Making ‘Malware Music’ to Secure Smart Homes
Meet Rising Cyber Star Kaitlyn Smith
Kaitlyn Smith is a student doing cybersecurity research in the College of Engineering and the Center for Computation & Technology, but she’s not your average LSU student. In fact, she’s not an LSU student at all—she’s a high schooler with a passion for cybersecurity.
While 16-year-old Kaitlyn Smith spends most of her days at Baton Rouge Magnet High School, where she’s a junior this year, Smith has spent almost as much time on LSU’s flagship campus as some college juniors. Few high schoolers have leveraged more opportunities to get involved in LSU research as part of the university’s outreach to the Baton Rouge community and beyond. Since sophomore year, Smith has participated in Clean Energy Day, the High School Summer Research Program, a hackathon hosted by the Society of Asian Scientists and Engineers, the Louisiana Collegiate Design Competition, the Google Developer Student Club—all held in the LSU College of Engineering—and, most recently, the Mystery Project, an interdisciplinary effort funded by the Provost’s Fund for Innovation in Research to learn what drives or prevents the human quest for knowledge.
Smith’s quest is to learn as much as she can about cybersecurity. While she has no official LSU affiliation, she’s earned her own dedicated computer in Professor Golden Richard’s Applied Cybersecurity Lab while contributing to a cyber research project with Associate Professor Aisha Ali-Gombe’s group.
“I’m nearly 100 percent certain I want to do something in the cybersecurity field for the rest of my life,” Smith said. “Right now, I’m trying to learn as much as I can, contribute to as much as I can and spend as much time as I can at LSU just doing the stuff I love.”
Which is research. Besides tennis, cooking and playing the piano, Smith’s true love is highly technical cybersecurity. Together with LSU undergraduate and graduate computer science students, she is working on developing an intrusion detection system for internet-connected smart appliances, such as thermostats, televisions, air conditioners, lights, stoves, refrigerators, doorbells and security cameras.
“I think a lot of people don’t realize how much stuff in their house is controlled by computers, which hackers can use to destroy your property or spy on you,” Smith said. “At my house, we have Google Home, a smart thermostat, an Alexa and a Ring doorbell. We have a smart refrigerator, too. It’s kind of crazy, thinking someone can just hack into your refrigerator and completely mask the fact they’re in your system, watching you, stealing your information and whatnot.”
To prevent hackers from messing with her family and her two dogs, Chloe and Stitch (“the biggest mess ever; he just ate a part of our house, on the outside”), Smith and other students on Ali-Gombe’s research team are figuring out how to access the memory of any smart device, extract this memory and translate it into a lossless audio signal, use artificial intelligence to identify patterns and distinctive features in the audio signal and, as a result, find easy and surefire ways to tell whether a smart device has been hacked or not. Once diagnosed, the device can automatically turn off and reset itself, purging potential hackers and malware in seconds.
“I’m working on the transformation from the memory to soundwaves, but the sound isn’t meant for listening—it’s just to make the memory easier to analyze, so we can determine if it’s malicious or benign,” Smith said.
On the project, she collaborates most closely with LSU computer science PhD student Karley Waguespack from New Iberia, Louisiana. Like Smith, Waguespack isn’t your typical LSU student either—she’s a first-generation student, the first in her family to go to college and a miner’s daughter.
“Yeah, my dad works in a salt mine. Not the Avery Island dome anymore—that mine got flooded recently. He works in Cote Blanche now,” Waguespack said.
While her dad mines salt from deposits 1,500 feet underground in St. Mary Parish, Waguespack unearths malware from computers big and small. Having developed a proof-of-concept last semester, she’s currently developing a version of the intrusion detection system that can be deployed on real devices. This version will incorporate work done by the rest of the research team, including Smith’s work on the soundwave transformation. As the system nears completion, Waguespack is planning to test the intrusion detection system against botnets on real smart devices.
“Can we get a motor and fan so I can make a thermostat?” Waguespack asked Ali-Gombe, who said yes, since the team is gathering more data for upcoming research papers and conference presentations.
Waguespack already got accepted to an IEEE conference to present the memory acquisition tool she developed for the team’s system. She enjoys working with Smith.
“Kaitlyn is extremely driven and curious about a variety of topics in computer science,” Waguespack said. “She can have in-depth conversations with professors about the technical aspects of their research when it takes others years of training to get to that point.”
“Everyone here, including Karley, is so extremely passionate about learning this one specific topic and just committing themselves to it wholly,” Smith said. “I see why. I was always interested in cybersecurity, thought it was cool, but never realized how important it is, just for the protection of people and society in general.”
Smith has fully embraced the research and engineering mindset at LSU.
“It’s constant brainstorming and problem-solving and reevaluating and trying things,” Smith said. “It’s all about being creative within constraints, like cost and time and ease of use. Our solutions have to be fast, reliable and affordable.”
Recent testing of the team’s anomaly detection algorithm—the component that discovers malware in the device memory—has produced very promising results—100 percent accuracy in distinguishing compromised from uncompromised devices. With more than 20 billion smart devices connected to the internet in homes and elsewhere around the globe, most of which are believed to be vulnerable to attack, Ali-Gombe’s research team works to make their system as useful and universal as possible.
While smart devices, also called Internet-of-Things, or IoT, devices, are extremely varied and task-specific, they have one thing in common—they operate according to strict routines, running the same processes over and over again: Turn on/off the light; turn on/off the heat; turn on/off the camera. As such, smart device behavior is expected to be predictable when not compromised. This is the main feature Ali-Gombe’s team is exploiting to build their detection algorithm.
“The algorithm initiates by using the runtime execution context of an IoT device to create a fingerprint,” Ali-Gombe explained. “This fingerprint is then converted into sound, from which we can extract discriminable features, specifically MFCCs and Chroma features, which are subsequently used as input vectors for a convolutional neural network, or CNN, model.”
“The primary objective of the CNN model is to learn and discern the unique memory activities of each device, Ali-Gombe continued. “By transforming device memory into audio, the algorithm not only improves its detection capability but also bolsters robustness and reliability. Moreover, this transformation introduces an added layer of stealth and obfuscation, making it more challenging for attackers to decipher and potentially bypass our system.”
Nanette McCann, principal at Baton Rouge Magnet High School, says she’s proud of Smith’s work at LSU.
“At Baton Rouge Magnet High School, we encourage students to follow their passion while striving for excellence. For many of our students, this means doing more than what is required of them in their classes,” McCann said. “Kaitlyn is very involved with the computer science program in the LSU College of Engineering, where she is working with mentors and professors on extensive research. We are very proud of her for continuing the legacy of excellence at Baton Rouge Magnet High School through the opportunities she’s been offered at LSU.”
Want to be more cyber savvy? Allow Baton Rouge high schooler Kaitlyn Smith to explain the basic cybersecurity concepts.