|
Li-Chiou
Chen
|
|
Phone: 914-773-3907 |
I am an assistant professor in the Department of Information Systems, School of
Computer Science and Information Systems, Pace University. Prior to Pace, I worked with Professor Kathleen Carley in CASOS, School of
Computer Science, Carnegie Mellon University (CMU), in
Teaching
IT300 Computer
Security Overview
IT304 Internet
and Network Security
IT666
Information Security Management
DCS86B Emerging Topics
in Computer Security
Research
My
research interests have been focused on information security management and
policy. In particular, I am interested in policy and managerial solutions to mitigate
cyber security threat and risk, such as computer viruses/worms, denial of
service attacks and phishing. Human
factors have been regarded as the weakest link in computer security. How do we
leverage human factors in strengthening cyber security? I have tried to study
this problem through three distinct but complimentary approaches: computational
simulations for theory grounding, conceptual model building verified by
empirical studies, and the development of educational tools. Using
computational simulations, I was able to build theoretical grounds on analyzing
the policy and managerial solutions regarding computer viruses and denial of
service problems. Through conceptual model building and empirical studies, I
was able to verify various hypotheses on individual risk perception towards
cyber security from a micro perspective. By developing educational tools for
cyber security, I was intended to provide users/developers some guidance on
security awareness.
The
specific research projects that I have conducted are described below. My papers
can be downloaded from the publications page.
Modeling Distributed
Denial of Service Attacks and Defenses:
This study investigated the service models and the public policies needed to
facilitate the provision of defenses against distributed denial of service
attacks on computer networks.
Modeling the Spread of
Computer Viruses and Countermeasures:
Based on both an epidemiological model and a network model, this study
investigated the propagation of computer viruses and the strategies to respond
against the spread of new computer viruses. This study found that early warning
and short patch development time are the two key factors to slowing down virus
infections.
Multi-agent Models for
Simulating Biological Attacks and Surveillance: I was a member of a team that is
developing a multi-agent network model of weaponized biological attacks called
BioWar. The team was composed of researchers from Carnegie Mellon, University
of Pittsburgh and the Pittsburgh Supercomputer Center. I had worked on the validation of the
model using empirical data on biological attacks, medical records, and drug
purchases.
Detection of Anomalous
Web Server Access Patterns:
This work focused on a relatively new aspect of anomaly detection: temporal and
relational interdependencies among the attributes of dynamic relational data
records. Web server access logs are
used as an example for anomalous patterns detection.
Individual Risk
Perception on Computer Security Related Risk: I have developed a conceptual model and conducted an
empirical survey that examined how end users make decisions involving cyber
security risk. This study allowed us to gather empirical evidence in order to
verify the hypotheses regarding individual computer security risk perception.
This research project is ongoing and more follow-up studies are planned to be
conducted. This project is supported by Verizon Foundationˇ¦s Thinkfinity grant
(sub-awarded through Pace University).
Web Security Education: Educating users and IT
professionals on cyber security risk is one of the ways to strengthen cyber
security. I am currently leading a research project called SWEET (Secure WEb
dEvelopment Teaching modules) to design teaching modules for users/developers
about web application threats and vulnerabilities. SWEET is an ongoing project,
supported by a grant from National Science Foundation. SWEET research team is
consisted of two other faculty members from the Seidenberg School and two
faculty members from City University of New York. In addition, I am also
working on an effort to develop a new curriculum on web application security.
The new curriculum development is supported by a grant from Department of
Defense.
Information Technology Auditing: IT Auditing involves understanding
the auditing process to provide technology audit services in accordance with
audit standards, guidelines, and best practices. Thus, IT Auditing requires
interdisciplinary domain of knowledge across information technology,
information systems security and Accounting/Auditing. This on-going project
aims to develop interdisciplinary Information Technology (IT) Auditing teaching
modules. This project is supported by Verizon Foundationˇ¦s Thinkfinity grant
(sub-awarded through Pace University).
Last Modified: November 1st, 2009