Cybersecurity & Digital Forensics

Project Background

Are you a web developer looking for a one-stop solution to test the integrity of your code? Is your website secure enough from being hacked? Our Automated Security Testing Platform (ASTP) is an affordable solution that scans your Java Web Application for vulnerabilities.

ASTP incorporates the three phases of DevSecOps and conducts rigorous testing for every stage of the web development lifecycle. A wide variety of dynamic and static security analysis tools are implemented, including Snyk, SonarQube and Nikto, to ensure a comprehensive scan of your project. With ASTP’s analysis, you can perform debugging and be assured that your final site is secure and ready to be published online.

Key Benefits

• Comprehensive – Both static and dynamic analysis tools are used to provide a complete picture of the vulnerabilities in the application.
• Convenient – Results of security testing are collated into a web page for straightforward reference of the reports generated.
• Efficient - Security testing of source codes is fast and automated, so users do not have to tirelessly check through their codes manually for errors.

Key Technologies Used

• Jenkins
• GitHub
• Maven
• Tomcat

Potential Enhancements

This application can be enhanced with the following:

• Integration of Selenium to automate the browsing of the web application
• Implementation of more advanced dynamic analysis tools

Project By

• Tan Jie Xuan Jeshua (Project Leader)
• Lee Maximus
• Lee Say Kiet, Jacob
• Marcus Wong Kai Jie

Supervisor

Poh Zhi Yuan (Mr.)

Close

Project Background

Bluetooth technology has become an essential part of our daily lives, enabling us to wirelessly connect and communicate with various devices such as smartphones, laptops, and speakers. However, like all technologies, it is not immune to security vulnerabilities. Without proper security measures in place, Bluetooth can be vulnerable to hacking attempts and unauthorised access.

Goblue is a mobile application that aims to raise awareness about Bluetooth vulnerabilities on users’ device. The app includes features like alerting users of potential threats, scanning nearby devices, and providing tips to improve their device's security. With Goblue, users will be better equipped to protect their device from potential Bluetooth attacks.

Key Benefits

• Convenient – Able to check easily the vulnerability status of the device
• Efficient - Able to retrieve information quickly from the Firebase real-time database
• Educational – Able to educate users on Bluetooth vulnerabilities

Key Technologies Used

• Android Studio
• Firebase Database
• Ubuntu
• Kali Linux
• Bluetooth
• Java & Python

Potential Enhancements

This application can be enhanced with the following:

• Expanded database with coverage of a wider range of devices
• Support for iOS devices

Project By

• Rayhan Naufal B Susilo Saputra (Project Leader)
• Kenji Tan
• Louis Deshawn Tong
• Nur Iffah Binte Roslan

Supervisor

Edmund Wee (Mr.)

Industry Partner

Temasek Polytechnic

Close

Project Background

Have you fallen for fake news before? Fake news is becoming increasingly problematic for online users. The spread of misinformation can manipulate people's perceptions of reality and cause social conflicts. To help users verify the accuracy of online news, we have developed a fake news detector.

Fake News Detector can check whether a site contains fake or real news based on its URL link and/or text content. It uses machine learning, artificial intelligence and natural language processing techniques to analyse the information. This can help to verify the accuracy of news sources and prevent readers from being misled by false information.

Key Benefits

• Informative – Users will be more educated on how to identify fake news.
• User-Friendly - Users can easily input either the text content or URL link of the news source to use the detector.
• Efficient – Able to accurately predict fake or real news with 99.9% accuracy.

Key Technologies Used

• Flask
• Python Coding
• Python Built-in Library (i.e., re)
• Machine Learning & Data Science Libraries (i.e., SKlearn, Pandas, NumPy, Matplotlib, Seaborn, NLTK)

Potential Enhancements

This application can be enhanced with the following:

• Create a browser extension that can predict fake/real news from the browser 
• Automate the daily updates of list of articles
• Show more statistics to explain detector’s results (e.g., percentage of authenticity of user's input)

Project By

• Shafeena Sherin Binte Mohamad Sharif (Project Leader)
• Muhammad Adnan Hakim B M A
• Muhammad Zaqi B Azman
• Suryavarmaraj Ramesh

Supervisor

Nurul Arifah Shukor (Ms.)

Industry Partner

Temasek Polytechnic

Close

Project Background

As the frequency and scale of cyber attacks rise, companies are at higher risk of cyber security breaches. Detecting and defending against attacks are becoming increasingly difficult in large-scale networks.

The SDN Defender is a tool to detect and manage cyber attacks in large-scale networks. It makes use of Software Defined Networking (SDN), which leverages software instead of hardware to manage a network. This provides a central control point for network administrators to make changes to the network. By using this centralised control point, SDN Defender enables network administrators to quickly detect and respond to cyber attacks, reducing the risk of data breaches and minimising the impact of the attacks.

Key Benefits

• Effective – Reduces number of cyber attacks from external networks
• Secure – Increases cyber resilience

Key Technologies Used

• Machine Learning/AI
• Python Coding
• Intrusion Detection System (IDS) / SNORT
• Ryu SDN controller
• Mininet

Potential Enhancements

This application can be enhanced with the following:

• Detection and mitigation of application layer attacks
• Simulations of more complex attacks

Project By

• Lee Ho Yang, Larry (Project Leader)
• Cai Junxing
• Muhammad Aqif Bin Noorazman
• Zachary Ng Hua En

Supervisor

Lim Chee Yang(Mr.)

