The Cyber Forensics Innovation (CyFI) Laboratory's mission is to further the investigation of advanced cyber crimes and the analysis and prevention of next-generation malware attacks. The lab's work ranges from research in cyber forensics and computer system security to key applications in the vetting of untrusted/malicious software and the protection of critical cyber-infrastructure. Underpinning this research is the development of fundamental techniques for binary software analysis and instrumentation, modeling and collection of cyber-forensic evidence, and integrated multi-layer system defenses.
Affiliated cybersecurity units, labs and centers across Georgia Tech and the Georgia Tech Research Institute deliver academic or applied research as part of the Institute for Information Security & Privacy.
Each addresses different but inter-related aspects of cybersecurity to create a collaborative home for faculty and industry to work together on emerging threats, prevention and mitigation methods, or policy. Labs explore information assurance, cyber-physical systems, risk management, trust, secure communication systems, proprietary solution prototyping, and more.
Contact any lab directly or, for help beginning your project, contact the Institute for Information Security & Privacy at 404.385.3190.
The Astrolavos Lab is a computer security group at Georgia Institute of Technology, comprised of Ph.D. and post-doctoral researchers from the schools of Electrical & Computer Engineering (ECE) and Computer Science (CS). Research aims to provide generalizable solutions to security problems with high operational impact.
The CAP Research Group works at the intersection of the networking and security fields. The Group develops algorithms to enable a more secure and efficient network infrastructure, with computer systems that are more accountable and less vulnerable to attacks and abuse. Research is comprised of two complementary approaches: 1) designing and deploying real-world systems, tools, and algorithms that are immediately applicable to today’s networks, and 2) developing fundamental network primitives and algorithms that can transform network security and management. Current research applies these approaches to four areas: 1) privacy; 2) cyber physical systems security (specifically, cybersecurity for critical infrastructure networks); 3) security in wireless networks; and 4) network monitoring and performance.
Principal Investigator: Raheem Beyah, 404.894.2531 Focus: Academic
The Converged Systems Security laboratory seeks to safeguard the future of the next-generation communications infrastructure through innovative research. The lab exists within the School of Computer Science and has been a long-time affiliate of GTISC -- the Georgia Tech Information Security Center, which was the predecessor to the Institute for Information Security & Privacy. The Converged Systems Security Lab seeks to impact the direction of telecommunications by combining novel security concepts without compromising the real-world performance requirements of massive communications systems.
The Information & Communications Laboratory (ICL) solves complex communication problems relating to the future of communications, secure information and user experience. ICL's cybersecurity research includes network vulnerability and communications intelligence; information exchange standards, architectures and governance; identity and prilvege management; predictive analysis and intelligent decision making; geospatial systems, and policy analysis. ICL is home to nationally and internationally recognized programs, and is host to the National Information Exchange Federation (NIEF) -- linking law enforcement agencies across the United States through Global Federated Identity and Privilege Management (GFIPM).
Director: Jeff Evans, 404.407.8245 Focus: Applied research
The SS&S Lab builds practical systems with focuses on security, performance, robustness, or just to test the limits of what systems can or can't do. Student and faculty research projects have been published in top academic conferences, and have made great impacts on widely used computing tools, such as Firefox, Android, and the Linux kernel -- used by millions of people every day. Research regularly addresses Internet and browser security, operating system security, synchronization, virtualization, algorithms and randomness.
Principal Investigator: Taesoo Kim, 404.385.2934 Focus: Academic
Founded in 1998, the historic Georgia Tech Information Security Center (GTISC) was an early leader in data security; GTISC conducted research in systems and network security, botnet detection and attribution, malware analysis, virtual machine monitoring, mobile systems security, and detection and mitigation of information manipulation on the Internet. During the past 15 years, more than 100 oft-cited papers have been published by Georgia Tech researchers at top cybersecurity academic conferences, with many stemming from GTISC work. As of 2015, GTISC has been absorbed into the IISP and its information assurance work continues. Projects today are funded by the National Science Foundation, Department of Defense, Department of Homeland Security, and private industry partners such as Intel Corp., Google, and Facebook.
Principal Investigator: Wenke Lee, 404.385.2879 Focus: Academic
The Georgia Tech Cyber Security team protects Georgia Tech users and resources from potential attacks, provides password and identity management, and publishes timely tips about common threats. Resources are focused on nine areas: consultation, education and awareness, endpoint security, incident response and forensics, IT security policy, network security, operations center, partnerhsips, and compliance. As a partner of the Institute for Information Security & Privacy, the Cyber Security team provides resources to researchers in the form of network and system log data. This data allows real-world information from a large, multi-faceted organization to be used by researchers to test their hypothesis and engineer leading-edge cyber security solutions.
Director: Jimmy Lummis, 404.385.0334 Focus: Operational response and education
The Cyber Technology and Information Security Lab (CTISL) tackles tough security issues within military and non-military networks, and has supported the U.S. military for more than 20 years. Many of its solutions have been accredited, tested, and fielded for ground, air, and maritime operations centers. Its information exchange solutions pass the rigorous testing required to operate on the nation’s most secure networks. Through four divisions, CITSL research addresses cyber threats and countermeasures, secure multi-level information sharing, resilient command and control networks, reverse engineering, information operations and exploitation, high-performance computing and data analytics, insider threat detection, password cracking, and more. CTISL brings this knowledge to the classroom by providing professional education offerings across the cyber landscape.
Director: Alexa Harter, 404.407.7816 Focus: Applied research
The Polo Club of Data Science bridges data mining and human-computer interaction (HCI) to synthesize scalable, interactive tools that help people understand and interact with billion-scale data. They blend techniques from machine learning, data mining, visualization and user interaction. Notable projects include: (1) the Polonium and Aesop malware detection technologies, deployed and patented with Syamntec, that protects over 120 million people worldwide; (2) the Apolo and MAGE system that combine machine inference and visualization to guide the user to interactively explore large graphs, and (3) award-winning open source graph mining libraries (Pegasus).
Director: Polo Chau, 404.385.7682 Focus: Applied research