acm-header
Sign In

Communications of the ACM

ACM Careers

Computer Science Professor Brings the Skills of a Detective to Combat Cyber Attacks


View as: Print Mobile App Share:
UVA Engineering Assistant Professor of Computer Science Yonghwi Kwon

"We are developing automated techniques that analyze insecure programs and make them secure," says UVA Engineering Assistant Professor of Computer Science Yonghwi Kwon.

Sherlock Holmes. Miss Marple. Sam Spade. Columbo. Yonghwi Kwon?

Unlike famous fictional detectives, Yonghwi Kwon, the John Knight Career Enhancement Assistant Professor of Computer Science in the School of Engineering at the University of Virginia, is the real thing when it comes to cracking cases in the insidious world of cybercrime.

In his first 11 months at UVA Engineering, Kwon secured $937,000 in grants and awards. He received three U.S. National Science Foundation grants worth more than $800,000 to study and develop methods to identify and protect systems from hacking and malware, as well as build a reliable and robust data information sharing network. He also received $125,000 from the U.S. Office of Naval Research to work on new forensic capabilities that can track fine-grained activities in complex modern applications, like today's web browsers, to help understand damages attackers make and then protect the systems from future assault.

Digital attacks are on the rise.  As the world becomes more digitally connected, systems and devices become more vulnerable too. A 2018 report by the Center for Strategic and International Studies and software security company McAfee estimated that nearly $600 billion is lost annually to cybercrime, up from $445 billion in 2014. The report said the increase might be attributed to more sophisticated malware technologies.

"Manually patching the vulnerabilities cannot keep up with the emerging cyber-attack trend," Kwon says. "In the department of Computer Science at UVA, we are developing automated techniques that analyze insecure programs and make them secure."

Understanding how to build sophisticated, automated response systems to counter malicious intent means understanding how hackers think and what motivates them. In addition, Kwon studies the forensics about how attacks happen in the first place. Like a true detective, he analyzes attackers' intentions and combs code to look for digital fingerprints that might point to a culprit. "We are developing precise information-flow techniques for forensic analysis to uncover such details," he says.

One of Kwon's projects, involving collaborators at Georgia Tech and the University of Georgia, is titled Doctor WHO: Investigation and Prevention of Online Content Management System Abuse. Kwon and his colleagues will analyze web content management system frameworks for sinister malware that lay in wait inside the systems, virtually invisible until they unleash their destruction. In a three-pronged approach, the team will develop a prediction framework called TARDIS, which will discover attacks and pinpoint their origins. The team will then create Torchwood, an engine that can analyze highly dynamic malware targeting content management systems. Finally, the team will create UNIT, which will build a fortress around content management systems by automatically hardening and securing the systems, protecting them from future attacks.

Kwon's work also is aimed at improving the quality and reliability of data analysis. This is increasingly important in today's society, where the continuous advancement of technology brings the possibility of more collaborations between researchers, businesses, and health care organizations through shared data and analysis.

"While the outcomes of this kind of collaboration have the potential to paint clearer pictures, there are also many risks," Kwon says.

As an example, medical professionals can boost their understanding of clinical trial results by examining various trials from multiple organizations using many different data collection sources, like digital sensors and surveys, and then pooling that data for analysis. This has the potential to improve treatment options and accelerate research.

"While a vast amount of data collected from various sources brings us benefits, it imposes, at the same time, an important challenge of ensuring trustworthiness and quality of data due to the integration of data from various sources," Kwon says.  "Faulty, improperly configured, or broken sensors, as well as buggy or compromised data, can severely affect the quality of data and the analyzed results."

UVA Engineering professor of computer science Yonghwi Kwon works with his lab to build automated systems for uncovering malware and destroying it. 

Kwon and his team are working to develop an infrastructure that protects the integrity of data, and the subsequent analyses, coming from multiple sources. They will track the communication of data as it's moving from system to system so they can understand how information is shared, accessed, and manipulated across multiple devices, networks, and organizations.

In addition to securing funding to launch his lab, Kwon also advised UVA's National Collegiate Cyber Defense Competition student team. Last March, the team earned its second consecutive national championship.

 "We have seen many cold cases in real-world crime investigations because of, mostly, missing and weak evidence. We definitely do not want to see those in the cyber world. We want to provide fundamental capabilities to catch cyber criminals and secure society in the end," Kwon says.

"My ultimate goal is to make our society safer and resilient to advanced attackers."


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account