UNIVERSITY PARK, Pa. — College of Information Sciences and Technology researchers delivered a total of five talks at two of the world’s premier cybersecurity conferences this summer. They presented their research at the hacking and computer security events DEF CON China in Beijing in May, and Black Hat USA and DEF CON USA, both held in Las Vegas in August.
Each conference accepts talks based on the impact of the works and reputation of the speakers, according to Xinyu Xing, assistant professor of IST.
“To my knowledge, this is the first time that Penn State researchers have been selected to give talks in both of these two most prestigious security conferences in the same year,” said Xing.
Wenbo Guo, a doctoral student in the College of IST, presented a total of three talks at the conferences: “Scrutinizing the Weakness and Strength of AI Systems” and “Facilitating Postmortem Program Analysis with Deep Learning” at DEF CON China in May, and “Battle in Adversarial Machine Learning” at DEF CON USA in August. The DEF CON USA talk was associated with an AI/security contest co-hosted by GeekPwn and DEF CON USA, in which only five teams worldwide are selected to present.
“The reason that we were invited to DEF CON USA is that our technique is different from other teams,” said Guo. “More specifically, our explanation-based, attack and defense approach represents a new direction in the field of building a secure deep learning system. For Penn State, it means that our cybersecurity team leads the technology development of AI and security.”
“Other organizations devote more energies on academic problems,” added Xing. “We put our efforts on real-world problems that are of interest to both academia and industry. This gives our students a more practical experience.”
Xing, along with College of IST visiting scholar Wei Wu and other members of their inter-university research team, also presented research at Black Hat USA. Their paper — “From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities” — provides a framework for security professionals to prioritize vulnerabilities based on how easily they can be exploited.
“Writing a working exploit for a vulnerability [to a software system] is generally challenging, time consuming, and labor intensive,” said Xing. “This project could significantly reduce the efforts needed for exploit development.”
Another research team, comprised of Peng Liu, the Raymond G. Tronzo, MD Professor in Cybersecurity; Feng Xiao, doctoral student in the College of IST; and Jianwei Huang of Wuhan University, presented “Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller” at DEF CON USA. The research proposes a new attack that can introduce serious security risks to the controller of software-defined networks, which are widely deployed in production environments.
“This attack, once being exploited by malicious attackers, will cause great loss in enterprises, governments and telecoms,” said Xiao.
The selection of five research project presentations at two leading cybersecurity conferences supports the College of IST’s new cybersecurity analytics and operations major, which launched in fall 2017.
“Having five presentations selected by Black Hat and DEF CON in the same year clearly indicates that IST has remarkable strengths in the field of cybersecurity,” said Liu. “We have been exploring creative ways to help students in this major better leverage these strengths. For example, some of our courses already make smaller-scale capture the flag contests part of the syllabuses.”
“Participation in these conferences will help our students to involve more hands-on cybersecurity research and course works,” concluded Xing.