Do you recall when the computer network for Nasdaq Stock Market was infiltrated by hackers? What if a network was self-morphing and could protect itself against hackers by automatically changing its setup and configuration? Now you see me, but now you don't? Kansas State University cybersecurity experts are delving into the idea of applying intelligent adaptive techniques to cybersecurity.
Instead of a network with a static configuration, two big Kansas State University cybersecurity brains believe cyberattackers could be thwarted if the "network automatically and periodically randomizes its configuration through various methods -- such as changing the addresses of software applications on the network; switching between instances of the applications; and changing the location of critical system data." This makes it a moving-target defense. "The key is to make the network appear to an attacker that it is changing chaotically while to an authorized user the system operates normally."
Kansas State University associate professor of computing and information sciences Xinming "Simon" Ou and Scott DeLoach, professor of computing and information sciences, were awarded a five-year grant of over $1 million from the Air Force Office of Scientific Research to study this moving-target defense, a type of adaptive cybersecurity. More than researching the feasibility of networks that can automatically detect and defend themselves from online attackers, they "will also create a proof-of-concept system as a way to experiment with the idea in a concrete setting."
Ou said to think of your business' computer network as the parking lot of Walmart. Most days the lot is not completely full, but on Black Friday it's crammed with cars. A business has to build its network so it can handle those peak times, perhaps for Cyber Monday, such as in the parking lot example. "Creating a moving-target defense - computer networks that could defend against cyberattacks by automatically changing their configuration to close security holes - may also help develop a fundamental change in how computer networks are hosted," Ou said.
By utilizing a cloud provider that allocates more bandwidth as needed at peak times, businesses would not have to invest in as much hardware, software or "maintain an information technology work force," according to Ou. "The key economic benefit from a cloud system is its elasticity to meet the changing needs by expanding and shrinking a hosted network, which requires the fundamental building block of a moving-target network. It then makes sense that a cloud-hosted business network adopt moving-target technologies that naturally combine more flexible business and better security."
"If you have a Web server, pretty much anybody in the world can figure out where you are and what software you're running," DeLoach explained. "If they know that, they can figure out what vulnerabilities you have. In a typical scenario, attackers scan your system and find out everything they can about your server configuration and what security holes it has. Then they select the best time for them to attack and exploit those security holes in order to do the most damage. This could change that."
Instead of malicious hackers or automated attackers needing to find only one security hole to exploit, a self-morphing computer network system that "frequently removes whatever security privileges attackers may gain" would shift the security balance back to network administrators. Ou called the moving-target defense applied to networks a "game-changing idea in cybersecurity." If successful it could "substantially increase the security of online data for universities, government departments, corporations and businesses -- all of which have been the targets of large-scale cyberattacks."
While that may be true, once upon a time there was a self-morphing computer network that was created with the best of cybersecurity intentions to "remove the possibility of human error and slow reaction time to guarantee a fast, efficient response to enemy attack." It did not blink, sleep or eat. One day, when the administrators realized this self-aware system could change its own configurations, could detect and defend all systems, the admins tried to deactivate it. Then all humans, not only online attackers, became the threat to be eliminated and destroyed. Hello, Skynet.
Just joking. Kinda.