When I first conceived the idea for this web site, I wanted to express a holistic, systematic and dynamic approach to designing and operating a secure environment. I had some practical experience to go by and was following the trends in technology that I felt could make a difference in combatting cyber threats of all types. So when I saw Professor Xu present at a recent conference my ears perked up. He was describing what I had generally conceived but he was pointing to a variety of theoretical and scientific methods to build up his notion of Cybersecurity Dynamics. I was definitely intrigued with this convergence of practice and theory and wanted to learn more. It appears that Proessor Xu is also applying his theory on Cybersecurity Dynamics as evidenced by the win by his team of the University of Texas at San Antonio (UTSA) at the recent AICS 2019 Challenge sponsored by MIT Lincoln Labs.  So read the interview below to learn more about this interesting research by Professor Xu and how it is likely to have a broad impact on cybersecurity education, research, and practice in the coming years. 

Spotlight on Professor Shouhuai Xu

» Title: Professor Shouhuai Xu, Department of Computer Science, University of Texas at San Antonio (UTSA), founding Director of the Laboratory for Cybersecurity Dynamics at UTSA:
» Website:  www.cs.utsa.edu/~shxu
» LinkedIn:  linkedin.com/in/shouhuai-xu-95b576

Read his bio below.


February 14. 2019

Chris Daly, Active CyberTM: Your on-going research into dynamical cyber systems is quite broad and ambitious. Please describe your overall vision of dynamical cyber systems. What efforts or discoveries inspired you to follow this path of research and where has it led you today?

Professor Shouhuai Xu, Department of Computer Science, University of Texas at San Antonio (UTSA), founding Director of the Laboratory for Cybersecurity Dynamics at UTSA:  I envision that Cybersecurity Dynamics will be the foundation for understanding, quantifying and managing cybersecurity from a holistic perspective. The notion of Cybersecurity Dynamics was inspired by, among other things, the notion of “Indistinguishability” in Cryptography, which is the most fundamental concept underlying the modern science of Cryptography. At this point, we have made substantial progress on three fronts:

  • Cybersecurity First-Principle Modeling: We have established some basic frameworks for understanding whether or not, and when, cybersecurity will be manageable and measurable.
  • Cybersecurity Data Analytics: We have established some basic frameworks for forecasting cyber threats hours ahead of time, similar to weather forecasting.
  • Cybersecurity Metrics: We have systematized the gap between the current body of metrics and where we need to be. We have been systematically designing and exploring cybersecurity metrics, broadly defined to include resilience metrics and agility metrics.

While I am excited about this progress, I believe that it is only the tip of the iceberg because there are so many open problems that are yet to be tackled. The way ahead is exciting!

Active CyberTM: What are some challenges or technical barriers that must be addressed to meet your vision of cybersecurity dynamics?

Professor Xu: I actually have discussed in some of my papers a systematic set of technical barriers that must be addressed before we can take full advantage of Cybersecurity Dynamics to orchestrate cost-effective, if not optimal, real-world cyber defense operations. One example of those technical barriers is to cope with the “state space explosion” problem, which demands us to find good strategies to approximate the native dynamics of exponentially-many states. Another example of those technical barriers is to cope with the transient behavior (in contrast to the equilibrium behavior) of cybersecurity dynamics, which highlights the importance of both Cybersecurity First-Principle Modeling and Cybersecurity Data Analytics.

Active CyberTM: What are some of the attributes of a dynamical cyber system that would be useful to measure from a macro perspective? From a micro model perspective?

Professor Xu: From a macroscopic point of view, the percentage of compromised computers in a network at any point in time is definitely one of the most basic metrics we need to measure because it reflects the overall security of a network from a holistic perspective. From a microscopic point of view, attack power (or capability) and defense power (or capability) are two of the most fundamental metrics we need to measure. The Cybersecurity Dynamics foundation offers mathematical approaches to bridging the gap between macroscopic metrics and microscopic metrics; this bridge is reminiscent of, and actually partly inspired by, the Microfoundation in Economics, where economists try to find a foundation to bridge the gap between Macroscopic Economics and Microscopic Economics.

Active CyberTM: You recently led a team that won the AICS’2019 Challenge sponsored by MIT Lincoln Labs regarding malware classification. Please describe what was involved in this challenge and what unique capabilities or features of your proposed malware classifier that figured most prominently in your win.

Professor Xu: The challenge organizers acted as red-hat hackers and mimicked cyber attackers to manipulate malware so as to evade malware detectors. This kind of vulnerability to evasion attacks is inherent to any AI- or Machine Learning-based cyber defense. We acted as the defender to detect these manipulated malware without knowing how they were manipulated. We won the challenge largely because we identified a systematic set of principles, which guided us in designing a systematic defense framework (in contrast to an ad hoc defense).

