ICS@PSU: Institute for CyberScience

News Archive

Published on October 18, 2017 by Erin Cassidy Hendrick

ICS affiliate helps ward against cyberattacks

When a computer system is compromised by a cybercriminal, chaos ensues. Not only have attackers accessed the data they’re after, they could also bring the everyday business processes to a grinding halt.

Thanks to new research from the Penn State College of Information Sciences and Technology (IST), there may be a new way to help organizations mitigate the wave of disruption left in the wake of a cyberattack.

The study, “Building an Active Cyber Defense Toolkit based on Actionable Impact Analysis in Cloud Computing,” is being spearheaded by Peng Liu, professor of IST, and is funded by a grant from the National Institute of Standards and Technology (NIST). Liu is an ICS affiliate.

Liu’s research focuses on identifying an organization’s mission impact, which are the theoretical effects of a cyberattack on everyday business processes. Liu used the example of LionPATH, Penn State’s online student hub for managing tuition payments, grade reporting, and a variety of student services.

“When a hacker is attacking a computer network like LionPATH, the real purpose may not be to affect those business processes,” Liu explained.

The attacker’s primary goal is usually to capture data, but it’s quite likely the business processes would be disrupted from a successful intrusion.

Said Liu, “The motivation of this project is to more quantitatively assess those types of indirect impacts.”

The need for this kind of preparation is heightened, as nearly all organizations across every industry are readily adopting cloud computing technologies.

“A virtual network introduces some new vulnerabilities. Therefore, an attack will exploit them,” Liu said.

This research aims to address an existing gap of knowledge, as the cybersecurity analysts who are trained to identify and thwart cyberattacks aren’t usually familiar with the day-to-day businesses systems and how they could be affected.

“On the other side are the people responsible for those things, like accountants, but they aren’t able to detect a cyberattack themselves,” Liu explained.

However, those managing the daily processes are often the first to know when a disruption occurs, such as a payment system crashing. Liu plans to create a tool that can merge the two priorities to automatically determine which business processes can be affected in the event of a hack and how to quarantine the effects.

In the example of payment systems, Liu notes, the tool could potentially identify that if payment information is contaminated, the overarching system may not be able to accept payments or may invoice incorrect amounts.

This proactive mindset also adds an additional layer of resiliency to an organization, helping them regain control of their systems and resume business as usual.

In an environment where cyberattacks are becoming increasingly prevalent, the application of this tool can help fortify an organization’s security by directly using log data as an input, thus making the impact analysis mostly automatic.”

Concludes Liu, “This research is a critical step forward.”

This article originally appeared on Penn State News and has been modified to clarify Peng Liu’s connection with ICS. Read the original here: http://news.psu.edu/story/488262/2017/10/16/research/ist-research-help-ward-against-cyberattacks

Penn State Institute for CyberScience

Help us build the future. Contact ICS at Penn State.

  • email: ics@psu.edu
  • phone: ICS-ACI Support (i-ASK Center): 814-865-4275 | General Inquiries: 814-867-1467

October 2017

SuMoTuWeThFrSa
1234567
891011121314
15161718192021
22232425262728
293031 
  • Oct 17, 2017 - Oct 18, 201710:00 am - 3:00 pm

    Materials Day 2017: Hot Topics in Materials

    This October, Materials Day 2017 will dig deep into a number…

    More Info
  • Oct 4, 2017 - Oct 6, 201712:00 pm

    COMPASS Science Communication Seminars

    COMPASS and the Institutes of Energy and the Environment (IE…

    More Info
  • Oct 27, 20173:00 pm - 4:30 pm

    ICS-ACI Training Series – Intro to HPC

    Do you need high-performance computing for your research pro…

    More Info
  • Oct 20, 20173:00 pm - 4:30 pm

    ICS-ACI Training Series – Intro to HPC

    Do you need high-performance computing for your research pro…

    More Info
  • Oct 5, 20171:30 pm - 3:00 pm

    CyberScience Seminar: Using Machine Learning to Forecast Student Outcomes

    For a variety of reasons, some college students are likely …

    More Info
  • Oct 4, 20174:00 pm - 6:00 pm

    COMPASS Science Communication Plenary

    COMPASS and the Institutes of Energy and the Environment (I…

    More Info
  • Oct 3, 2017 - Oct 4, 201711:00 am - 4:30 pm

    XSEDE HPC Workshop: MPI

    This workshop is intended to give C and Fortran programmers …

    More Info
  • Oct 12, 201712:00 pm - 1:00 pm

    Social Data Analytics Workshop Series: Data Structures and Subsetting in R

    In this workshop, we will finally move beyond the basic func…

    More Info
  • Oct 13, 20174:00 pm - 5:00 pm

    Stochastic Computations Working Group: “Parameter estimation using linear response statistics: Theory and numerical scheme”

    Join ICS Associate John Harlim and Xiantao Li for their bi-w…

    More Info
  • Oct 26, 201712:00 pm - 1:00 pm

    Introduction to Data Science with R Workshop: Functions

    In this workshop, we will start to think about writing R cod…

    More Info