Virginia Tech's Danfeng Yao awarded $450,000 from ONR to improve cyber security
Cyber attacks and cyber espionage is a top threat against the U.S., according to the intelligence community.
"Hopefully, the results from this project will not only solve urgent cyber security problems, but also have long-term impact," said Yao. "For immediate applicability, we will produce tools for system assurance, enabling cyber defenders to identify clandestine computer activities that should not happen. Our quantitative assurance modeling capability will advance the science of security. It will inspire the security community to produce more permanent solutions."
In order to detect anomalies that might suggest a breach in cyber security, an observer must understand the intended behaviors of computer systems and programs. Once they are understood, then appropriate actions can then be taken, allowing attacks on hardware/software to be thwarted. However, complications arise because program and system behaviors are diverse and often unpredictable.
Yao's research focus has been on this methodology development for novel, practical, and quantitative anomaly detection. Specifically, she is analyzing causal relations of events and producing instructions for detecting anomalies in computer programs, systems, and networks.
"Research models indicate how complex software systems should behave; the model is then used to predict whether a running system is functioning properly or compromised by attackers," said Yao. "The advantages are two-fold: early detection and the ability to detect previously unreported attacks. Our technical approach is unique in that it is backed up by a rigorous quantitative foundation and current experiments have already confirmed accurate predictions."
Using real-time quantified system assurance (QSA), Yao will compute what is called an accurate system assurance index. This index is the planned and systematic set of activities that assure systems engineering processes and products will conform to systems requirements for safety and reliability. It also reflects the likelihood of each system event occurring according to the intended software program behaviors.
In 2010, Yao was awarded $530,000 National Science Foundation (NSF) Faculty Early Career Development (CAREER) grant to develop software that differentiates human-user computer interaction from malware.
Most recently in November of 2012, she received a Best Paper Award at the International Conference on Network Protocols (ICNP), a premier computer networking conference. She collaborated with researchers at the Chinese Academy of Sciences and Michigan State University inspecting network traffic for security. With her collaborators, Yao found parallels between the natural language processing and network traffic analysis, and experimentally demonstrated the accuracy of data mining methods used with large-scale datasets.
The researcher earned her undergraduate degree in chemistry from Peking University in Beijing, China, in 1998, followed by a master's degree in chemistry from Princeton University in 2000. Yao received a master's from Indiana University in 2002 and a doctoral degree from Brown University, both in the computer science field. Prior to joining the Virginia Tech community in 2009, she was an assistant professor at Rutgers University's CS department for two years.
"The department is proud that Dr. Yao's research in user-based anomaly detection to identify malware (i.e., malicious software) will be supported by this new, substantial grant from the Office of Naval Research," said Barbara Ryder, the J. Byron Maupin Professor of Engineering and the department head of computer science. "The funding will positively impact Dr. Yao's active research group of seven doctoral students and several undergraduate researchers."
Provided by Virginia Tech