New research method identifies stealth attacks on complicated computer systems

New research method identifies stealth attacks on complicated computer systems

Blacksburg, Virginia, October XX, 2015 ­ – Imagine millions of lines of instructions. Then try and picture how one extremely tiny anomaly could be found in almost real-time and prevent a cyber security attack.

Called a “program anomaly detection approach,” a trio of Virginia Tech computer scientists have tested their innovation against many real-world attacks. One type of attack is when an adversary is able to remotely access a computer bypassing authentication such as a login screen. A second example of attack is called heap feng shui where attackers hijack the control of a browser by manipulating its memory layout. Another example of attack is called directory harvesting where spammers interact with vulnerable mail servers to steal valid email addresses. The prototype developed by the Virginia Tech scientists proved to be effective and reliable at these types of attacks with a less than 0.01 percent false positive rate.

Their findings are reported today in an invited presentation at the 22nd Association of Computing Machinery (ACM) Conference on Computer and Communications Security, Denver, CO, Oct 12-16, 2015.

“Our work, in collaboration with Naren Ramakrishnan, is titled, “Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths,” said Danfeng (Daphne) Yao, associate professor of computer science at Virginia Tech. Xiaokui Shu, a computer science doctoral student of Anqing, China, advised by Yao, was the first author.

“Stealthy attacks buried in long execution paths of a software program cannot be revealed by examining fragments of the path,” Yao, who holds the title of the L-3 Communications Cyber Faculty Fellow of Computer Science, said.

Yao explained, “Modern exploits have manipulation tactics that hide them from existing detection tools. An example is an attacker who overwrites one of the variables before the actual authentication procedure. As a result, the attacker bypasses critical security control and logs in without authentication.”

Over time, these stealthy attacks on computer systems have just become more and more sophisticated.

The Virginia Tech computer scientists’ secret formula in finding a stealth attack is in their algorithms. With specific matrix-based pattern recognition, the three were able to analyze the execution path of a software program and discover correlations among events. “The idea is to profile the program’s behavior, determine how often some events are supposed to occur, and with which other events, and use this information to detect anomalous activity” said Ramakrishnan.

“Because the approach works by analyzing the behavior of computer code, it can be used to study a variety of different attacks” added Yao. Their anomaly detection algorithms were able to detect erratic program behaviors with very low false alarms even when there are complex and diverse execution patterns.

Yao and Ramakrishnan have lengthy portfolios in the study of malicious software and data mining.

In 2014, Yao received a U.S. Army Research Office Young Investigator award to detect anomalies that are caused by system compromises and malicious insiders. This award allowed her to design big data algorithms that focused on discovering logical relations among human activities. In 2010 she won a National Science Foundation CAREER award to develop software that differentiated human-user computer interaction from that of malware, commonly known as malicious software.

Ramakrishnan, who holds the Thomas L. Phillips Professorship of Engineering, directs Virginia Tech’s Discovery Analytics Center, supported by the Institute for Critical Technology and Applied Science . A Distinguished Scientist of the ACM, Ramakrishnan has concentrated his research on data mining, the science of processing massive quantities of data to discover patterns and to produce new insights.

The Office of Naval Research and the Army Research Office supported this new work.



Dr. Yao
Dr. Yao


Dr. Ramakrishnan
Dr. Ramakrishnan

Read More

Russian flu project wins funding from National Endowment for the Humanities

Virginia Tech has received a grant of $175,000 from the National Endowment for the Humanities (NEH) for research about the Russian flu epidemic of the late 19th century.

The project, a collaboration with Leibniz Universität Hannover in Germany, will examine medical discussion and news reporting during the epidemic, from its outbreak in late 1889 through successive waves that persisted well into 1893. Separate funding to Leibniz brings the total project research budget to more than $315,000.

Titled “Tracking the Russian Flu in U.S. and German Medical and Popular Reports, 1889-1893,” the project will collect English- and German-language reports from digitized newspapers and medical journals to create the first comprehensive searchable documentation of the disease.

The data will be used to extract facts and timelines, investigate medical and public reaction to the epidemic, and research how medical knowledge was disseminated through popular reporting.

