Geo-Temporal Characterization of Security Threats - January 2015
Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.
PI(s): Kathleen M. Carley
Co-PI(s):
Researchers:
1) HARD PROBLEM(S) ADDRESSED (with short descriptions)
This refers to Hard Problems, released November 2012.
Scalability and Composability: New network metrics are scalable.
Policy-governed secure collaboration: Provides empirical bases for identifying global issues and needs vis-a-vis secure collaboration; e.g., what states are most threatening and may need special policies. New results show wide variation in infrastructure such that, any procedures designed only for new systems will fail to create secured collaboration at the global level.
Predictive Security Metrics: Provides an empirical basis for assessment and validation of security models. Provides a global model of flow of threats and associated information, that can be used to develop new social and organizational policies to reduce security threats. Research identifies capability and IT gaps at the global level thus improving selection and prioritization processes.
Resilient Architecture: Nothing directly.
Human Behavior: Provides an empirical basis for assessing human and organizational variability in capability to thwart and to engage in attacks at the global level. New results provide insight into how to determine whether attacks that appear to be coming from a country are being direct out for malicious intent or whether that country is being inadvertently used by other countries and is so appearing malicious.
2) PUBLICATIONS
This paper, Putting Cyber Attacks on the World Map, was submitted to: the IEEE Symposium on Security and Privacy.
The following paper was accepted for publication in a journal:
Ghita Mezzour, L. Richard Carley and Kathleen M. Carley, 2014 (forthcoming). Longitudinal Analysis of a Large Corpus of Cyber Threat Descriptions. Journal of Computer Virology and Hacking Techniques.
3) KEY HIGHLIGHTS
Global assessment of threats reveals that more developed countries, countries with higher levels of internet penetration, or more developed IT infrastructures are often at less risk for the newest forms of malware. For example, compared to most countries and compared to Russia and China, the United States is more likely to be affected by older viruses, but slightly newer worms and Trojans. In general, Japan tends to be most impacted more than other countries by very old malware; whereas, countries in central Africa are often most vulnerable to the newest malware. The cause of these differences are not yet clear; however, they cannot be solely attributed to level of development, level of internet penetration, or the sophistication of the IT infrastructure and extant cyber security policies. The cause appears to be complex; however, a contributing factor may be the relative age of machines and degree of mobile device usage. These findings though, suggest that CIOs might want to develop policies and procedures that consider the apparent country origin of software, social media examined, and email - as a feature in assessing risk.