According to studies on cyber threats, inadequate security configurations are blamed for networks vulnerabilities. In the case of the United States Air Force networks, the deficiencies related to security configurations account for up to 80% of the total vulnerabilities. This situation is widespread, as Michael Crouse, graduate student in Computer Science Associate points out. “Typically, administrators configure hundreds and sometimes thousands of machines the same way, meaning a virus that infects one could affect any computer on the same network,” he explained for BizJournals adding that there is a solution to overcome the threat.
“If successful, automating the ability to ward off attacks could play a crucial role in protecting highly sensitive data within large organizations.” Michael Crouse who was considered one of the “nation’s top new inventors” by Inventor’s Digest magazine and Errin Fulp, Computer Science Associate Professor came up with an algorithm inspired by genetics that helps developing better security configurations. The new model is based on diversity and aims to provide more security by allowing computers configurations to adjust as quickly as the threats do.
Generally, a cyber attack happens in two distinct phases. During the first one, the reconnaissance, a virus checks out the system and tries to determined the vulnerabilities in the defense mechanism. The second phase is the attack itself, based on the data collected in the first stage. Consequently, every change in the system could help the network preserve its integrity. “If we can automatically change the landscape by adding the technological equivalent of security cameras or additional lighting, the resulting uncertainty will lower the risk of attack,” explains Fulp.
The two researchers are planning to test their theories at the annual “hackathon” organized by the computer science department. The chance to find inspiration in nature for the human made problems and technologies will be put to the test and the results are more likely going to reshape the future cyber security strategy.