“This project on the Russian flu exemplifies the commitment to cross-disciplinary, collaborative, and technologically astute humanities scholarship at Virginia Tech,” said Elizabeth Spiller, dean of the College of Liberal Arts and Human Sciences. “I am particularly pleased to see the central role that Virginia Tech undergraduates will play in the creation of new knowledge, a distinctive feature of so many of our undergraduate majors.”

Virginia Tech participants in the project include Tom Ewing, associate dean in the College of Liberal Arts and Human Sciences and professor in the Department of History; Aditya Prakash, assistant professor in the Department of Computer Science and an affiliated faculty member at the Discovery Analytics Center; and Amy Nelson, associate professor in the Department of History and Innovation Catalyst Group Faculty Fellow in Technology-enhanced Learning and Online Strategies.

Read the full story here.


Aditya Prakash
Aditya Prakash

Read More

Kirk Cameron illustrates the concept of parallel computing at the World Maker Faire

One of the centerpieces of the recent World Maker Faire in New York City was a giant cylindrical object studded with hundreds of translucent green electronic panels that waved around like leaves in the wind.  The object was SeeMore, an animatronic sculpture designed by sculptor Sam Blanchard and computer scientist Kirk Cameron to illustrate the concept of parallel computing.  Blanchard calls the project a “physical data visualization that demonstrates the changes occurring.”  The name is a reference to supercomputing pioneer Seymour Cray.  SeeMore is itself a parallel computer: each of SeeMore’s 256 translucent green “leaves” is a Raspberry Pi microcontroller attached to the main structure with a 90-degree reticulating motor.  The Raspberry Pis are all networked together to parse up and down a database of New York City public records.  When an individual Raspberry Pi was idle, its “leaf” would be held stationary against the main structure, and it would extend away when it was carrying out computations.  In this way, SeeMore embodies the process of parallel computing.  Blanchard says the goal of the installation was to “get us to stop thinking of computers in a black box.”

Read More


SeeMore Kirk Cameron
Kirk Cameron, Seemore, Sam Blanchard (SOVA), and Ebon Upton (Founder and CEO of Raspberry Pi Foundation).

Read More

Ali Butt to serve as general chair for IEEE MASCOTS 2015 conference

Professor Ali Butt will serve as general chair for the Institute of Electrical and Electronics Engineers (IEEE) MASCOTS 2015 conference in Atlanta, GA.  The 23rd International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems will bring together academics and industry practitioners to present and discuss their latest research results from October 4 to 7.  Read more about the conference here.


Dr. Butt
Dr. Butt

Read More

CS department represented at the Virginia Science Festival

The Virginia Science Festival, on September 26, 2015, featured hands-on experiences, live performances, and interactive demonstrations that inspired a wonder in science for all ages.  Professor Ed Fox represented the Department of Computer Science by hosting a table at the event.  Dr. Fox is the principle investigator on a NSF-funded project called IDEAL (Integrated Digital Event Archive & Library). The table was located inside the Moss Center for the Arts.  Dr. Fox in addition to volunteers Jieun Chon and Sunshin Lee (graduate research assistant) demonstrated their data and software.  The CS@VT team collected Post-It notes indicating what world event and community activity had greatest personal importance from individuals who stopped at the table.  The input, from the participants, will help guide gathering of tweets and webpages, and the development of improved methods for searching, browsing, analyzing, and visualizing the resulting Big Data collections.  The table engaged hundreds of visitors of all ages in citizen science.


Ed Fox - Science Festival photo 10.1.15


Read More

Department Accomplishments

Dear CS@VT Supporters,

I want to express my pride at having served the past 7 years as department head of CS@VT. I came to Blacksburg 7 years ago to a new job – to lead a group of faculty whom I judged to be highly collegial and collaborative with strong interdisciplinary interests. I was attracted to their energy and openness to change and self-improvement. I was quite excited to move to Virginia Tech and to start my new leadership position.

Over my years here, the department has faced many challenges including budget cuts. ABET accreditation assessments (new to us since we joined the College of Engineering), numerous faculty hiring interviews, expansion of our CS staff, and more recently steeply rising undergraduate enrollment, as is happening across the country.

