Cybersecurity experts investigate self-adapting computer network that defends itself from hackers

May 10, 2012

MANHATTAN, Kan. -- In the online struggle for network security, Kansas State University cybersecurity experts are adding an ally to the security force: the computer network itself.

Scott DeLoach, professor of computing and information sciences, and Xinming "Simon" Ou, associate professor of computing and information sciences, are researching the feasibility of building a computer network that could protect itself against online attackers by automatically changing its setup and configuration.

DeLoach and Ou were recently awarded a five-year grant of more than $1 million from the Air Force Office of Scientific Research to fund the study "Understanding and quantifying the impact of moving target defenses on computer networks." The study, which began in April, will be the first to document whether this type of adaptive cybersecurity, called moving-target defense, can be effective. If it can work, researchers will determine if the benefits of creating a moving-target defense system outweigh the overhead and resources needed to build it.

Helping Ou and DeLoach in their investigation and research are Kansas State University students Rui Zhuang and Su Zhang, both doctoral candidates in computing and information sciences from China, and Alexandru Bardas, doctoral student in computing and information sciences from Romania.

As the study progresses the computer scientists will develop a set of analytical models to determine the effectiveness of a moving-target defense system. They will also create a proof-of-concept system as a way to experiment with the idea in a concrete setting.

"It's important to investigate any scientific evidence that shows that this approach does work so it can be fully researched and developed," DeLoach said. He started collaborating with Ou to apply intelligent adaptive techniques to cybersecurity several years ago after a conversation at a university open house.

The term moving-target defense -- a subarea of adaptive security in the cybersecurity field -- was first coined around 2008, although similar concepts have been proposed and studied since the early 2000s. The idea behind moving-target defense in the context of computer networks is to create a computer network that is no longer static in its configuration. Instead, as a way to thwart cyber attackers, the network automatically and periodically randomizes its configuration through various methods -- such as changing the addresses of software applications on the network; switching between instances of the applications; and changing the location of critical system data.

Ou and DeLoach said the key is to make the network appear to an attacker that it is changing chaotically while to an authorized user the system operates normally.

"If you have a Web server, pretty much anybody in the world can figure out where you are and what software you're running," DeLoach said. "If they know that, they can figure out what vulnerabilities you have. In a typical scenario, attackers scan your system and find out everything they can about your server configuration and what security holes it has. Then they select the best time for them to attack and exploit those security holes in order to do the most damage. This could change that."

Creating a computer network that could automatically detect and defend itself against cyber attacks would substantially increase the security of online data for universities, government departments, corporations and businesses -- all of which have been the targets of large-scale cyber attacks.

In February 2011 it was discovered that the Nasdaq Stock Market's computer network had been infiltrated by hackers. Although federal investigators concluded that it was unlikely the hackers stole any information, the network's security had been left vulnerable for more than a year while the hackers visited it numerous times.

According to Ou, creating a moving-target defense system would shift the power imbalance that currently resides with hackers -- who need only find a single security hole to exploit -- back to the network administrators -- who would have a system that frequently removes whatever security privileges attackers may gain with a new clean slate.

"This is a game-changing idea in cybersecurity," Ou said. "People feel that we are currently losing against online attackers. In order to fundamentally change the cybersecurity landscape and reduce that high risk we need some big, fundamental changes to the way computers and networks are constructed and organized."
-end-
A related story about how this cybersecurity model may benefit a new cloud-based network for businesses can be read at http://bit.ly/ID4z9F.

Kansas State University

Related Cybersecurity Articles from Brightsurf:

Computer scientists' new tool fools hackers into sharing keys for better cybersecurity
Instead of blocking hackers, a new cybersecurity defense approach developed by University of Texas at Dallas computer scientists actually welcomes them.

Cultural differences account for global gap in online regulation -- study
Differences in cultural values have led some countries to tackle the specter of cyber-attacks with increased internet regulation, whilst others have taken a 'hands-off' approach to online security -- a new study shows.

Study finds companies may be wise to share cybersecurity efforts
Research finds that when one company experiences a cybersecurity breach, other companies in the same field also become less attractive to investors.

$4.6 million award creates program to train cybersecurity professionals
A five-year, $4.63 million award from the National Science Foundation will enable a multi-disciplinary team of researchers at the University of Arkansas to create a program to recruit, educate and train the next generation of cybersecurity professionals.

First cyber agility framework to train officials developed to out-maneuver cyber attacks
To help train government and industry organizations on how to prevent cyberattacks, as part of a research project for the US Army, scientists at The University of Texas at San Antonio, developed the first framework to score the agility of cyber attackers and defenders.

Cyber of the fittest: Researchers develop first cyber agility framework to measure attacks
The framework proposed by the researchers will help government and industry organizations visualize how well they out-maneuver attacks over time.

Army researchers identify new way to improve cybersecurity
Researchers at the US Army Combat Capabilities Development Command's Army Research Laboratory, the Army's corporate research laboratory also known as ARL, and Towson University may have identified a new way to improve network security.

How susceptible are hospital employees to phishing attacks?
A multicenter study finds high click rate for simulated phishing emails, potential benefit in phishing awareness training.

A Georgia State cybersecurity study of the dark web exposes vulnerability to machine identities
A thriving marketplace for SSL and TLS certificates -- small data files used to facilitate confidential communication between organizations' servers and their clients' computers -- exists on a hidden part of the Internet, according to new research by Georgia State University's Evidence-Based Cybersecurity Research Group (EBCS) and the University of Surrey.

Army scientists revolutionize cybersecurity through quantum research
Army scientists have found a novel way to safeguard quantum information during transmission.

Read More: Cybersecurity News and Cybersecurity Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.