Established on October 9 2017, the Cybersecurity Research Institute (CRI) of Guangzhou University is one of the four institutes in Cyberspace Institute of Advanced Technology. Driven by academic development mission and focusing on Academician Fang Binxing’s courses, CRI works hard on innovative studies while training and certifying network security talents represented by those studying in Academician Fang Binxing’s Course.
CRI focuses on network attack and defense, cyber- range, AI security/safety, network security talents training and certification. In more than one year since its founding, CRI has been awarded three National Key Research and Development Plan projects, four NSFC projects, and one Ministry of Education's industry & academy collaborative education project, two Guangdong Province Key Area R&D Program, as well as three CAC research projects. CRI has published more than 40 academic papers and accepted more than 20 applications for invention patents.
The network attack and defense research aims to address the threats and defense issues confronted in cyberspace, and study Malware and APT countermeasures, industrial control security, web security, vulnerability discovery, anonymous network monitoring, digital currency security and network security talents educating platforms etc. It is designed to build a leading discipline and distinctive research team while providing technical support for the security defense of national important information infrastructures and for the administrative departments of network security.
The cyber-range area aims to research security assessment, offense and defense tools verification, cyber warfare drill, and security staff training. This area will construct three to five testbeds of cybersecurity and the real system, and two to three simulation platforms of network virtualization. This area is devoted to underpinning the country's cyberspace security evaluation.
The Artificial Intelligence (AI) area focuses on security issues derived from AI implementation to include the AI security model, prevention and control system, security specifications, and the regulating-mechanisms of AI actor behaviors. This area aims to support the country's AI security.
The Cyberspace expertise cultivation devotes to the organizing and the education of "Academician Fang Binxing's Course" to include security training, cybersecurity competitions, and qualification certifications. This area aims to cultivate scarce talents for the industry and fill the country's urgent shortage of cybersecurity positions.
Products and Applications
The cybersecurity talents big data analysis and training system is jointly developed by the CRI and Heetian Information Technology Co., Ltd. This area takes comprehensive consideration about cybersecurity. The system analyses the recruitment information, attempts to set the baseline of cybersecurity skills training, identifies skill gaps and establishes a consistent job basis. It then clearly defines the vocabulary, classification, and other standards in cybersecurity and finally forms a unified cybersecurity talent framework.
In order to meet market demand and improve the cyberspace security talent practice skills, the Institute developed a new network security training system with cloud computing and Internet + ideas that has been recognized by the majority of cyberspace security teachers and students. This platform greatly stimulates the interest of students in network security learning. The system currently has more than 200,000 users to include more than 1,200 colleges and universities across the country for enterprises, government departments, and universities to promote cybersecurity awareness and strengthen talent cultivation.
Honeypot software products aim at forestalling unknown security threats and new attacks by building a high-fidelity virtual network environment and business scenarios, and the use of multi-dimensional correlation analysis engine, automatic perception of various types of security threats. Production is designed for government, finance, energy, industrial control and other large enterprise customers to identify new attacks and trace the source of attacks for combating international cyber-attacks and investigate/prevent cybercrimes.
DiTing is the software production utilized in detecting and investigating cryptocurrencies (e.g. Bitcoin, ETH) cybercrime. DiTing identifies illicit activity on the Bitcoin & Ethereum blockchain and provides valuable intelligence to financial institutions and law enforcement agencies. DiTing’s technology traces suspicious activity on the bitcoin and Ethereum blockchains by linking digital identities to real-world profiles that can discover complex relationships between multiple entities with interactive analysis.
Tianyan intelligence, the world’s first intelligence analysis system of hidden cyberspace, collects and integrates heterogeneous big data from multiple sources including darknets (e.g. Tor, I2P, Zeronet), instant messaging software (e.g. Telegram, WhatsApp), and cryptocurrencies (e.g. Bitcoin, ETH). This product is designed for government departments and commercial institutions to provide interactive intelligence analysis and to combat international cyber-attacks and investigate/prevent cybercrimes. This product supports government departments to maintain counter-terrorism, combat cybercrime and it also provides commercial institutions with professional intelligence to include black-ash production monitoring, anti-fraud, attack traffic and resources, etc.
