Skip to main content

Battle of the “Bad Actors”: One Professor’s Quest for Internet Safety

Photo by Alyssa Lyman

He wants to make the world safer—the cyberspace world, that is.

Dr. Casey Deccio, the newest computer science professor at BYU, plans to research network security and how to protect organizations from adversarial attack.

Deccio received his bachelor’s and master’s degrees in computer science at BYU and his PhD in computer science from the University of California Davis. He joined the BYU Department of Computer Science as an assistant professor in October 2016.

Before becoming a professor at BYU, he was a research fellow at ICANN for eight months while also working at Sandia National Laboratories as a member of the technical staff. While at Sandia, he learned about network security and its challenges.

One security problem is called Reflection Attack.  A “malicious actor” manipulates an Internet message so the Internet will read it like it came from someone other than the malicious actor. This is called IP address spoofing.  It’s like a troublemaker who puts his neighbor’s mailing address as the “from” address on a letter instead of his own. The malicious actor will send many of these messages with forged “from” addresses, and the recipients of the messages send responses to the original sender—or rather, who they read as the original sender. The response messages go to the malicious actor’s intended victim, the “neighbor,” effectively overwhelming it.

“There are a lot of people out there who have a desire to see bad things happen to people, whether it’s for a business rivalry or a political cause,” Deccio said.

Computer scientists have invented a way to block such attacks from reaching their intended target. This protection stops the emails from leaving the attacker’s network when it sees the “source” of the messages is not within that attacker’s network.

“It’s like if you were sending a letter to someone and, on the way out, the postal service says, ‘Wait a minute, that address isn’t within our city; we’re not sending this letter.’ It then never gets to the place that will send the response message to the third party that is the target,” Deccio said.

But Deccio knows many companies find it difficult to provide this protection in their network system, particularly when the protection only benefits others—the victims—and not the companies themselves. Even if not all companies can deploy this protection, certainly some can. Deccio has made it his mission to identify which parts of a network system are the most critical for protection deployment by measuring the protection’s impact in those different areas.

Deccio’s research will not only help improve Internet protection, but also provide students with a number of different hands-on experiences. Students will learn about Internet topology, how to break it down, and how different points in the Internet communicate. Some students will also code and work with a variety of deployed software.

He looks forward to working with BYU students, who can bring a fresh perspective. Above all, he wants his research to make a difference.

“This is a way to help with the security and stability of the Internet. Even in the last couple weeks, there was a huge attack on a very prominent content provider, and it took down a lot of services that depended on them,” Deccio said. “This was a very sophisticated attack because the system was very well provisioned. Looking at ways to help prevent those types of things before they even happen is a big thing because even the most provisioned can be affected by malicious actors in today’s Internet.”