Our rising dependence on networked systems makes it increasingly beneficial for hackers to exploit it, Engin Kirda said on Monday afternoon in a lecture entitled “Taming the Malicious Internet.”
The event marked Kirda’s installation as the inaugural Sy and Laurie Sternberg Interdisciplinary Associate Professor for Information Assurance. Kirda is the director of Northeastern’s Institute for Information Assurance, and has joint appointments in the College of Computer and Information Science and the College of Engineering’s Department of Electrical and Computer Engineering.
His work crosses a spectrum of disciplines and has a major impact on research vital to society, Larry Finkelstein, dean of the College of Computer and Information Science, said in his introduction of Kirda.
Stephen W. Director, provost and senior vice president for academic affairs, presented Kirda with a medallion recognizing his accomplishments in interdisciplinary research addressing an area of concern to society.
Fifteen years ago, Kirda said, “the cybersecurity situation was not bad. We could keep everything in check.” Today, however, our technologies are not evolving as quickly as the malicious software they are trying to protect against. A problem that began with simple viruses attacking individual computers has morphed into a threat that could lead to an international cyberwar, a reality that, Kirda said, has not quite been realized but would certainly be foreseeable.
Kirda believes that in order to tame the Internet — that is, “to keep it in check” —vulnerabilities need to be addressed through a variety of practical solutions.
“There’s no silver bullet,” he said.
But in order to design the right solutions, we need to identify the bad guys. These days the common “bank robber” doesn’t look the way he used to, Kirda said. Today he sits behind a computer often several thousand miles from the entity he is attacking. He is probably young and smart — and understanding the world through his eyes is critical to defending against him.
Kirda has developed a variety of security tools, including two that help unravel the attacker’s mindset. The first, Anubis, allows users to identify malware and send information to a so-called “prison,” where it is disabled and analyzed, generating malware reports. The second, FIRE, or FInding Rogue nEtworks, analyzes the body of malware reports coming from Anubis to expose organizations and ISPs that exhibit malicious behavior, Kirda explained.
The software is useful for detecting malicious behavior and, more importantly, for locating the command and control servers orchestrating that behavior. Destroying the command center shuts down activity across a network of infected machines instead of trying to address individual attacks, Kirda said.
But these, he stressed, are just the technical solutions. And they are only one part of the equation. We also need to understand the human factor. Why, for example, do people get infected? Why do we click on links that could jeopardize our security?
Kirda believes the psychology behind user behavior can help cyber security developers create more appropriate malware detection and enable more targeted educational campaigns.
Cybersecurity as a research field isn’t going anywhere. The challenge, Kirda explained, will be developing creative, interdisciplinary solutions to a network of increasingly complex attacks.