Chess is a centuries-old game of attack, defense, feint, and surprise. The Internet, and all the devices connected to it, is akin to a global chessboard – with programmers probing, attacking and defending constantly in their efforts to overcome their opponents.
In an effort to bolster the country’s cyber defenses, the Academy Center for Cyberspace Research of the U.S. Air Force Academy has awarded a three-year, $400,000 grant to Western Washington University assistant professor of computer science Julian Rrushi, whose research is focused on defending electronic infrastructure from malware attacks. Malware is malicious, damaging software introduced by a third party which can do anything from dropping the defenses of a server and making it ripe for a second attack, to worming its way into a computer’s built-in software and taking over the entire system.
“We are researching defensive cyber deception techniques to counter malware on computers in production on the very first encounter with them,” said Rrushi. “And once we figure out ways to stop a certain type of attack, we know these hackers – whether they are single individuals or working on behalf of a hostile nation – are already planning the next attack, so we need to stay a step ahead.”
Like an immunologist testing vaccines against samples of bacteria in Petri dishes, Rrushi has access to thousands of snippets of known malware code that he can use to test his new defenses. One research objective is intrusion tolerance, which enables a compromised computer to initially isolate malware, and then gradually fully recover from them. The various strategies he employs use hardware support and steganography, or embedding hidden communications within other, seemingly innocuous code strings.
Another area Rrushi is working on is called “attack attribution,” or the effort of those defending a system to know who is attacking it.
“It’s normally very difficult to attribute an attack to an individual or nation, and we are working to make that attribution more clear so we better understand where the threats are coming from,” he said.
Rrushi is concentrating much of his research on ways to defend the country’s industrial control systems – such as the computers that serve and maintain the nation’s power grid.
“Hackers are always working to gather data on how to bring down key industrial complexes, which are obviously vital to the nation,” he said.
Seth Simms of Bellingham has been involved in the defense of his country since 2010, when he deployed to Afghanistan with the U.S. Army. After his tour, he enrolled at Western and earned a bachelor’s degree in computer science in 2016, completed his master’s degree at WWU last spring, and was a part of Rrushi’s research team. He said he sees his work with Rrushi as defending the country the same way he did overseas.
“Cybersecurity is a rapidly growing field, and governments, corporations, and private individuals are at risk. In many ways we are still only catching up to the adversary, but this research provides a novel detection technique and gives us control over the attack as it is happening,” he said.
Simms was joined in the lab with fellow graduate students Roberto Vergaray and Gian-Carlo DeFazio as part of Rrushi’s research team, scouring the Internet for what Rrushi called “zero-day malware” – brand-new malware not yet widely seen or known – and testing their defenses against them is the battle that he and his research team fight in the lab every day.
“They are not easy to detect, but building novel defenses that can outperform brand-new malware is a huge part of why the U.S. Air Force Academy is funding our research. We need to test our research against the newest, most advanced threats, as often as we can,” he said.
Rrushi has taught at Western since 2014 and earned his doctorate in computer science from the University of Milan in 2009.
For more information on Rrushi’s research or the grant, contact him at Julian.Rrushi@wwu.edu or at (360) 650-4221.