Kansas State University cybersecurity professors Scott DeLoach and Xinming "Simon" Ou are conducting groundbreaking research into the development of computer networks that could defend themselves against attacks.
The researchers are looking into designs in which the networks, after detecting an intrusion attempt, could autonomously respond by altering aspects of the system's configurations.
DeLoach and Ou have been awarded over one-million dollars in grants from the Air Force to conduct the five year study into the development of an adaptive "moving-target defense" defense system to protect critical networks from attacks.
"As the study progresses the computer scientists will develop a set of analytical models to determine the effectiveness of a moving-target defense system. They will also create a proof-of-concept system as a way to experiment with the idea in a concrete setting," a Kansas State University press release states.
The research is aimed at determining if the development of adaptive defense systems is not only feasible, but also cost-effective from a resource allocation perspective.
"It's important to investigate any scientific evidence that shows that this approach does work so it can be fully researched and developed," DeLoach said.
The concept of a "moving-target defense" was first proposed over a decade ago, and other researchers have toyed with the idea, but this is the first instance where a sizeable level of funding has been committed to investigating the notion.
"The idea behind moving-target defense in the context of computer networks is to create a computer network that is no longer static in its configuration. Instead, as a way to thwart cyber attackers, the network automatically and periodically randomizes its configuration through various methods -- such as changing the addresses of software applications on the network; switching between instances of the applications; and changing the location of critical system data," the release explained.
To an attacker, an adaptive defense response would thwart an intrusion attempt by randomly changing network settings, but key to the concept is the ability of the network to simultaneously operate normally for an authenticated user.
"If you have a Web server, pretty much anybody in the world can figure out where you are and what software you're running. If they know that, they can figure out what vulnerabilities you have. In a typical scenario, attackers scan your system and find out everything they can about your server configuration and what security holes it has. Then they select the best time for them to attack and exploit those security holes in order to do the most damage. This could change that," DeLoach said
The researchers believe the development of such a defense mechanism would turn the tables to a significant degree on attackers who currently have the upper hand by needing only to identify one exploitable vulnerability to wreak havoc on a system.
"This is a game-changing idea in cybersecurity. People feel that we are currently losing against online attackers. In order to fundamentally change the cybersecurity landscape and reduce that high risk we need some big, fundamental changes to the way computers and networks are constructed and organized," Ou said.