Find us On Facebook Twitter
News
news and events Events Energy Lectures Sustainability 2011 Sustainability 2010 Sustainability 2009 White Symposium Whiting Turner Lectures Current News News Archives Search News Press Coverage Press Releases Research Newsroom RSS feed Events Calendar events events

News Story

Current Headlines

UMD Announces Appointment of Schultheis to Lead New Regulatory Science Initiative

UMD Steel Bridge Team Meets Members of Congress at AISI Steel Day in DC

Hubbard Chosen for HistoryMakers Oral History Collection

Delivering Drugs to Inner Ear, Eyes, and Brain Made Easier with "Magnetic Syringe"

Vote to Support Team Mulciber in Wood Stove Design Challenge

BioE and Mtech Partner with Children's National Health System to Form Pediatric Device Consortium

NSF-Backed DC I-Corps Kicks Off First Cohort with 20 Federal Laboratory, University and Regional Inventors, Entrepreneur Teams

UMD Hosts 2nd Cybersecurity and Cybersafety Workshop for Girls

UMD Ranked Top Public School for Tech Entrepreneurship in 2013 StartEngine College Index

ECE Students Take Top Prize at Michigan Hackathon for Intelligent Trashcan

News Resources

Return to Newsroom

Search Clark School News

Research Newsroom

Press Releases

Archived News

Magazines and Publications

Press Coverage

Clark School RSS Feed

Events Resources

Clark School Events

Events Calendar

Bookmark and Share

Clark School's Cukier Provides IT Security Warning

Michel Cukier

Michel Cukier

Clark School researchers have released quantitative data on how hackers break into computers. Their work could change the way system administrators secure their computer systems.

Many in the computer security community have assumed for years that "port scans" precede actual attempts to hack into computers (in a port scan, the hacker tries to find the availability and potential weaknesses of the computer). While some of the largest corporations and government agencies have focused on similar issues, they have not released their findings.

The Clark School researchers, in an article published earlier this year at the Institute of Electronics and Electrical Engineers (IEEE) International Conference on Dependable Systems and Networks (DSN ’05), revealed that port scans precede attacks only around 5 percent of the time. More than 50 percent of attacks are not preceded by a scan of any kind. Hackers don’t necessarily look before they leap.

This means that security administrators may be using flawed assumptions to prevent attacks. Many IT administrators try first to detect scans and then take preventive measures to secure their networks. The research shows they may be acting too late to prevent the bulk of hacking attempts.

"We found that the confidence administrators have in their security solutions seems often to be misplaced," says Michel Cukier, assistant professor in the Center for Risk and Reliability in the Clark School's Department of Mechanical Engineering, and an affiliate of the university's Institute for Systems Research. "We now have scientifically derived data—we know what kinds of hackers attacked our research test-bed network and what they did once they broke into it—and we have made them available."

Further experiments conducted by Cukier include the measurement of the time separating scans from attacks, a longitudinal study of malicious activity recorded over one year, and a comparison between malicious activity from inside the University of Maryland with malicious activity from outside. The design and development of the test-bed collecting malicious activity has been led by Susmit Panjwani, a reliability engineering Ph.D. graduate student, with the help of several undergraduate students who conducted independent research studies.

While collecting the data, Cukier realized there is a need for a tool that checks for a wide range of host vulnerabilities for Windows computers. He and his team have developed "Ferret," an open-source software tool that checks for these weaknesses on Windows platforms.

December 6, 2005


Prev   Next

 

Clark School Home |  Current Students |  Prospective Students |  Departments |  News |  Site Map |  Contact Us |  Privacy Policy* |  UMD*
Copyright © 2011  University of Maryland | Note: an * next to a menu item or link means it goes to a page external to this website