Imagine burglars have targeted your home, but before they break in, you’ve already moved and are safe from harm.
Now apply that premise to protecting a computer network from attack. Hackers try to bring down a network, but critical tasks are a step ahead of them, thanks to complex algorithms. The dreaded “network down” or denial of service message never flashes on your screen.
That’s the basic idea behind new research by George Mason University researchers, who recently landed some $4 million in grants from the Defense Advanced Research Projects Agency (DARPA). George Mason’s researchers are leading an effort that includes Columbia University, Penn State University and BAE Systems.
“Our research is vital as a real-world solution to these attacks, which are one of the most critical cybersecurity threats today, crippling online businesses with downed websites, financial losses and damaged client relationships,” said Angelos Stavrou, who leads the research team and teaches in Mason’s Management of Secure Information Systems Program.
Mason is positioning itself at the forefront of cybersecurity research.
Cyber criminals take down a website by overwhelming it with traffic. The most common approach is to flood a server with requests because servers can only handle so much traffic before shutting down.
Denial-of-service attacks hit record highs last year, up nearly 150 percent, according to cybersecurity firm Akamai. These attacks last between 6 and 24 hours and cost $500,000 or more, another survey notes.
Responding to this threat is akin to an arms race, Fleck said. Companies and governments put scores of servers into play to fight off the attacks. Seconds count for mission-critical systems, especially for the military. Hackers step up their efforts to counter the numerous servers.
“It’s an arms race no one wants to be in,” he said.
Researchers feel your pain
Fleck knows what it feels like to be on the receiving end of a denial-of-service attack.
“It happened to me a couple of days ago,” Fleck said. “It’s very frustrating. I need to get something done and I can’t. As a security person, I’m always wondering if it’s a security problem.”
Mason researchers are working on the next step in fending off computer hackers. It’s a method called “shuffling” in which hackers and regular users are quickly separated through a series of splits that eventually isolate the bad actors.
Solving one problem means another will spring up, making the field an exciting one.
“In security, you actually have an adversary,” Fleck said. “You wonder what they’re going to do when you solve the problem.”