At our annual retreat earlier this month, we reviewed our progress on our educational and research missions – here are some highlights:

  • In AY 2014-15 we graduated more than twice as many CS bachelor’s degrees than in 2008-09 (182 in AY2014-15)
  • Today we have more than twice as many CS majors today than in Fall 2008 (594 in Aug 2015)
  • Today we have 14% female CS majors as a 2 year average while in 2008 we had only 5%
  • Our number of Ph.D. degrees awarded annually is up to a 4 year average of 23
  • Our percentage female M.S. and Ph.D. degree awardees are well above CRA Taulbee national averages for CS depts in public universities (CS@VT: 28% MS, 28% Ph.D.)
  • Today we have more than double the total research funding that we had in fall 2008 (current $43.4M)
  • In FY15 we had almost 3 times the research expenditures per tenure track faculty member than in fall 2008 ($412,000 vs $150,000)

In addition, during the past 7 years we strengthened the graduate program by emphasizing research in our master’s program, and opting to concentrate on our Ph.D. productivity. We instituted annual student activity reports and Green Thursday – to make sure each Ph.D. student benefited from an annual review by the faculty as a whole. Recently, we created Draft Day to enable research groups to work together on graduate admissions. Also, we strengthened our involvement of undergrads in research, resulting in a larger VTURCS annual poster session with CSRC representatives and faculty serving as judges. CS@VT undergrads were finalists twice and won honorable mention 4 times during this period in the CRA Undergraduate Research Awards Competition.

Our faculty received many external honors including 2 Virginia Outstanding Faculty Awards, 4 ACM Distinguished Scientist awards and 1 ACM Distinguished Educator award. As a measure of our increased external visibility, it was wonderful last year to have the department rise 6 steps since 2008 to #40 in the USN&WR rankings.

All of these accomplishments are the result of the hard and effective work of the faculty, staff and students in our department. We should be very proud of our department!

A bit harder to measure but still very important to us, are our numerous activities supporting more gender diversity in faculty and students, and our mentoring programs both for CS students and faculty. We now have 21% female tenure-track faculty members, well above the national average of 17%. And we have between 16-17% women CS majors at our latest update (8/2015).  Our mentoring efforts should result in better retention of CS majors and increased faculty productivity.

But what really matters in a department are its people—its faculty, staff and students. And we are fortunate to have a wonderful, good-humored, productive community.

It has been an honor and privilege to be CS@VT department head. I realize that now, without even thinking about it, I talk about “my department” with a sense of pride and ownership; this feeling of identification with the department will not go away. As I “step down” as department head and rejoin the professorate, I am very proud of our accomplishments and optimistic about the department’s bright future.


Dr. Barbara G. Ryder

Former Head, Department of Computer Science

Byron Maupin Professor of Engineering



Dr. Ryder
Dr. Ryder

Read More

Google Faculty Research Award Recipients

Dongyoon Lee and Changhee Jung, assistant professors in computer science, have been selected for a Google Faculty Research Award.  The project is entitled “TxRace: Efficient Data Race Detection Using Commodity Hardware Transactional Memory”.   Read the full abstract below or click here:

Detecting data races in multithreaded programs is crucial for ensuring their correct execution, but the high runtime overhead prevents the wide use of dynamic data race detectors. We propose TxRace, a new software data race detector that leverages commodity hardware transactional memory (HTM) to speed up data race detection. TxRace instruments a multithreaded program to transform synchronization-free regions into transactions, and exploits the conflict detection mechanism of HTM for lightweight data race detection at runtime. However, the limitations of the current commodity HTMs expose several challenges in using them for data race detection: (1) frequent transaction abort due to non-conflict reasons (e.g., unknown or capacity), (2) lack of ability to pinpoint racy instructions, and (3) cache line granularity of conflict detection leading to false positives. To overcome such challenges, this proposal seeks to build an efficient, practical tool that performs lightweight HTM-based data race detection at first, and occasionally switches to slow yet precise data race detection only for small fraction of execution intervals in which potential races are reported.


Dr. Dongyoon Lee
Dr. Dongyoon Lee


Dr. Changhee Jung
Dr. Changhee Jung

Read More