Cybersecurity and the new digital threats

Associate professor Engin Kirda (center) was installed as the Sternberg Interdisciplinary Associate Professor of Information Assurance. President Joseph E. Aoun (right) and Provost Stephen Director (left) awarded Kirda with a medal. Photo by Mary Knox Merrill.

Our rising depen­dence on net­worked sys­tems makes it increas­ingly ben­e­fi­cial for hackers to exploit it, Engin Kirda said on Monday after­noon in a lec­ture enti­tled “Taming the Mali­cious Internet.”

The event marked Kirda’s instal­la­tion as the inau­gural Sy and Laurie Stern­berg Inter­dis­ci­pli­nary Asso­ciate Pro­fessor for Infor­ma­tion Assur­ance. Kirda is the director of Northeastern’s Insti­tute for Infor­ma­tion Assur­ance, and has joint appoint­ments in the Col­lege of Com­puter and Infor­ma­tion Sci­ence and the Col­lege of Engi­neering’s Depart­ment of Elec­trical and Com­puter Engi­neering.

His work crosses a spec­trum of dis­ci­plines and has a major impact on research vital to society, Larry Finkel­stein, dean of the Col­lege of Com­puter and Infor­ma­tion Sci­ence, said in his intro­duc­tion of Kirda.

Stephen W. Director, provost and senior vice pres­i­dent for aca­d­emic affairs, pre­sented Kirda with a medal­lion rec­og­nizing his accom­plish­ments in inter­dis­ci­pli­nary research addressing an area of con­cern to society.

Fif­teen years ago, Kirda said, “the cyber­se­cu­rity sit­u­a­tion was not bad. We could keep every­thing in check.” Today, how­ever, our tech­nolo­gies are not evolving as quickly as the mali­cious soft­ware they are trying to pro­tect against. A problem that began with simple viruses attacking indi­vidual com­puters has mor­phed into a threat that could lead to an inter­na­tional cyberwar, a reality that, Kirda said, has not quite been real­ized but would cer­tainly be foreseeable.

Kirda believes that in order to tame the Internet — that is, “to keep it in check” —vul­ner­a­bil­i­ties need to be addressed through a variety of prac­tical solutions.

“There’s no silver bullet,” he said.

But in order to design the right solu­tions, we need to iden­tify the bad guys. These days the common “bank robber” doesn’t look the way he used to, Kirda said. Today he sits behind a com­puter often sev­eral thou­sand miles from the entity he is attacking. He is prob­ably young and smart — and under­standing the world through his eyes is crit­ical to defending against him.

Kirda has devel­oped a variety of secu­rity tools, including two that help unravel the attacker’s mindset. The first, Anubis, allows users to iden­tify mal­ware and send infor­ma­tion to a so-called “prison,” where it is dis­abled and ana­lyzed, gen­er­ating mal­ware reports. The second, FIRE, or FInding Rogue nEt­works, ana­lyzes the body of mal­ware reports coming from Anubis to expose orga­ni­za­tions and ISPs that exhibit mali­cious behavior, Kirda explained.

The soft­ware is useful for detecting mali­cious behavior and, more impor­tantly, for locating the com­mand and con­trol servers orches­trating that behavior. Destroying the com­mand center shuts down activity across a net­work of infected machines instead of trying to address indi­vidual attacks, Kirda said.

But these, he stressed, are just the tech­nical solu­tions. And they are only one part of the equa­tion. We also need to under­stand the human factor. Why, for example, do people get infected? Why do we click on links that could jeop­ar­dize our security?

Kirda believes the psy­chology behind user behavior can help cyber secu­rity devel­opers create more appro­priate mal­ware detec­tion and enable more tar­geted edu­ca­tional campaigns.

Cyber­se­cu­rity as a research field isn’t going any­where. The chal­lenge, Kirda explained, will be devel­oping cre­ative, inter­dis­ci­pli­nary solu­tions to a net­work of increas­ingly com­plex attacks.