Baijian “Justin” Yang’s current research projects are aimed at educating students and practitioners about cybersecurity threats before they are confronted with a real security breach.
Yang, associate professor of computer and information technology, has worked with IEEE for over a year to create Try-CybSI, a website that allows users to test and understand how hackers can gain access to computer systems or secure data.
“We created 11 educational tools -- each housed in virtual containers -- to help people learn it,” he said. “They don’t have to install any additional software or operating system. They can simply use their computer or an iPad with a keyboard, go to that web interface and play with the security-related tools.”
Yang and his research team created the current offerings and web infrastructure from scratch. The projects are a combination of those created solely by Yang and his team and those created by other cybersecurity experts. All are available for free.
Without such a resource, individuals would need to install extra machines, figure out how to configure a network, find out the exact version of the software, and use extra days setting up the entire process. With Try-CybSI, a user can log in and be ready to learn in a matter of minutes.
For example, Yang’s favorite demonstration on the Try-CybSI site is the SSL strip attack. In this scenario, a third-party intercepts secure information between a user and a server and removes the secure sockets layer (SSL) without the user knowing. The connection will still look secure, but the hacker will have gained access to the user’s sensitive information.
It is important to note that the each instance of the tools is designed and implemented in an isolated fashion. There is little chance for the tests to harm or impact other modules, networks or machines.
Yang believes, because of its popularity, Try-CybSI will become permanent product for IEEE to offer its members.
Read more about the Try-CybSI project from IEEE.
This immediate hands-on learning approach to cybersecurity is an extension of another project Yang is working on, EAGER Enhancing Cybersecurity Education Through a Representational Fluency Model, funded by the National Science Foundation. Along with several other Purdue faculty, including Melissa Dark and Victor Chen in the Purdue Polytechnic, Yang has been studying how people learn cybersecurity concepts best.
“We recognize from student responses, many students, if you simply teach them basic definitions, they don't know what you are talking about. They don't know how to apply direct technologies,” Yang said. “We want something that is not just lecture or conventional teaching; we want to give students something to build their mental model. … Students are confused until you provide them with a tool like the Try-CybSI tools, and then they can actually understand it better.”