Yonghwi Kwon's NSF Grant Supports Research to Create Cybersecurity that Anticipates Attacks

The National Science Foundation places priority on inventing computing and networking technologies that are secure and trustworthy. The need is urgent.

Last year, the world was gripped by high-profile cyberattacks on critical infrastructure, including attacks that targeted the SolarWinds software company in Texas, the Colonial Pipeline carrying fuel from Texas to New Jersey, and JBS Foods’ meat processing plants.  

Now the technology research and consulting firm Gartner predicts 30% of critical infrastructure organizations will experience a security breach by 2025, and research firm Cybersecurity Ventures projects that global cybercrime costs will reach $10.5 trillion annually by the same year.

Yonghwi Kwon, John Knight Career Enhancement Assistant Professor of Computer Science in the University of Virginia School of Engineering and Applied Science, is developing more robust protections against the avalanche of cybersecurity threats.


Yonghwi Kwon is the John Knight Career Enhancement Assistant Professor of Computer Science in the School of Engineering and Applied Science at the University of Virginia.

This January, he earned a CAREER Award from the National Science Foundation in recognition of his trailblazing research. The CAREER program, one of the NSF’s most prestigious awards for early-career faculty, recognizes the recipient’s potential for leadership in research and education. Kwon’s five-year, $547,574 grant will support his work to develop more dynamic cyber defenses, tackling attackers where they exploit systems.

Kwon, who received his Ph.D. in computer architecture from Purdue University in 2018, joined UVA Engineering’s Department of Computer Science the same year. Within a year of launching his lab and assembling a team, Kwon had already received $937,000 in grant awards to pioneer novel approaches for safeguarding systems from cyber criminals. 

Kwon’s team’s efforts to advance cybersecurity hold promise for a global infrastructure that had become exponentially more vulnerable. Forbes started sounding an alarm when it reported 2020 was on track to break all previous records for damage resulting from more sophisticated cybersecurity threats around emerging technologies like machine learning and artificial intelligence.

Just one year later, in its own clarion call for better cybersecurity to protect U.S. citizens against cyber theft, the citizen advocacy non-profit Identity Theft Resource Center shined a spotlight on just how fast the nation’s cybersecurity problem was growing. 

The National Institute of Standards and Technology “has set a record each year since 2016 for the number of known software flaws that are assigned a risk rating in the National Vulnerability Database,” said Identity Theft Resource Center Chief Operating Officer James Everett Lee in testimony before the U.S. Committee on Commerce, Science and Technology. “We will set another record this year, too, most likely in excess of 19,000 known software bugs. There have already been 33 Zero Day attacks – cyberattacks exploiting a previously unknown software flaw - in calendar year 2021. That’s 11 more than 2020. 

“Meanwhile, the average time to patch a known software bug in enterprise software or web applications is measured in months or years depending on the sector – while attackers can exploit a new flaw in a matter of hours or minutes,” Lee said.

“Securing computer systems once an attack has happened is really hard, particularly in the face of so many attacks,” Kwon said. “Manually patching the vulnerabilities cannot keep up.”

To date, cybersecurity has relied on manual detections of threats that are added into knowledge databases, against which systems are scanned to identify infected computers. But systemic infection beyond just one computer will have occurred by the time an initial infection is found. Often entire networks must be taken down since there is no way to pinpoint what parts of the system have become vulnerable to unanticipated, future disruption.

Preemptive protections, like the ones Kwon is developing with this NSF CAREER Award, are the only hope to get ahead of the tsunami of cyberthreats. His research is on the leading edge of a shift in cybersecurity tactics aimed at catching a threat before it can dismantle an entire network. This requires drilling down into the actual path an attack follows to uncover a hacker’s first keystroke, drawing a straight line from cause to effect.

Kwon and his team comb through datasets of code, backtracking through the unique activities in chains of actions, to uncover which activities – known among researchers as the causalities – resulted in the evidence of attacks, or what computer scientist call the disruptions. The goal is to identify the origin of threats so that they can be stopped at the point of initiation and never lead to disruptions at all. 

“We want to uncover details about the ways attacks happen and create defenses able to anticipate an attack,” Kwon said. “By connecting lots of attacks to certain causalities you can prevent many more attacks from ever happening in the first place.”

Dynamic Defenses Story

Kwon and his team drill down into the actual path of cyberattacks to uncover the origin of threats. The knowledge is a powerful tool in developing preemptive defenses against attacks.

The power of the novel approach is in the fact that precision leads to broader and more effective protections. Many different types of disruptions can share the same root cause, or vulnerable point, which Kwon says can be prevented when analyzed thoroughly. Armed with these analyses, Kwon’s team conducts experiments to explore whether changes in computer code and code configurations can single-handedly shut down many threats.

Their work will contribute to a new frontline of defense that acts like a security screener blocking malicious activity through updated system specifications.

His research is also informing work with industry partners to develop more advanced cybersecurity infrastructure. For example, Kwon’s team and Cisco are working together to analyze requests for data within computing networks to eliminate anything dangerous before it even gets to a single application. Collaborations like these translate research findings into real-world advantages. 

This NSF CAREER Award also recognizes Kwon for leadership as an academic role model. He mentors future cybersecurity leaders as faculty advisor to the UVA Engineering cybersecurity team.

In 2020, Kwon led UVA students to a third sweep of a Raytheon Technologies-sponsored National Collegiate Cyber Defense Competition. The annual event creates real-world scenarios in which students from across the U.S. practice their cyber defense skills during multiple stages of competition, and while under pressure.

UVA beat out nine other university finalists to take top prize, earning the team national recognition as the most highly qualified computer science students in the country – for the third year in a row. Only one other team besides UVA, from the University of Central Florida, has won three consecutive national championships in the competition’s 16-year history.

Whether teaching students or developing next generation cyber defenses, one goal motivates Kwon. “We want to provide fundamental capabilities to catch cyber criminals and secure society in the end,” he said.