Current Research
What is software misconfiguration?
Software misconfiguration is the failure to properly configure security settings leaving systems or applications vulnerable to attack or unauthorized access. In other words, when a software system is not set up properly to keep it safe from bad actors.
My role in this
Software systems operate on static configurations over an extended period. This increases the likelihood of successful attacks on misconfigured software if not fixed early. My AICSIL Lab will leverage Artificial Intelligence, machine learning, deep learning, and bio-inspired algorithms to implement dynamic Moving Target Defense (MTD) solutions to safeguard misconfigured software against adversarial attacks.
​
​
​
​
​
​
We will primarily focus on developing various MTD strategies and enhancing their efficiency using nature-inspired algorithms, including those rooted in game-centric Reinforcement Learning approaches. Moreover, we'll delve into devising MTD methods tailored for defensive measures across diverse cybersecurity sectors, such as IoT security,
Malware, and Cloud Security, among others.
​
​
​
About Moving Target Defense
What is MTD?
It is a military strategy of dynamic defense from opponents translated to the cybersecurity world. In MTD, we constantly change the attack surface of a system more difficult for attackers to find and exploit vulnerabilities. In analogy, consider a game of tag. When you play tag, you run around and try to avoid getting tagged by the person who is “it” making it difficult for the person to tag you. Similarly, any misconfigured software applications resulting from bad parameter settings (attack surface) can be prevented from getting exploited if MTD is in place.
​
​
​
​
MTD is a fairly new research paradigm that started in early 2010 and has been widely used in network security, application, and software security, and many more. However, using MTD for misconfigured software applications is still in its infancy.
​
My approach to MTD
I will combine my expertise in ML, especially building a single-player game using Reinforcement Learning, Bio-inspired algorithms, and software configurations to develop cutting-edge game-based MTD solutions for all areas of cybersecurity starting with misconfigured software.
​
​
​
​
​
​
​
​
​
​
​
​
A road map
The following is a preliminary roadmap for the development of proactive defense solutions. Thrust 1 and 2 aim to build adaptive, low-cost, and high-performing game-based MTD solutions for software systems that can intelligently learn the system's security conditions and attacker's action to provide both advanced security defense as well as unhindered service availability to the users. Building upon these foundations, Thrust 3 focuses on the creation of distributed and lightweight proactive defense solutions for IoT-based systems such as military tactical systems, smart homes, and smart grids.
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
Contact
I'm always looking for new and exciting opportunities. Let's connect.