The cyber security talent certification system developed jointly by the Institute of Network Security and the Heetian Information Technology Co., Ltd. is based on a scientific and complete network security technology system design. The system is mainly used to evaluate the theoretical basis and practical skills of network security talents. The topic pool has 1000+ theoretical topics, and 200+ practical topics. The system is still under construction.
The Institute of Network Security currently established a joint laboratories together with Antiy, Heetian and Tencent to carry out corresponding academic research and collaborative education by industry-academia cooperation.
The postgraduate courses offered by the Institute include "Cyberspace Security Law Foundation", "Software Reverse Engineering", "Cyber Security Protection Technology and Application", "Security Protocol Design and Analysis", "Vulnerability Mining and Analysis", "Cyber Confrontation Technology", "Cyberspace Security Seminars", and " Comprehensive Practice of Cyber-security".
The course of "Cyberspace Security Law Foundation" begins with a discussion of cyberspace sovereignty issues and legal issues arising from the development of the Internet. This course focuses on the necessity of cyberspace security legislation and the interpretation of Chinese cybersecurity laws and introduces domestic and relevant laws and regulation of foreign cyberspace security. While explaining the theory, this course will introduce a certain amount of practical cases for analysis so that the theory and practice could be organically combined.
The course of "Software Reverse Engineering" teaches the source and development process of software reverse engineering, common technical principles, methods and tools. Common technologies include x86, x64 and ARM architecture, PE file format, and DLL injection, API hooking, advanced reverse Analysis, advanced anti-debugging and other areas.
The course of "Cyberspace Security Protection Technology and Application" focuses on the development status and the trend of network security protection technology at home and abroad and its emphasis is on the protection techniques and applications to ensure the security of computer networks and information systems. The key technologies of network security risk assessment, security reinforcement, security operation and maintenance, security monitoring and emergency response are also discussed in depth. Through learning this course, students not only learn the basic theories and concepts of the network security protection technology, but also gain some practical skills.
The course of "Security Protocol Design and Analysis" focuses on the security protocols and its properties, which include encryption, authentication and secure communication. The course also includes cryptographic primitives for security protocols, formal analysis and security protocol verification methods. In addition to the theory, the course also pays attention to the current practical security protocol design principles and attack methods. Through the combination of theory and practice, students can deepen their understanding of cyberspace security protocol design and security issues.
The course of "Vulnerability Mining and Analysis" focuses on the Windows platform and the Android platform systematically explains a lot of theories, technologies, tools and practices needed for software vulnerability mining, analysis and exploit. Upon completion of this course, students can understand in depth about the loopholes and improve their ability to find and exploit vulnerabilities.
The course of "Cyber Countermeasure Technology" systematically teaches and discusses the principles of network attack and defense, as well as the network attack technology in a fine-grained way. It includes network probing, buffer overflow, phishing, vulnerability mining, cyberspace range, malicious code, APT attacks, virtual currency, Web security and mobile security. In addition to the theory, this course also introduces the practical application of network attack and defense technology which is combined with these theories.
The course of “Comprehensive Practice of Cyber-security” is a comprehensive training experiment course introduced after the courses of “Advanced Systems Security”, “Advanced Networks Security”, and “Application and Security of Big Data”. The course is also a comprehensive application experiment course introduced after the courses of “Vulnerability Mining and Analysis”, “Cyber Countermeasure Techniques” and “Machine Intelligence and Security”. Together with the courses of “Intelligence Terminal Security” and “Software Reverse Engineering” and by comprehensively using online experimental platform and virtual simulation software platform, the course presents comprehensive experimental application and the analysis of security concepts, security architecture, countermeasure methods and techniques in preceding courses from four aspects which include operating systems security, software systems security, data security, and network environment security. The course aims at fostering students with experience and attack and protection methods and techniques of systems, software, data, and network security, and thus develops thinking method and practice ability of analyzing and solving problems.
In addition to frontier hot topics, key and difficult points, and the development state of the industry of cyberspace security, the course of “Cyberspace Security Seminars” comprises of multiple seminars in the areas of information contents security, industry control security, Internet of Things security, anonymous communication, public opinion security, artificial intelligence security, which are taught by academic pacemakers and core researchers with a title of professor or doctor. The purpose of this course is to train students with knowledge and foresight, understand new development of relevant research directions of this discipline, foster the spirit of innovation and inspire scientific research thinking.