Networking and Cybersecurity

Overview

Networking and cybersecurity division

The prevalence and interdependence of cybersecurity, networking and social systems informs the research and development agenda of the Networking and Cybersecurity Division. Our research is focused on understanding the underlying internet, the theory and practice of distributed computing, approaches to analyzing vulnerabilites and scientific methods to modeling, experimenting and evaluating critical infrastructure systems.

The division is engaged in a broad program of research and development applied to pressing problems. The research agenda evolves as the field adapts to the changes in cyberspace today and in the future. We are increasingly engaged in multi-discipline research with colleagues across ISI and in the greater research community. Specific areas of interest include:

NETWORK AND SECURITY MEASUREMENT, ANALYSIS AND DEFENSES

We research methods to observe and collect network and network security data and behaviors. These methods are used to develop novel networking capabilities and network defenses.

NETWORK INFRASTRUCTURE SUPPORTING SCIENCE AND OPERATIONS

Network infrastructure that fosters network and cybersecurity enabled collaborations, driving discovery in science for research, education communities, and internet users domestically and internationally.

RESEARCH, METHODS AND INFRASTRUCTURE FOR CYBER EXPERIMENTATION

Valid scientific experiments are required to accurately evaluate and assess network systems. Conducting these experiments necessitates modeling muliple, complex network, environmental, traffic, and behavioral effects and systems. Our work creates models, experimentation frameworks, tools and approaches to enhance the science of cyber experimentation and make the experiments reusable, repeatable and robust.

SOCIAL ENGINEERING ATTACKS

Social engineering attacks such as phishing and impersonating are on the rise because often an organization's weakest link in security is the human in the loop. By leveraging the metadata from communication channels, and using techniques to redirect attackers, we can produce new methods for detection and fingerprinting campaigns across multiple attempts.

BINARY PROGRAM ANALYSIS, VULNERABILITY DISCOVERY AND REVERSE ENGINEERING

Binary program analysis is the process of analyzing software programs in their binary form, also called "executable." Our work focuses on reverse engineering to search for vulnerabilities in software that is released without source-code, and to assess the security of software products.

MODELING HUMAN BEHAVIOR FOR CYBERSECURITY AND SOCIAL SIMULATION

Human behavior is a key determining factor in assessing the effectiveness of an organization's cyber defenses, including its policies. Our current research aims to observe and model important aspects of human behavior in order to predict likely reponses to security posture and the evolution of information in online social networks.

THEORY AND PRACTICE OF DISTRIBUTED COMPUTING

Understanding the foundations of distributed computing is important for the design of efficient computational techniques across all scientific fields. As a consequence of failures and the asynchrony pervasive in distributed systems, many problems that are trivial to solve sequentially are impossible or infeasible to solve in a distributed fashion, thus presenting us with problems of deep intellectual yet practical interest.