In This Story
Cyber attackers are constantly finding new ways to get around defense systems and complex code. But how successful can they be when their target isn’t where they think it is?
Kun Sun, a George Mason University professor in the Department of Information Sciences and Technology and associate director of the Center for Secure Information Systems (CSIS), studies what’s known as Moving Target Defense (MTD) to thwart attempted cyber attacks, among his many projects for the Office of Naval Research (ONR).
“The great thing about MTD is it’s proactive. I'm shifting the target, such as the IP address, from time to time, so it's hard for you to know where I’m holding my valuable asset,” he said, “The attacker can scan using powerful tools, so moving is important.”
Sun added that attackers can scan quickly to locate targets, so those trying to hide their systems–in this case the U.S. Navy–can add another layer of protection in the form of a decoy. “We will build something resembling a real system, such as a domain name server or a website. One thing this does is waste their time as the attacker scans and then tries to determine if this is a real or fake system,” he said. While attackers are engaged in that, the actual asset can be moved again.
Sun said that a decoy also allows the military to learn the attacker’s strategy and their technology. As the attacker attempts to move around and navigate the systems they believe they have infiltrated, experts on the other side learn malicious strategy from what they are doing. In addition, this helps identify and stop what are known as “Zero-Day attacks,” which exploit a previously unknown software or hardware vulnerability.
A related subterfuge relies on disinformation, allowing an attacker to believe that what they have found is valuable. “They grab it and steal it and what we’re doing is feeding them wrong information.”
Sun also has funding to examine software supply chain security. While the Defense Advanced Research Projects Agency (DARPA) previously had “capture the flag” challenges that required automated detection of software vulnerabilities and bugs, the goal of such competitions now is to automatically identify and fix those problems. Sun recently presented findings on such efforts in a paper at the prestigious ACM Conference on Computer and Communications Security, where George Mason led the field with ten published papers.
Sun’s research contributions are widely recognized. He won the George Mason Presidential Award for Faculty Excellence in Research in 2022. And last month a group of students from his CSIS took first place in the Naval Surface Warfare Center Dahlgren Division (NSWCDD) Cyber Resiliency and Measurement Challenge.
Sun continues to advance the cyber security field, paving the way for a safer, more resilient digital world—one step ahead of those who seek to compromise it.