuitive)
- Fengguo Wei (PhD, 2018. Software Engineer, Google)
- Yuping Li (PhD, 2018. Security Engineer, Pinterest)
- Richard Habeeb (MS, 2018. PhD Student, Yale University)
- Sathya Chandran Sundaramurthy (PhD, 2017. Research Scientist, DataVisor)
- Alexandru G Bardas (PhD, 2016. Assistant Professor at The University of Kansas)
- Sankardas Roy (Research Associate, now Assistant Professor at Bowling Green State University)
- Jacob Case (Undergraduate Student)
- Jordan DeLoach (Undergraduate Student)
- Trent Novelly (Undergraduate Student)
- Gilnei De Pellegrin (Undergraduate Student)
- Ian Unruh (Undergraduate Student)
- Su Zhang (PhD, 2014. Senior Software Engineer, Symantec)
- Matej Dolezal (Undergraduate Student)
- Loai Zomlot (PhD, 2014. Post-doc, HP Labs)
- Brian Cain (MS, 2014)
- Kui Luo (PhD Student 2009 - 2012)
- Heqing Huang (PhD Student 2010 - 2012)
- Dustin Seabourn (BS, 2012)
- Nataraj Agaram Sundar (MS, 2011)
- Cory Hardman (BS, 2011)
- Murali Vupputuri (MS, 2011)
- Tsung-Hsi Wu (MSE, 2010)
- Sakthiyuvaraja Sakthivelmurugan (MS, 2009)
- Robert Christie (Bachelor, Spring 2009)
- Ashok Varikuti (MS, 2009)
- John Homer (PhD, 2009. Associate Professor at Abilene Christian University)
- Abhishek Rakshit (MS, 2008)
- Hussain Almohri (MS, 2008, Assistant Professor at Kuwait University)
- Bart Carroll (Bachelor, Fall 2007)