Trojan horse; firewall; ransomware: it is no coincidence that these terms sound as though they are describing a war zone. Cyber systems in every industry are the site of a constant (and often invisible) battle. That’s why emerging cyber security professionals need to be trained not only in the best practices and theories of cyber security, but also in the ability to out-think and outmaneuver the enemy at the (virtual) gate.
“Attackers are very sophisticated, and no matter what you do they always come up with new technology or a new way of using the same technology to always be one or two steps ahead,” said Assistant Professor of Computer Science Gaby Dagher. “So the only way for us to be able to be ahead of them is to think like that.”
Dagher is determined to empower the next generation of students with adversarial, game theory-based education. The National Science Foundation also supports this mission, and recently awarded Dagher’s research with a grant of $400,000.
Over the course of the next three years, principal investigator Dagher and Boise State faculty colleagues Amit Jain, Sara Hagenah and Jidong Xiao will create curriculum modules and Virtual Machines (web files that behave like actual computers and can stand in for other operating systems or environments) that will offer students real-world cyber problems and hands-on practical skills. Most notably, the researchers will also be incorporating game theory and multi-role approaches to teach students how to think like their cybersecurity adversaries.
“We want to try to educate the students to be creative,” Dagher said. “Game theory is the core for adversarial thinking. There are multiple game theory approaches that fit right away into cybersecurity. So we’re going to try to use game theory, embed that with the cybersecurity tasks that we give the students in order for them to learn how to basically play in a game-theory perspective, and win the game as well.”
With the support of the NSF, Dagher will also be able to hire Boise State computer science students with an interest in cybersecurity to help build these modules and virtual machines, and gain professional experience.