Computer Science Professor Brings the Skills of a Detective to Combat Cyber Attacks

Yonghwi Kwon’s grants from the National Science Foundation and the Office of Naval Research are aimed at developing automated systems for detecting and thwarting malware.

Sherlock Holmes, Miss Marple, Sam Spade, Columbo, Yonghwi Kwon, Magnum PI, Veronica Mars ...

If you can pick a name out of this list that doesn’t fit with the fictional detectives, you may be onto something.

Yonghwi Kwon, the John Knight Career Enhancement Assistant Professor of Computer Science in the University of Virginia’s School of Engineering, is the real thing when it comes to cracking cases in the insidious world of cybercrime.

In his first 11 months at UVA Engineering, Kwon secured $937,000 in grants and awards. He received three National Science Foundation grants worth more than $800,000 to study and develop methods to identify and protect systems from hacking and malware, as well as build a reliable and robust data information-sharing network.

He also received $125,000 from the U.S. Office of Naval Research to work on new forensic capabilities that can track fine-grained activities in complex modern applications, like today’s web browsers, to help understand damages attackers cause and then protect the systems from future assault.

Digital attacks are on the rise. As our world becomes more digitally connected, our systems and devices become more vulnerable, too. A 2018 report by the Center for Strategic and International Studies and software security company McAfee estimated that nearly $600 billion is lost annually to cybercrime, up from $445 billion in 2014. The report said the increase might be attributed to more sophisticated malware technologies.

“Manually patching the vulnerabilities cannot keep up with the emerging cyber-attack trend,” Kwon said. “In the Department of Computer Science at UVA, we are developing automated techniques that analyze insecure programs and make them secure.”

Understanding how to build sophisticated, automated response systems to counter malicious intent means understanding how hackers think and what motivates them. In addition, Kwon studies the forensics about how attacks happen in the first place. Like a true detective, he analyzes attackers’ intentions and combs code to look for digital fingerprints that might point to a culprit. “We are developing precise information-flow techniques for forensic analysis to uncover such details,” he said.

One of Kwon’s projects, involving collaborators at Georgia Tech and the University of Georgia, is titled “Doctor WHO: Investigation and Prevention of Online Content Management System Abuse.” Kwon and his colleagues will analyze web content management system frameworks for sinister malware that lies in wait inside the systems, virtually invisible until it unleashes its destruction. In a three-pronged approach, the team will develop a prediction framework called TARDIS, which will discover attacks and pinpoint their origins. The team will then create Torchwood, an engine that can analyze highly dynamic malware targeting content management systems. Finally, the team will create UNIT, which will build a fortress around content management systems by automatically hardening and securing the systems, protecting them from future attacks.

Kwon’s work also is aimed at improving the quality and reliability of data analysis. This is increasingly important in today’s society, where the continuous advancement of technology brings the possibility of more collaborations between researchers, businesses and health care organizations through shared data and analysis.

“While the outcomes of this kind of collaboration have the potential to paint clearer pictures, there are also many risks,” Kwon said.

As an example, medical professionals can boost their understanding of clinical trial results by examining various trials from multiple organizations using many different data collection sources, like digital sensors and surveys, and then pooling that data for analysis. This has the potential to improve treatment options and accelerate research.

“While a vast amount of data collected from various sources brings us benefits, it imposes, at the same time, an important challenge of ensuring trustworthiness and quality of data due to the integration of data from various sources,” Kwon said.  “Faulty, improperly configured, or broken sensors, as well as buggy or compromised data, can severely affect the quality of data and the analyzed results.”

Kwon and his team are working to develop an infrastructure that protects the integrity of data, and the subsequent analyses, coming from multiple sources. They will track the communication of data as it’s moving from system to system so they can understand how information is shared, accessed and manipulated across multiple devices, networks and organizations.

In addition to securing funding to launch his lab, Kwon also advised UVA’s National Collegiate Cyber Defense Competition student team. Last March, the team earned its second consecutive national championship.

“We have seen many cold cases in real-world crime investigations because of, mostly, missing and weak evidence,” he said. “We definitely do not want to see those in the cyber world. We want to provide fundamental capabilities to catch cyber criminals and secure society in the end.

“My ultimate goal is to make our society safer and resilient to advanced attackers.”