Creating Defenses for the Next Generation of Cyberattacks

Capable of wreaking unimaginable havoc on our current computer systems, the next generation of cyber attacks will be stealthier, more sophisticated and incredibly difficult to combat. Bearing this, the U.S. Department of Defense has offered a team of computer scientists from the University of Utah and University of California, Irvine, a $3 million grant. The funds will be directed towards the development of new software and techniques capable of detecting and combating emerging vulnerabilities that are nearly untraceable with our current technology.

In full recognition of our digital age, the U.S. military not only focuses on the current state of national security, but also has its sights set on the horizon and what's coming next. It has considered so-called “algorithmic attacks” as the next major threat to cyber-security and has taken measures to equip the nation against this new kind of hazard. These algorithmic attacks are a growing concept of system infiltration that is quickly being perfected by hackers and hacking organizations. Such attacks target the set of rules or patterns that a computer follows when solving a problem. They have been sophisticated to the point that nation states rely on recruited skilled hackers to thwart such attacks.

The team of computer scientists is working on the creation of an analyzer - software that is capable of performing an audit of computer programs in order to identify algorithmic vulnerabilities in the code. By conducting a mathematical simulation of the software, the analyzer will be able predict what would happen in the event of an attack.

“Right now, the doors to the house are unlocked, so there's no point in getting a ladder and scaling up to an unlocked window on the roof,” says Matt Might, co-leader of the team and associative professor at the University of Utah. “But once all the doors get locked on the ground level, attackers are going to start buying ladders, that's what the next generation of vulnerabilities is all about.”

Conventionally, hackers exploit the mistakes that programmers make when creating a program. These are recognized as software vulnerabilities. For instance, if a hacker wished to gain access to a computer or withdraw information from it, they could issue a specifically crafted programming input which the software may run without validating, this would result in a successful vulnerability exploit.

But algorithmic attacks have no reliance on these sort of normal vulnerabilities. They are are uniquely malicious because they take advantage of how time and space are utilized in a computer algorithm. Such attacks are able to discretely monitor an algorithm, how it runs, or the amount of energy that a computer is processing and use this information gather data is being processed by the computer.

Most cyber attackers, however, don't and simply are not capable of conducting algorithmic attacks due to their intense complexity, extreme costs, and the massive time consumption of such attacks, so the the current use of algorithmic attacks is minimal. But the expanding occurrences and proof-of-concepts have drawn significant attention to these growing exploitation techniques that could, if left unprepared for, prove very chaotic in the near future.


Image: Flicker's Creative Commons

Top Posts | Software & Method Engineering