Algorithmic vulnerabilities, or the emerging hacking threat, can do a lot of damage on computer systems. It is considered as more complex, more challenging to detect and more effective at damaging different nation’s computer systems.
Additionally, it is extremely hard to detect with the existing security technology according to the Dyman & Associates Risk Management Projects.
These attacks can only be achieved by hackers hired by nation states which have resources essential to mount them, but perhaps not for very long.
Computer scientists at the University of Utah and University of California, Irvine are given $3 million by the U.S. Department of Defense to produce software that will detect or fight future cyberattacks.
The University of Utah team will be composed of 10 faculty members, postdoctoral and graduate students. Of the $3 million grant, which is over four years, $2 million will go to the Utah team and $1 million to the Irvine team.
The project is funded by the Defense Advanced Research Projects Agency (DARPA) in a new program called STAC, or Space/Time Analysis for Cybersecurity.
The team is tasked with creating an analyzer that can fight so-called algorithmic attacks that target the set of rules or calculations that a computer must follow to solve a problem.
The analyzer needs to perform a mathematical simulation to predict what’s going to happen in case there is an attack and it must conduct an examination of computer programs to detect algorithmic vulnerabilities or “hot spots” in the code. It is more like a spellcheck but for cybersecurity.
University of Utah’s associate professor of computer science and a co-leader on the team, Matt Might said that the military is looking ahead at what’s coming in regards of cybersecurity and it seems like they’re going to be algorithmic attacks. He also stated that the current state of computer security is a lot like doors unlocked into the house so there’s no point getting a ladder and scaling up to an unlocked window on the roof.
"But once all the doors get locked on the ground level, attackers are going to start buying ladders. That's what this next generation of vulnerabilities is all about."
Hackers will make use of programmers’ mistakes while creating their programs on the software. For instance, the software will get a programming input crafted by a hacker and use it without automatically validating it first which can result in a vulnerability giving the hacker access to the computer or causing it to leak information.
Algorithmic attacks are very different since they don’t need to find such conventional vulnerabilities. For instance, they can secretly track how much energy a computer is utilizing and use that information to gather sensitive data that the computer is processing, or they can secretly track how an algorithm is running within a computer. These attacks can also drive central processing unit (CPU) to overwork, or they can disable a computer by forcing it to use too much memory.
Suresh Venkatasubramanian, who is also a co-leader from the team, states that these algorithmic attacks are very devious because they could exploit weaknesses in how resources like space and time are utilized in the algorithm.
Algorithmic attacks are really complex, costly, and use the most amount of time, so most hackers these days are not using this kind of attacks however, they take the easier route of exploiting current vulnerabilities.