Active CyberTM: There are many branches and methods of deep analytics that are being researched and applied today to solve difficult problems in cybersecurity. Your efforts seem to focus on deep neural nets and hash algorithms. What are some of the properties of these approaches that make these techniques so promising in aiding the advancement and quality of cybersecurity analytic outcomes?

Professor Xu: At this point, we know these techniques do work sometimes. However, we cannot explain why they work, and when they don’t work. This is a big challenge to the entire research community and is yet to be addressed.

Active CyberTM: In your research, you have developed a framework, dubbed Syntax-based, Semantics-based, and Vector Representations (SySeVR) which focuses on obtaining program representations that can accommodate syntax and semantic information pertinent to vulnerabilities. What results have you identified to date in the usefulness of this framework? What improvements are you working on for this framework?

Professor Xu: SySeVR is the first systematic framework for using Deep Learning to detect software vulnerabilities. We have identified a number of software vulnerabilities in some open source software, which appear to be not known to their vendors. We have informed the respective vendors about these vulnerabilities for ethical research. We are still investigating what or where is the limit of using Deep Learning for vulnerability detection.

Active CyberTM: The University of Texas at San Antonio is well-known for its research and education efforts in cybersecurity. As your vision of the Science of Cybersecurity unfolds and takes hold, how do you see other disciplines or domains of mathematics and science being formally extended in curriculums to embrace cybersecurity?

Professor Xu: I firmly believe that in order to adequately tackle the cybersecurity problem, we need expertise from many disciplines, including computer science, mathematics, statistics, statistical physics, network science, system science, economics, management science, and social sciences. This is indeed inherent to, and reflected by, the Cybersecurity Dynamics foundation. We need to foster such multidisciplinary and interdisciplinary research communities to tackle some of the most challenging scientific problems we are confronted with. These research efforts will catalyze the development of new curriculums, hopefully sooner rather than later.

Active CyberTM: Looking into your crystal ball, when do you believe the promise of autonomic systems will be realized when it comes to cyber systems – i.e., self-protecting, self-healing, self-configuring, etc.? Do you believe that “man-in-the-loop” cyber defenses will become an anachronism?

Professor Xu: It will take time, but we will be there, simply because cybersecurity is such a young discipline. Adequate cyber defense will be automated, but not completely. Perhaps 80% (automation) and 20% (human decision-making) will be the paradigm of effective cyber defense.


Thank you Professor Xu for an informative journey through your current and past research. The field of cybersecurity dynamics certainly looks to be a fertile and rewarding area of research. A holistic, systematic approach based on a cross-discipline view of the cyber problem along with the application of scientific principles as you described will greatly enrich our understanding and ability to combat cyber attacks. I look forward to following your progress and that of your colleagues at UTSA on this exciting research.

And thanks for checking out ActiveCyber.net! Please give us your feedback because we’d love to know some topics you’d like to hear about in the area of active cyber defenses, PQ cryptography, risk assessment and modeling, autonomous security, digital forensics, securing the Internet of Things, or other security topics. Also, email marketing@activecyber.net if you’re interested in interviewing or advertising with us at Active Cyber™.

About Professor Shouhuai Xu
Shouhuai Xu is a Full Professor in the Department of Computer Science, University of Texas at San Antonio (UTSA). He is the founding Director of the Laboratory for Cybersecurity Dynamics at UTSA. He pioneered the Cybersecurity Dynamics framework for modeling, reasoning, and quantifying cybersecurity from a holistic perspective. This framework has led to many original results in cybersecurity first-principle modeling and analysis, cybersecurity data analytics, and cybersecurity metrics (see http://www.cs.utsa.edu/~shxu/socs/). He is interested in both theoretical and practical cybersecurity research. His research has been funded by AFOSR, ARL, ARO, NSF and ONR. He co-initiated the International Conference on Science of Cyber Security. He also co-initiated the ACM Scalable Trusted Computing Workshop (ACM STC). He is/was a Program Committee co-chair of SciSec’19, SciSec’18, ICICS’18, NSS’15 and Inscrypt’13. He has served on the Program Committees of numerous international conferences. He was/is an Associate Editor of IEEE Transactions on Dependable and Secure Computing (IEEE TDSC), IEEE Transactions on Information Forensics and Security (IEEE T-IFS), and IEEE Transactions on Network Science and Engineering (IEEE TNSE). He received his PhD in Computer Science from Fudan University.