Source: Xinming "Simon" Ou, 785-532-6350, xou@k-state.edu

Friday, Dec. 16, 2011

Head of the class: Graduate students win best paper award at international computer security conference

MANHATTAN -- A paper on computer network security has earned two Kansas State University graduate students a major international conference honor.

Heqing Huang and Su Zhang, both doctoral students in computing and information sciences, won the Best Student Paper Award at this year's annual Computer Security Applications Conference. The award was announced Dec. 9 in Orlando, Fla., at the conference's closing ceremony. Both Huang and Zhang are originally from China.

Their award-winning paper, "Distilling Critical Attack Graph Surface Iteratively Through Minimum-Cost SAT Solving," was co-authored with Xinming "Simon" Ou, Kansas State University assistant professor of computing and information sciences, and two collaborators from the University of Michigan.

Unlike in the other disciplines, the predominant peer-reviewed publication venues in computer science are conferences. According to the conference program committee, only 20 percent of the numerous submissions received were accepted and that Huang and Zhang's paper clearly stood out.

"This is an impressive achievement for the students," said Ou, the students' adviser. "Heqing is the lead author of the paper and carried out the research and paper writing very independently. This is really exceptional for a first-year Ph.D. student who entered our program with a bachelor's degree, and for his first research/paper writing experience."

Attack graph is a sophisticated analysis technique to identify all possible ways an enterprise network can be attacked by malicious users. It can be used to automate network security defense. The paper is based on the MulVAL attack graph work carried out in the Argus cybersecurity lab in the Kansas State University computing and information sciences department. MulVAL is an internationally recognized attack graph technology used by a number of governmental agencies and companies. On Dec. 4, the day before the conference, Argus lab officially released MulVAL as an open source tool that can be downloaded and used freely by security practitioners around the world.

At the conference, Ou also gave a well-attended tutorial on how to use MulVAL to conduct enterprise network security assessment.

The annual Computer Security Applications Conference is one of the oldest conferences in computer security. It is well attended by security professionals from academia, government and industry interested in applied security.