School of Infocomm (SOI)

Implementation of IOT Honeypot Environment

The booming Internet of Things (IoT) era, fueled by cloud, mobile, automation, and analytics, presents a double-edged sword for cybersecurity. While it is a key driver of digital transformation, the sheer number of connected devices creates a vast attack surface, straining traditional security measures. Here's where a dedicated IoT honeypot comes in:

Here's where a dedicated IoT honeypot comes in:

• Enhanced Threat Intelligence: This collaborative project with RSA utilises a two-pronged honeypot setup (internal/external) on Raspberry Pi devices connected to AWS IoT Core.
• Red Team Simulations: Red team exercises simulate real-world attacks, generating valuable logs via Wireshark and Snort rules for threat detection.
• Deep Packet Inspection: Wireshark's deep packet inspection capabilities provide actionable insights into attacker behaviour.

This comprehensive honeypot ecosystem empowers Security Operation Centres (SOCs) to proactively gather intelligence on IoT threats, allowing for swift incident response actions.
 

Team Members:
Xavier Chin Wei Le, Shannon Soon, Ng Qi Juan Janessa

Supervisor:
Mr James Tham

Secured Channel and Data Encryption for Healthcar

The COVID-19 pandemic has highlighted the need for secure telemedicine solutions. As medical data migrates to the cloud, protecting patient information becomes paramount. Partnering with Abundant Health Medical Clinic, the team developed a secure web application with several key features:

• Encrypted Communication: TLS certificates ensure data encryption during teleconsultations (including session recording) and data transfers.
• Robust Security Infrastructure: Public Key Infrastructure (PKI) securely manages and encrypts medical data along with secure coding practices to prevent hijacking and sniffing attacks.
• Multi-layered Security: Strong password policies, data-at-rest encryption, and comprehensive AAA (Authentication, Authorisation, and Accounting) mechanisms safeguard sensitive medical information.

This solution balances security with functionality, speed, and response times, allowing Abundant Health to deliver secure and efficient telemedicine services.
 

Team Members:
Yam Jun Jie, Lim Joo Sheng Malcolm, Muhammad Irfan B Md Rosdi

Supervisor:
Mr Derrick Wong

Twibble

Singapore's demanding education system is linked to high-stress levels among students and teachers. Twibble, an AI-powered classroom game, tackles this challenge. It uses:

• Emotion & Facial Recognition: Identify student emotions and personalise the learning experience.
• Sentiment Analysis: Gauge student stress levels and adjust gameplay accordingly.
• Engaging Games: Interactive "Clicker Race!" and "Make that Face!" games to promote a fun and stress-free learning environment.

By incorporating these features, Twibble aims to create a more positive and supportive learning environment for both students and educators.
 

Team Members:
Low Tian Yee, Pritikaa Prabhu, Ng Hui Ting

Supervisor:
Mr Frankie Cha

Threat Indicator Analysis

This project, in collaboration with RSA, tackles security threats with an advanced Threat Indicator Analysis system for Security Operations Centres (SOCs). The AI-powered system empowers SOCs to proactively detect, analyse, and respond to evolving security threats, improving overall threat response efficiency with:

• Automated Threat Extraction: A script extracts various threat indicators (files, URLs, email addresses, etc.) with key attributes from diverse sources.
• Intelligent Threat Analysis: K-means clustering categorises threats, while One-Class SVM and Isolation Forest algorithms detect anomalies and emerging trends.
• Real-time Threat Visualisations: Dynamic Grafana dashboards display threat locations with severity levels, risk assessments for countries and sources, and time-based visualisations of alerts and events.
• Actionable Insights: SOC analysts can investigate further using Indicators of Compromise (IOCs) and Indicators of Attack (IOAs).
   

Team Members:
Russell Low Yu Xing, Koh Fu Xian Lucius, Kollanoor Ranjith Antony Thomas

Supervisor:
Ms Mapel Yap

APT Hunting using Caldera and Integration with NetWitness Platform

This project, in collaboration with RSA, enhances Security Operations Centre (SOC) capabilities against Advanced Persistent Threats (APTs). It empowers SOCs to proactively hunt, detect, and respond to evolving APT threats with:

• CALDERA and NetWitness Integration: Seamless information sharing between CALDERA and NetWitness improves threat visibility, analysis, and response.
• Custom APT Hunting Scenarios: Realistic attack simulations within CALDERA test detection capabilities and prepare SOC teams for real-world incidents.
• In-depth Platform Understanding: Deep dives into CALDERA's emulation techniques and NetWitness' detection functionalities ensure optimal integration and effectiveness.
   

