When Engin Kirda started focusing on cyber-​​security research 10 years ago, those pri­marily respon­sible for launching Internet attacks were teenagers out for kicks, he said. But the scope of threats existing through the Web has dra­mat­i­cally changed since then.

Now secu­rity breaches are often finan­cially moti­vated and highly orga­nized — which presents intriguing chal­lenges for Kirda, the Sy and Laurie Stern­berg Inter­dis­ci­pli­nary Asso­ciate Pro­fessor for Infor­ma­tion Assurance.

We’ve seen a shift from attacks for fun to attacks for profit,” said Kirda, who joined the fac­ulty in Jan­uary with joint appoint­ments in Northeastern’s Col­lege of Com­puter and Infor­ma­tion Sci­ence and Depart­ment of Elec­trical and Com­puter Engi­neering. “That’s why it’s fas­ci­nating for me to see how these bad guys are oper­ating, and to try to come up with solu­tions to combat them.”

Kirda studies Internet secu­rity issues and how to dis­cover vul­ner­a­bil­i­ties in web­sites and Internet appli­ca­tions to create more secure appli­ca­tions. He is also working on cre­ating better virus-​​detection tech­niques. He pre­vi­ously taught at research insti­tu­tions in Vienna and Sophia Antipolis, France, and he is the cofounder and codi­rector of the Inter­na­tional Secure Sys­tems Lab — a col­lab­o­ra­tive effort of Euro­pean and U.S. researchers focused on ana­lyzing and designing tools for com­puter security.

Kirda plans to take a closer look at why some users’ com­puters get infected with mal­ware, a soft­ware designed to harm or secretly access a com­puter system, and how well those people are able to iden­tify cyber attacks. As part of this project, users would be given online tests to deter­mine the scope of their under­standing of cyber threats.

One thing I have learned over the years is that secu­rity prob­lems are not only tech­nical prob­lems. There is a very social aspect to all these issues,” he says. “For example, someone can come up with tech­nical solu­tions, but they might still fail because we don’t exactly under­stand how well users are actu­ally able to accept these tech­nical solutions.”

Kirda was drawn to North­eastern in part because of the new Infor­ma­tion Assur­ance doc­toral pro­gram, and he hopes to explore inter­dis­ci­pli­nary col­lab­o­ra­tions here to develop more robust sys­tems and better solutions.

He says one small virus released in a net­work or system, for a bank or nuclear reactor, can cause major damage. Given the number of people and com­pa­nies depending on Internet reli­a­bility and secu­rity on a daily basis, he is excited to work in an ever-​​evolving field of sig­nif­i­cant soci­etal importance.

The prob­lems are very real,” Kirda says, “so there is an oppor­tu­nity to make quite a large impact.”