UCR computer scientists boost US cybersecurity

As cyber threats grow more sophisticated by the day, UC Riverside researchers are making computing safer thanks to federally funded research that targets some of the internet's most pressing security challenges.

Backed by agencies such as the National Science Foundation and the U.S. Department of Defense, UCR computer science and engineering students and faculty in the Marlan and Rosemary Bourns College of Engineering are developing tools to expose hidden vulnerabilities, protect private data, and strengthen the digital defenses that safeguard everything from personal communications to national infrastructure.

Their work is on the forefront of cybersecurity innovation-and underscores the critical role of federal investment in higher education research.

"Cybersecurity it impacts every aspect of our lives, from personal privacy to national security. At UC Riverside, with support from federal grants, we're training the next generation of computer scientists and engineers who are already making the internet and IT systems safer for everyone," said Amit Roy-Chowdhury, a Bourns professor and co-director of the UC Riverside Artificial Intelligence Research and Education (RAISE) Institute.

Here are examples of computer security innovations published and presented at conferences this year:



Protecting data in AI learning

As artificial intelligence spreads into healthcare, finance, and government, privacy is paramount. But UCR graduate student Hasin Us Sami discovered that even methods designed to keep sensitive information safe can be compromised.

His paper, "Gradient Inversion Attacks on Parameter-Efficient Fine-Tuning," shows that adversaries can reconstruct private images from a training process called federated learning that was thought to be safer. Federated learning lets users train AI models on their own devices without sharing raw data. The research found that attackers could reverse-engineer data from the information that is shared.

Sami demonstrated how malicious servers could retrieve private images during training from state-of-the-art learning architectures, underscoring the urgent need for stronger defenses. The work was recognized at the 2025 IEEE/CVF Conference on Computer Vision and Pattern Recognition, one of the top gatherings of AI researchers.

His paper was co-authored by graduate student Swapneel Sen, professors Amit K. Roy-Chowdhury and Srikanth V. Krishnamurthy, and assistant professor Basak Guler.

Unmasking firewall weaknesses

Research by graduate student Qing Deng focused on firewalls that millions rely on for protection. In "Beyond the Horizon: Uncovering Hosts and Services Behind Misconfigured Firewalls," Deng and colleagues revealed that small configuration mistakes could open the door to cyber intruders.

By scanning the internet for unusual access points, Deng uncovered more than 2 million hidden services exposed by misconfigured firewalls-ranging from outdated servers to vulnerable home routers. These flaws, though overlooked for years, create what the team calls an "expanded observable internet," a larger attack surface than security experts previously realized.

The paper was co-authored by graduate students Juefei Pu, Zhaoweo Tan, and professors Zhiyun Qian and Srikanth V. Krishnamurthy.



Detecting invisible network flaws

For doctoral student Keyu Man, the threat of invisible "side-channel" attacks is a high priority. These attacks exploit subtle quirks in network protocols to allow hackers to hijack connections in a commonly used kind of server.

Known as "domain name system" servers, these computers translate human-friendly domain names into machine-readable IP addresses, allowing devices to find and connect to the right server.

Man co-authored "SCAD: Towards a Universal and Automated Network Side-Channel Vulnerability Detection," which introduces a tool called Side-ChAnnel Detector, or SCAD, to automatically uncover weaknesses in widely used operating systems like Linux and FreeBSD. Unlike previous methods that required weeks of painstaking manual work, SCAD can identify flaws in a single day of analysis.

Man's research revealed 14 vulnerabilities-seven previously unknown-that could have been exploited for devastating cyberattacks. By automating the process, SCAD could change how industry protects critical online infrastructure.

The co-authors of this study include graduate students Zhongjie Wang, Yu Hao, Shenghan Zheng, Xin'an Zhou, Yue Cao, and professor Zhiyun Qian.