Researchers in computer science and software engineering lead national lab project to advance strategic computing for national security
Published: Jul 10, 2025 8:00 AM
By Joe McAdory
Two associate professors in the Department of Computer Science and Software Engineering are developing advanced tools to help defend national security interests against cyber threats, hidden software vulnerabilities and increasingly intelligent adversaries.
Daniel Tauritz, director for national laboratory relationships and director of the university’s Biomimetic National Security Artificial Intelligence (BONSAI) Lab, and Samuel Mulder, who directs the university’s Program Understanding (PUN) Lab, are leading three research efforts under a five-year $3 million umbrella contract with Los Alamos National Laboratory entitled “Advanced Computing for National Security.” Their work spans the automation of binary software analysis, the simulation of adversarial strategies and the automated design of custom algorithms for complex national security problems.
“Software complexity is increasing at a very high rate and our ability to analyze it just isn’t keeping up,” Mulder said. “The government can’t develop this kind of science by itself. It’s too big, too broad. That’s why they need to collaborate with academia and build the capabilities we lack.”
Allan David, associate dean for research, said the contract is another milestone for the college’s research enterprise.
“Contracts like these are awarded to researchers who demonstrate they can deliver results aligned with national mission objectives,” he said. “Drs. Tauritz and Mulder earned this through deep expertise, a track record of collaboration with Los Alamos National Laboratory and a commitment to solving the most urgent cyber and software assurance challenges facing the country.”
The first of the three research thrusts, “Securing Operating Environments,” is led by Mulder and focuses on improving how analysts detect hidden threats in software supply chains. The work is particularly relevant to the U.S. nuclear weapons complex, where devices such as electron microscopes, programmable logic controllers and advanced manufacturing systems run on increasingly complex, intricate stacks of commercial and open-source code which are vulnerable to tampering.
“Our current ability to evaluate and assess software is profoundly limited, yet vitally important,” Mulder said. “There’s too much software on there for any human reverse engineer or analyst to review. Our project is focused on triage, trying to help them narrow down the critical parts of that software stack. We’re trying to provide a general ability to perform program understanding rather than just looking for vulnerabilities.”
Research on software supply chains includes work on extracting features from binary programs, using large language models to decompile programs and sifting through firmware images looking for backdoors.
The second thrust, “Computational Game Theory for Approximating High-Consequence Attacks & Defenses,” is led by Tauritz and uses competitive coevolution to simulate adversarial behavior and identify optimal defenses. The approach models attackers and defenders as evolving artificial intelligence (AI) agents whose strategies adapt in response to one another.
This research builds on more than a decade of work by Tauritz in developing a general framework called “Coevolving Attacker and Defender Strategies (CEADS).” CEADS applies principles of competitive coevolution to approximate game-theoretic solutions in complex, real-world adversarial scenarios — offering a powerful way to plan for the unexpected.
In this concept, populations of virtual attackers and defenders evolve in parallel, with their fitness linked to how well they achieve their objectives. For attackers of a computer network, success might mean reaching a specific host in a network, extracting data and exfiltrating it — either through pre-defined sequences or via adaptive agents that learn from the environment and change behavior accordingly.
“If you want to predict the worst-case attacks by your adversary and in advance identify what the best defenses would be,” Tauritz said. “That’s something that we can model on a computer. Game theory is a mathematical approach which in theory can perfectly solve these problems. The problem with game theory is that it doesn’t scale up to the real world, so in practice you employ something called computational game theory to approximate the perfect solutions.”
By running these simulations, researchers can identify not only how an attacker might exploit vulnerabilities, but also which defense mechanisms would be most resilient — even under worst-case conditions. The long-term vision is a fully automated system for uncovering high-impact attacks and corresponding defenses across a wide range of domains.
The third thrust, “Automated Design of Algorithms Employing Hyper-Heuristics,” also led by Tauritz, focuses on using evolutionary algorithms to automatically generate high-performance algorithms tailored to specific national security problems. These so-called hyper-heuristics are designed to outperform general-purpose tools by being optimized for specific problem classes.
The current graph-based approach dramatically expands the algorithm design space beyond traditional structures, enabling more effective solutions for computationally intensive national security challenges — especially where performance and customization are critical.
“In national security, we often deal with very complex problems requiring the highest performance algorithms,” Tauritz said. “If you take an off-the-shelf algorithm, they’re general. To be general, you must give up some performance. Therefore, to tackle these national security problems, you need a custom algorithm, but as those are hard and time consuming to design, we investigate the use of hyper-heuristics to automatically design them.”
As the threats of AI in security grow more sophisticated, Mulder believes the time to prepare is now.
“It’s an arms race that’s happening,” Mulder said. “The question is: do we as a nation want to participate or are we just going to fall behind our adversaries?”
Tauritz said, “Our answer is: we choose to participate.”
Media Contact: , jem0040@auburn.edu, 334.844.3447
The research of Samuel Mulder, left, and Daniel Tauritz spans the automation of binary software analysis, the simulation of adversarial strategies and the automated design of custom algorithms for complex national security problems.