Industry Partner

Temasek Polytechnic

Close

Project Background

This game is aimed at Year 1 cybersecurity students and people who have a general interest in the field of forensics. This project addresses a common problem in the field of cyber forensics, which is that some individuals may not have the necessary knowledge and training to properly collect as well as analyse digital evidence. 

The game is a top-down 2-D role-based player game where the player is a first responder crime scene investigator. Through playing this game, it allows players to learn the technical jargons and core processes of evidence processing to ensure forensics soundness when making the appropriate choices. Players will learn and gain new forensics knowledge as they attempt the game.​

This game is educational because it provides resources such as video selections that allow players to learn more about cyber forensics. There is also a well-detailed guide where information based on globally trusted sources can be found so that players can use them in the gameplay. Finally, players can also choose from the five unique scenarios in the game. This allows them to adapt and apply the knowledge accordingly to the different scenarios.

Key Benefits

• Realism - Accurate representation of the crime scene investigation.
• Educational – Critical thinking when deciding on the most appropriate choice based on different scenarios.
• Credible - Evidence collection/analysing techniques are based on reliable sources (e.g. Canadian Mounted Police and School of Computer Science, University College Dublin, Ireland).

Key Technologies Used

• Unity build 2021.3.5f1
• Coded in C#
• GitHub and Visual Studio Code

Potential Enhancements

This application can be enhanced with the following:

• Inventory system to help record the evidence and an updated summary page
• Leaderboard system to help make the game more competitive 

Project By

• Darius Tan (Project Leader)
• Muhammad Hanis B Abu Bakar
• Sim Kian Wei
• Norman Chew Yong Jun

Supervisor

Seah Chong Poh (Mr.)

Industry Partner

Temasek Polytechnic

Close

Project Background

With the rise of Smart Industries devices which allow for more efficient and flexible production capabilities centered around digitalisation as well as Internet of Things (IoT) devices, vulnerabilities are bound to appear. This allows adversaries to exploit the vulnerabilities which can potentially harm organisations and people, either financially or physically. Currently, there is a lack of Industrial IoT (IIoT) focused vulnerability databases that provide vulnerability information regarding IIoT, making it tedious for users to learn about the vulnerabilities pertaining to their IIoT devices.​

The IIoT Vulnerability Search Database will serve as a central database that provides vulnerability information regarding IIoT devices. With a central database, users can easily search for IIoT and related Smart Industry device’s vulnerabilities. In addition, the central database also provides information about malware attacks on Smart Industries and IIoT. For example, users would be able to search via the vendor, device name and OS version to see if their IIoT device contains any known vulnerabilities.

Key Benefits

• Convenient - One stop database that allows users to search for vulnerabilities of IIoT devices with ease.​
• Secure - Technical advisory with best practices to mitigate against malware attacks on IIoT through reports on IIoT malwares.
• Educational - Educate users to be aware of vulnerabilities and take steps to secure their systems.​

Key Technologies Used

• Automated Data Harvesting Tool
• MongoDB Atlas
• HTML, CSS, Python, PHP, JavaScript
• Google Cloud Platform

Potential Enhancements

This application can be enhanced with the following:

• Introduction of NLP and/or Machine Learning to enhance the search feature 
• Automation of Data Processing and Dedicated Vulnerability API

Project By

• Aurelius Lai Han Ze (Project Leader)
• Muhammad Husaini Bin Muhammad Haizal Bonawi
• Suriya Sivakumar
• Ualath Jonderic Bringas

Supervisor

Rosita Jupri (Ms.)

Industry Partner

Temasek Polytechnic

Close

Project Background

MalScape or Malware Escape, is an educational game that boasts a 3D immersive and interactive environment. Learning experience is made exciting for users to attain critical knowledge on Malware through a strong association with puzzle games to keep the learning journey fun and achieve awareness against the malicious threats within the ever-advancing digital world.

MalScape can serve as a secondary option for visitors or allow users with an immersive tour experience as guests within the Malware Analysis Centre that exists only in Temasek Polytechnic. The Malware Analysis Centre at Temasek Polytechnic is the first of its kind in an educational institution in Southeast Asia. It focuses on the detection and identification of malware and forensic investigations. The Centre is unique as it functions as a learning enterprise where students support walk-in clients at the Centre using leading industry technologies and processes.

Key Benefits

• Enjoyable - Users enjoy while learning about the potential digital threats that advanced technologies are facing.
• Futuristic – The Malware Analysis Centre will be showcased through a futuristic yet easy to follow tour to the general public.

Key Technologies Used

• Unity3D
• Blender
• Visual Studio Code

Potential Enhancements

This application can be enhanced with the following:

• Additional intricated game levels with advanced puzzles

Project By

• Ashari Bin Samian
• Huwaini Bte Punari
• James Ng Junxian
• Samantha Teo Qing Ru

Supervisor

Jet Lim.

Industry Partner

Temasek Polytechnic

Close