Dr. Guofei Gu and Dr. Jyh-Charn Liu in the Department of Computer Science and Engineering at Texas A&M University are developing game-changing defense approaches to beat cyber attackers in two very different, but important, aspects of cybersecurity.
Proactive Cyber Defense
Gu, associate professor and director of the Secure Communication and Computer Systems (SUCCESS) Lab at Texas A&M, has developed techniques to automatically uncover unknown vulnerabilities in existing software so that defenders can detect the problems ahead of cyber attackers. This technique has identified more than two dozen serious vulnerabilities in widely used software from vendors such as Google, Adobe and Microsoft.
“Most current cybersecurity solutions are passive and reactive, focusing on known attacks,” Gu said. “The situation is becoming worse because the economic engine of profit-driven cyberattacks is quickly transforming the threat and defense landscape to favor more on attackers, as they enjoy many fundamental advantages over defenders.”
To combat this issue, Gu and his team developed PeerPress, a prototype system with new analysis techniques that automatically extract intrinsic and harmful behaviors from malware, and then use them for active, robust and scalable malware detection.
The team has also developed CyberProbe and AutoProbe, two new techniques that can automatically learn and extract malware’s control logic so that defenders can perform accurate and active detection of global malicious cyber infrastructures in the whole Internet IPv4 space in just a few hours.
Gu is also heavily involved in the investigation of potential security implications of software-defined networks (SDN), which are being proposed by researchers and vendors alike as a way to serve the demand for highly flexible network infrastructures to support dynamic services on the internet or for cloud computing. One of the fundamental advantages of SDN is its centralized control plane which provides visibility of the entire network.
He and his team have designed the first security constraint enforcement kernel for SDN controllers, FortNOX; FRESCO, the first security application development framework for SDN; and AvantGuard, the first scalable and vigilant switch flow management solution in SDN to defend against control plane saturation attacks.
SDN controllers are designed to provide a centralized management system for the network. Gu’s research in this area also revealed and helped fix several previously unknown serious topology poisoning vulnerabilities in almost all widely used SDN controllers.
Protecting GPS Signals
Liu, professor and director of the Real Time Distributed Systems Lab, is currently working on developing algorithms to detect incorrect signals of the Global Navigation Satellite Systems (GNSS). Not only recognizing them, but finding a way to combat these errors due to spoofing or natural interference is a central focus in the efforts he and his collaborators are pursuing. To achieve cohesiveness in GNSS signals, Liu and his team are working to create an experimental environment which supports the development of computing algorithms that are able to detect spoofing that occurs in the real world. In turn, this will allow for more reliable information to be provided by location-based applications, such as Google Maps on smartphones, that we use daily.
Liu began studying the subject when GPS spoofing emerged as a cyber physical security issue. He works alongside his students in the RTDS lab, as well as Dr. Mladen Kezunovic, Eugene E. Webb Professor, and Alex Sprintson, associate professor from the Department of Electrical and Computer Engineering at Texas A&M.
The most challenging aspect of this topic is figuring out a way to guard the unprotected data at the unknown place and time.
“We formulated the problem into an integrity checking problem, and we aim to develop distributed computing algorithms on the basis of the well-established theories in distributed computing,” Liu said. “We also aim to develop software based solutions, so that they can be more easily disseminated to the massive consumer market in defending against various data errors, man-made or natural causes.”
In order to validate the defense algorithm designs, Liu and his team have replicated the GPS spoofing in a Faraday cage, where a radio frequency software defined radio coupled with open source GPS simulator manipulates a smartphone GPS receiver.
This research has a large scope of impact including consumer general navigation such as GPS mapping, industry control, power grid sensing and control, and autonomous vehicles.
Awards and Honors
The research conducted by Liu and his colleagues on campus and in industry has led to an award from the Department of Energy for the Development of Next Generation Cybersecurity Technologies and Tools. This award is given to projects that will enhance the reliability and resilience of the nation’s energy critical infrastructure through innovative, scalable, and cost-effective research, development and demonstration of cybersecurity solutions.
Gu and his team in the SUCCESS lab have published their results in top computer security conferences such as the IEEE Symposium on Security & Privacy, the ACM Conference on Computer and Communications Security, and the Annual Network & Distributed System Security Symposium. Their vulnerability detection work won the best student paper award at the 2010 IEEE Symposium on Security & Privacy. FRESCO won the finalist for 2013 AT&T Best Applied Security Paper award and their research has also won the 2013 AFOSR Young Investigator award. Additional research done by the team won the Best Paper Award at the 2015 International Conference on Distributed Computing Systems, which also resulted in a U.S. patent and technology transfer to a commercial partner.