Photo of Chao Zhang

Internet & web

Chao Zhang

He learns from attackers to implement automated cybersecurity defense solutions

Year Honored
2018

Region
China

In the field of cybersecurity, attackers and defenders are always engaged in an unfair competition. As the scale and complexity of networks and systems increase, defenders need to design defensive measures from many perspectives; taking consideration of performance, compatibility, and proactive defense against unknown vulnerabilities. But attackers only need to find one weak spot to break through. The current defensive methods rely heavily on humans and their degree of automation needs to be improved.

Chao Zhang, an associate professor of the Institute for Network Sciences and Cyberspace at Tsinghua University, is interested in software and system security. He proposed an in-depth defense system consisting of three layers: vulnerability discovery, program integrity protection, and automated defense.

The fundamental idea of these three layers is to give priority to discovering and fixing vulnerabilities before an attack, then to protect the integrity of program states by enforcing the indirect control transfers in applications to only flow to legitimate targets, and lastly, automating the defense solutions by learning how to attack and how to find weak spots in current defense systems.

Through learning from attackers, this approach is more proactive than traditional defense solutions and can be more active in defending against unknown threats.

In addition to traditional program analysis and testing techniques, Zhang also tries to explore emerging technologies like machine learning. He believes that AI can automate the defense system so that it could autonomously identify potential safety issues, assess security risks, and build a rapid response solution. This will further reduce the reliance on security analysts and improve the automation level of cybersecurity defense.

Zhang’s ultimate goal is to develop an automated intelligent defense system that could learn from attacks and respond accordingly to protect itself and target applications. A more secure cyberspace will empower the development of every industry and improve overall social productivity.