In the field of cybersecurity,
attackers and defenders are always engaged in an unfair competition. As the
scale and complexity of networks and systems increase, defenders need to design
defensive measures from many perspectives; taking consideration of performance,
compatibility, and proactive defense against unknown vulnerabilities. But attackers
only need to find one weak spot to break through. The current
defensive methods rely heavily on humans and their degree of automation needs to
be improved.
Chao Zhang, an associate professor
of the Institute for Network Sciences and Cyberspace at Tsinghua University, is interested in software and system security. He proposed an in-depth defense system
consisting of three layers: vulnerability discovery, program integrity
protection, and automated defense.
The fundamental
idea of these three layers is to give priority to discovering and fixing vulnerabilities before an attack, then to protect the integrity of program
states by enforcing the indirect control transfers in applications to only flow to
legitimate targets, and lastly, automating the defense solutions by learning
how to attack and how to find weak spots in current defense systems.
Through learning from attackers, this approach is more proactive than
traditional defense solutions and can be more active in defending against
unknown threats.
In addition to traditional
program analysis and testing techniques, Zhang also tries to explore emerging
technologies like machine learning. He believes that AI can automate the
defense system so that it could autonomously identify potential safety issues,
assess security risks, and build a rapid response solution. This will further
reduce the reliance on security analysts and improve the automation level of
cybersecurity defense.
Zhang’s ultimate goal is to
develop an automated intelligent defense system that could learn from attacks
and respond accordingly to protect itself and target applications. A more secure
cyberspace will empower the development of every industry and improve overall
social productivity.