Fighting Cyber Threats

ECE & CCS Associate Professor Engin Kirda was selected as the inaugural Sy and Laurie Sternberg Interdisciplinary Associate Professor for Information Assurance for his work in cybersecurity.

Source: News @ Northeastern

Our rising depen­dence on net­worked sys­tems makes it increas­ingly ben­e­fi­cial for hackers to exploit it, Engin Kirda said on Monday after­noon in a lec­ture enti­tled “Taming the Mali­cious Internet.”

The event marked Kirda’s instal­la­tion as the inau­gural Sy and Laurie Stern­berg Inter­dis­ci­pli­nary Asso­ciate Pro­fessor for Infor­ma­tion Assur­ance. Kirda is the director of Northeastern’s Insti­tute for Infor­ma­tion Assur­ance, and has joint appoint­ments in the Col­lege of Com­puter and Infor­ma­tion Sci­ence and the Col­lege of Engi­neering’s Depart­ment of Elec­trical and Com­puter Engi­neering.

His work crosses a spec­trum of dis­ci­plines and has a major impact on research vital to society, Larry Finkel­stein, dean of the Col­lege of Com­puter and Infor­ma­tion Sci­ence, said in his intro­duc­tion of Kirda.

Stephen W. Director, provost and senior vice pres­i­dent for aca­d­emic affairs, pre­sented Kirda with a medal­lion rec­og­nizing his accom­plish­ments in inter­dis­ci­pli­nary research addressing an area of con­cern to society.

Fif­teen years ago, Kirda said, “the cyber­se­cu­rity sit­u­a­tion was not bad. We could keep every­thing in check.” Today, how­ever, our tech­nolo­gies are not evolving as quickly as the mali­cious soft­ware they are trying to pro­tect against.

A problem that began with simple viruses attacking indi­vidual com­puters has mor­phed into a threat that could lead to an inter­na­tional cyberwar, a reality that, Kirda said, has not quite been real­ized but would cer­tainly be foreseeable.

Kirda believes that in order to tame the Internet — that is, “to keep it in check” —vul­ner­a­bil­i­ties need to be addressed through a variety of prac­tical solutions.

“There’s no silver bullet,” he said.

But in order to design the right solu­tions, we need to iden­tify the bad guys. These days the common “bank robber” doesn’t look the way he used to, Kirda said. Today he sits behind a com­puter often sev­eral thou­sand miles from the entity he is attacking. He is prob­ably young and smart — and under­standing the world through his eyes is crit­ical to defending against him.

Kirda has devel­oped a variety of secu­rity tools, including two that help unravel the attacker’s mindset. The first, Anubis, allows users to iden­tify mal­ware and send infor­ma­tion to a so-​​called “prison,” where it is dis­abled and ana­lyzed, gen­er­ating mal­ware reports. The second, FIRE, or FInding Rogue nEt­works, ana­lyzes the body of mal­ware reports coming from Anubis to expose orga­ni­za­tions and ISPs that exhibit mali­cious behavior, Kirda explained.

The soft­ware is useful for detecting mali­cious behavior and, more impor­tantly, for locating the com­mand and con­trol servers orches­trating that behavior. Destroying the com­mand center shuts down activity across a net­work of infected machines instead of trying to address indi­vidual attacks, Kirda said.

But these, he stressed, are just the tech­nical solu­tions. And they are only one part of the equa­tion. We also need to under­stand the human factor. Why, for example, do people get infected? Why do we click on links that could jeop­ar­dize our security?

Kirda believes the psy­chology behind user behavior can help cyber secu­rity devel­opers create more appro­priate mal­ware detec­tion and enable more tar­geted edu­ca­tional campaigns.

Cyber­se­cu­rity as a research field isn’t going any­where. The chal­lenge, Kirda explained, will be devel­oping cre­ative, inter­dis­ci­pli­nary solu­tions to a net­work of increas­ingly com­plex attacks.

Related Faculty: Engin Kirda

Related Departments:Electrical & Computer Engineering