Team Members:
Pang Shean Kiong, Chong Jack Gen , Chua Jia Le

Supervisor:
Ms Mapel Yap

Implementing a Pen-Testing Lab with a Palo Alto Networks Next-Generation Firewall

This project, in collaboration with Palo Alto Networks, simulates cyberattacks in a penetration testing lab to showcase the firewall's capabilities. This immersive and virtual lab empowers cybersecurity professionals by combining simulated attacks with hands-on defence strategies through:

• Attack Simulations: Participants (offence and defence) experience real-world scenarios with 9 distinct cyberattacks.
• Firewall Evaluation: Observe firewall responses, logging, and identify generated logs for each attack.
• Hands-on Mitigation: Participants learn to mitigate attacks using features like: 
  • Security Policy Rules
  • Denial-of-Service Protection
  • Vulnerability Profiles
  • Signature/Filename Matching
• Actionable Documentation: A technical user guide provides clear steps for implementing mitigations effectively.
   

Team Members:
Danish Aqasha Bin Damezi, Jovan Cho Chuankai, Chew Teng Juven

Supervisor:
Mr Low Ee Mien

Virtual CTF on Roblox

The team created an interactive cybersecurity game in Roblox to help educate and train budding cybersecurity specialists. This virtual Capture-the-Flag (CTF) project is a collaboration with Finute Pte Ltd to engage youths with the following outcomes in mind:

• Interactive Cybersecurity Game: Introduce core IT security concepts through a fun and accessible Roblox experience.
• Building Awareness: Educate younger generations about the importance of cybersecurity.
• Sparking Career Interest: Ignite passion for IT security, potentially inspiring future careers in this crucial field.
• Combating Security Threats: Empowers society to combat evolving cyber threats through simulation and gamification.
   

Team Members:
Muhammad Dinie B Baharudin, Chan Sing Kuan Bryan, Joharie Jeffrie

Supervisor:
Mr Gibbsen Omar

 

Real-Time Malware Threat Feed Analysis System

With the number of cyberattack cases constantly on the rise, more systems and network are getting breached.

Main Aim of the Project: 

• In this project, data of cyber threats are obtained and projected on various dashboard visualisation in SPLUNK to perform malware classification, correlation, and reporting.

• From the projections, security analysts will have a better understanding of an attack that has occurred.

• With the information, they will be able to identify and deduce potential threats and carry out actions to prevent similar attacks from happening in the future.

Team Members: 
Cody Wong Shi Jie, Keith Kng Wei Xuan, Gan Ren Jie, Loo Zi Xiang

Supervisor:
Ms Mapel Yap

Threat Intelligence Using Machine Learning

Partner Organisation: RSA Security 

Manual classification of Indicators of Compromise (IOCs) in threat intelligence is unscalable and inefficient. This project aims to automate the classification of indicators and incidents through a combination of Machine Learning and Orchestrator Playbooks.

Automated System Solution: 

An automated system with machine learning is developed to assist in classification of IOCs as a security analyst would manually do.

It includes working with network captures, Security Information and Event Management (SIEM) software (MISP) to collect incidents was well as a threat intelligence platform (RSA Netwitness® Orchestrator) for classification purposes.
 

Team Members: 
Grace Lim, Lin Li Yi

Supervisor:
Ms Mapel Yap

Baseline Analyser

Partner Organisation: RSM Risk Advisory Pte Ltd

IT auditors have to manually log in to the PCs to conduct a check on whether the settings match the company’s policies and best practices. As this is conducted annually, similar issues are usually raised during an audit in the following year. Although commercial tools are available to tackle this issue, they are simply too costly for Small and Medium Enterprises (SMEs).

Main Aim of Project: 

This project aims to develop scripts to allow an auditor to select hardening requirements from the best practices, perform the audit and generate the necessary report(s). In addition, auditors can select between basic, intermediate, advanced, or customise the hardening requirements to perform an audit remotely.
 

Team Members: 
Danne Ziqcri B Mohammad Faizal, Ng Zheng Soon, Pang Jun En Javier, Wong Jun Wei

Supervisor:
Mr Derrick Wong

Cyber Combat CTF Training Platform

Cyber Combat CTF Training Platform leverages the Capture The Flag (CTF) concepts with gamified sets of challenges designed to help students and security professionals learn and practise their cybersecurity skills. The platform is also used in outreach for creating cybersecurity awareness. 

CTF Security-based Scenarios: 

In collaboration with our industry partner, IXIA, the training platform consists of CTF scenarios based on the latest security incidents.

These CTF scenarios involve implementation of hacking techniques, such as web-applications, operating system and taking advantage of vulnerability, replicated in an isolated environment.
 

Team Members: 
Chen Xing Xing, Aloysius Yap Kay Hown, Goh Jia Ye

Supervisors:
Ms. Mapel Yap (Republic Polytechnic), Mr. Jay Krishna (IXIA)