National Science Foundation award will help K-State professor's research to thwart cyber attacks

March 12, 2010

A Kansas State University professor's research on thwarting cyber attacks is getting a boost from a National Science Foundation award for young faculty.

The foundation gave Simon Ou, K-State assistant professor of computing and information sciences, a CAREER Award. It supports the early career-development activities of junior teacher-scholars who most effectively integrate research and education within the context of the mission of their institution.

"Cybersecurity is an asymmetric warfare," Ou said. "The attackers only need to find one hole to compromise a system, whereas the defenders have to plug them all. Without automated reasoning, the cyberspace will continue to be the Wild West, where bad guys wreak havoc."

Ou will receive nearly $430,000 during five years for his project, "Reasoning under Uncertainty in Cybersecurity." His award marks K-State's fourth CAREER Award so far this year.

"The CAREER award will enable Simon to advance his research on enterprise network security and develop techniques for critical infrastructure protection," said Gurdip Singh, who heads K-State's computing and information sciences department. "This award will provide a great opportunity to further strengthen K-State's cybersecurity research program, a strategic area for our department, and to build a strong educational program -- particularly at the undergraduate level -- to train the next generation of cybersecurity leaders."

Ou's project seeks to improve cybersecurity by providing automated reasoning that a network administrator can use to reach a conclusion about what security breaches have happened and how they happened. Although computer scientists have developed reasoning models that work well for problems like disease diagnosis, these models have not proven effective in dealing with an active, malicious attacker who will try to break whatever assumptions are made in the model.

For the project, Ou will seek to formulate a reasoning model through first understanding how a human security analyst would reason about cyber-events. The eventual goal is to find the right theoretical framework for reasoning under the uncertainty that comes from not knowing a cyber attacker's actions and choices, and also from relying on imperfect sensors to report symptoms of potential attacks.

Beyond improving cybersecurity, Ou's project will provide research opportunities for K-State undergraduate students. Through K-State outreach programs, the test-bed infrastructure produced from the research then will educate the general public about cybersecurity problems.

Moreover, Ou said that the research will provide endless data and examples to refresh the materials of the cybersecurity courses he teaches. He also aims to develop new courses with a focus on uncertainty in cybersecurity defense.

Ou came to K-State in 2006 and directs research for the cybersecurity research group Argus. His research is primarily in enterprise network security defense with a focus on attack graphs, security configuration management, intrusion detection and security metrics for enterprise networks.

Ou earned a doctorate in computer science at Princeton University and then served as a post-doctoral research associate at Purdue University's Center for Education and Research in Information Assurance and Security, and also as a research associate at Idaho National Laboratory. He earned bachelor's and master's degrees in computer science from Tsinghua University in Beijing.

Kansas State University

Related Cybersecurity Articles from Brightsurf:

Computer scientists' new tool fools hackers into sharing keys for better cybersecurity
Instead of blocking hackers, a new cybersecurity defense approach developed by University of Texas at Dallas computer scientists actually welcomes them.

Cultural differences account for global gap in online regulation -- study
Differences in cultural values have led some countries to tackle the specter of cyber-attacks with increased internet regulation, whilst others have taken a 'hands-off' approach to online security -- a new study shows.

Study finds companies may be wise to share cybersecurity efforts
Research finds that when one company experiences a cybersecurity breach, other companies in the same field also become less attractive to investors.

$4.6 million award creates program to train cybersecurity professionals
A five-year, $4.63 million award from the National Science Foundation will enable a multi-disciplinary team of researchers at the University of Arkansas to create a program to recruit, educate and train the next generation of cybersecurity professionals.

First cyber agility framework to train officials developed to out-maneuver cyber attacks
To help train government and industry organizations on how to prevent cyberattacks, as part of a research project for the US Army, scientists at The University of Texas at San Antonio, developed the first framework to score the agility of cyber attackers and defenders.

Cyber of the fittest: Researchers develop first cyber agility framework to measure attacks
The framework proposed by the researchers will help government and industry organizations visualize how well they out-maneuver attacks over time.

Army researchers identify new way to improve cybersecurity
Researchers at the US Army Combat Capabilities Development Command's Army Research Laboratory, the Army's corporate research laboratory also known as ARL, and Towson University may have identified a new way to improve network security.

How susceptible are hospital employees to phishing attacks?
A multicenter study finds high click rate for simulated phishing emails, potential benefit in phishing awareness training.

A Georgia State cybersecurity study of the dark web exposes vulnerability to machine identities
A thriving marketplace for SSL and TLS certificates -- small data files used to facilitate confidential communication between organizations' servers and their clients' computers -- exists on a hidden part of the Internet, according to new research by Georgia State University's Evidence-Based Cybersecurity Research Group (EBCS) and the University of Surrey.

Army scientists revolutionize cybersecurity through quantum research
Army scientists have found a novel way to safeguard quantum information during transmission.

Read More: Cybersecurity News and Cybersecurity Current Events is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to