Earlier this month, UCSB’s Computer Security Group received a grant of $6.2 million from the U.S. Army Research Office to lead an intercampus collaboration to design a security system that can protect the government from hacker attacks.

The researchers will attempt to develop a system focused on maintaining situational awareness over a private network that will track possible vulnerabilities and threats, stop attacks-in-progress, predict future attacks and estimate the probable damage an attack would cause on any given machine.
According to Richard Kemmerer, a professor of computer science at UCSB and key researcher of the group, the researchers aim to allow administrators and security personnel to interact with this system through an immersive 3-D interface.

“We are talking about a [graphical user interface] of sorts, but rather than thinking of a computer screen or wall of screens, you should think of a fully immersible environment, such as a room that you can walk into and have a 360-degree horizontal and vertical representation of what is going on,” Kemmerer said. “With this visualization framework, you can model the attackers, the effects of their attacks and the possible responses by the good guys.”

Because they do not deal with ordinary criminals, researchers have to understand the unique context in which hackers and other cybercriminals operate. Kemmerer explained how an “underground economy” on the Internet made up of cybercriminals who work together to pool resources and trade and sell stolen information.

“The underground economy is just like a normal economy,” Kemmerer said. “Except that the goods rather than being corn, potatoes, et cetera, are stolen credit card numbers, bank account credentials and personal identity information.”

However, the Computer Security Group has previous experience with this “underground economy” in their work on botnets, networks of virus-infected computers transmitting sensitive information throughout the Web unbeknownst to the owners of the actual physical machines.

After a computer is infected and added to the network, cybercriminals have access to the credit card numbers, social security numbers or whatever else is stored on those machines.

In early 2009, the group, using fake hacker online personas, infiltrated one of the largest and most infamous botnets, Torpig.

During this investigation, they not only developed an understanding of how these botnets work, but also coordinated with law enforcement agencies, including the FBI, to inform the owners of the compromised bank accounts and other sensitive data that their information was floating around on the network.
The Computer Security Group is made up of computer science professors and graduate students within UCSB’s College of Engineering and is dedicated to designing, building and testing software security systems.

The group will be working in collaboration with UC Berkeley and the Georgia Institute of Technology, along with UCSB faculty members Tobias Höllerer, associate professor of computer science, and Joao Hespanha, professor and vice chair of electrical and computer engineering. 

In addition to this government research, the Computer Security Group has also released their research in the form of security tools available to the public.

“On the one hand, we’re academics, so our approach to problems is based on the scientific method and theoretical modeling,” Giovanni Vigna, computer science professor and Computer Security Group researcher said. “But we also have the skills and knowledge to be very practical and rooted in the real world. When we do research, it’s very applied and we create tools the whole world can use. Other academics do proofs of concepts, but we go a step further and actually build programs that people can use to protect themselves.” 

These tools are available at the Web sites Wepawet (www.wepawet.cs.ucsb.edu) and Anubis (www.anubis.iseclab.org), where users can determine whether a Web site is a security risk by entering its URL.