Engineering and Computer Science Professor Kevin Du Trains the Next Generation of Cybersecurity Experts

As an engineer, Kevin Du has always embraced a problem-solving attitude. In his world, if no solution exists for the dilemma he’s facing, he will create the solution.

It’s a mentality that has served Du, an electrical engineering and computer science professor in the College of Engineering and Computer Science, well as he has carved out a decorated career as a global cybersecurity expert. His labs have been used by more than 1,100 institutions and universities across the world, and it all started with the launch of the SEED open-source project, which developed hands-on instructional laboratory exercises known as SEED labs for cybersecurity education.

But at the time of its creation in 2002, the experiences Du wanted to provide to his students around cybersecurity education didn’t exist in a practical fashion. He set out to create a virtual training tool that could help prepare cybersecurity experts on how to handle the pressing issues they would face in the future.

The initiative launched thanks to $1.3 million in funding from the National Science Foundation (NSF). The SEED project’s objectives are to develop an instructional laboratory environment and accompanying laboratory exercises that help students comprehend the practical security principles, concepts and technologies associated with cybersecurity issues; apply those principles to designing and implementing security mechanisms that can counter cybersecurity attacks; analyze and test computer systems for potential security issues; and apply these security principles to resolving real-world cybersecurity problems.

“I designed the SEED project so students can actually walk through those attacks by themselves on their computer,” says Du, who is a fellow of both the Institute of Electrical and Electronics Engineers and the Association for Computing Machinery. “Not just talk about the attack, but now they can actually see the attack and think about what they would need to do to stop the attack.”

Since its founding, the open-source (software that is made freely available to interested parties) SEED project, which operates by having the students access the lab work through virtual machines, has accomplished the following:

• Developed more than 40 labs exploring computer and information security topics like software security, network security, web security, operating system security and mobile app security, and
• through its SEED emulator, users can replicate the internet on a single computer, introducing students to hands-on cybersecurity research activities related to the internet, Border Gateway Protocols (the internet’s routing protocol), Domain Name System (the internet’s directory), and Blockchain, Botnet, the Dark-net and more.

“We are not teaching students to carry out these attacks, but if you don’t know what’s happening behind the attack, you won’t know what to do when you encounter an attack,” Du says.

A Safe, Hands-On Environment for Resolving Cybersecurity Attacks

Before Du created these virtual labs, cyberattacks would be explored on paper, with professors describing how a theoretical cyberattack could be carried out. While it is important for students to understand the theoretical workings of cyberattacks, Du says this approach leaves out the equally important practical application, the actual stopping of a cyberattack as it is happening or once it has happened.

Professors would discuss cyberattacks in theory, but gaining hands-on, practical experience was very limited, for one very good reason, according to Du. Working through cyberattacks represents a security threat, one that can’t be tackled on a normal University-issued computer, because some of the cyberattacks being studied could bring down the entire internet if they were successfully carried out.

The solution, according to Du, was to build virtual machine technology that would allow Syracuse University students—and students in classrooms all across the country—to access and run the cybersecurity software on their own personal computers.

At the time, virtual machine technology was still relatively new on college campuses. Du fine-tuned the project’s goals and objectives, focusing on educating students about the dangers of the different kinds of attacks while emphasizing ways to keep these attacks from happening.

“There was a huge gap between the theory and the practice of a cybersecurity attack. We needed to fill that gap,” Du says. “The big achievement with the SEED lab is we brought the ideas that students were learning about in their research and we simplified those ideas and made this hands-on component that compliments the theoretical teachings.”

Becoming a Global Leader in Cybersecurity

Since starting as a professor at the University in 2001, Du’s research papers have been cited 17,800 times, and he has won two ACM Conference on Computer and Communications Security Test-of-Time Awards.

In 2015, Du, who was always interested in hands-on learning, began offering training workshops funded through a $1 million NSF grant for interested cybersecurity educators at colleges and universities across the country. Each summer, approximately 80 instructors converge on Link Hall for a weeklong intensive training workshop where they learn the ins and outs of Du’s open-source software. Since offering the sessions, Du estimates that more than 400 college professors were trained on the software and are now teaching their students many of the same cybersecurity awareness and prevention lessons Du teaches through his labs.

“I’ve found that many instructors share my teaching philosophy that they want to have hands-on practice with their classes, but they’re finding there weren’t many opportunities,” Du says. “Now, my SEED lab can fill that gap and it’s very easy for the instructors to use. Because I put a lot of thought into designing this SEED lab, it makes it easier for other professors to bring the teachings back to their campuses.”

Du has also written a textbook based on the SEED labs, “Computer and Internet Security: A Hands-on Approach,” that is used by nearly 300 universities. Knowing the source material can be a bit dry when digested only in a textbook, Du built a recording studio in his basement and produces video lessons complete with hands-on demonstrations to accompany his lectures. The videos are posted online and available at a cost of $10 per class.

“The videos certainly help enhance the teachings through demonstrations of the attacks or the lessons we’re learning and have helped more people benefit from my SEED labs,” says Du, who hopes to one day introduce artificial intelligence topics into his SEED labs’ educational environment.