Geo-Temporal Characterization of Security Threats - July 2015
Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.
PI(s): Kathleen M. Carley
Co-PI(s):
Researchers:
1) HARD PROBLEM(S) ADDRESSED (with short descriptions)
This refers to Hard Problems, released November 2012.
Scalability and Composability: New network metrics developed under this project are scalable.
Policy-governed secure collaboration: This project provides an empirical bases for identifying global issues and needs vis-a-vis secure collaboration; e.g., what states are most threatening and may need special policies. Results show wide variation in infrastructure such that, any procedures designed only for new systems will fail to create secured collaboration at the global level. Results also show that countries with high corruption and unsophisticated IT support are likely to be used by others as the apparent source of attacks.
Predictive Security Metrics: This project provides an empirical basis for assessment and validation of security models. Provides a global model of the flow of cyber threats and associated information, that can be used to develop new social and organizational policies to reduce security threats. Research identifies capability and IT gaps at the global level thus improving selection and prioritization processes.
Resilient Architecture: Nothing directly.
Human Behavior: This project provides an empirical basis for assessing human and organizational variability in capability to thwart and to engage in attacks at the global level. Results provide insight into how to determine whether attacks that appear to be coming from a country are being directed out for malicious intent or whether that country is being inadvertently used by other countries and is so appearing malicious. Results are particularly relevant from a human policy perspective.
2) PUBLICATIONS
The following paper was accepted for publication in a journal:
Ghita Mezzour, Kathleen M. Carley, and L. Richard Carley, 2015, An Empirical Study of Global Malware Encounters. Proceedings of ACM Symposium and Bootcamp on the Science of Security (HotSoS), April 2015, Urbana, IL
Ghita Mezzour, L. Richard Carley and Kathleen M. Carley, 2014. Longitudinal Analysis of a Large Corpus of Cyber Threat Descriptions. Journal of Computer Virology and Hacking Techniques. DOI: 10.1007/s11416-014-0217-8
Mezzour, Ghita, April 2015, "Assessing the Global Cyber and Biological Threat," Ph.D. Thesis, Carnegie Institute of Technology, Electrical and Computer Engineering & School of Computer Science, Institute for Software Research, Carnegie Mellon University, Pittsburgh, PA, USA.
3) KEY HIGHLIGHTS
At a more global scale, our analysis confirms that large computing and monetary resources are
the main driver behind high exposure to web attacks and fake applications in Western Europe and North America. We find that Eastern Europe hosts disproportionate quantities of attacks because of a combination of widespread corruption and a reasonable computing infrastructure. Surprisingly, we find that China is not among the top 10 attack hosting countries and that Africa hosts the smallest quantities of attacks. Another surprising finding is that international relations have no significant effect on attack exposure or hosting. Our work has important policy implications for addressing attack exposure and hosting. For example, increasing cyber crime sanctions in Eastern Europe is likely to be ineffective and may even be counterproductive.
In the current quarter we also did a deep dive into the cyber threat surrounding Russia and those countries that were part of the former USSR. The global results mean that while Russia may be less susceptible to the newest forms of malware, Russia and many of the countries that had formed the prior USSR were often super spreaders for viruses. In further examining these countries we find that Russia and the former USSR states tend to focus their attacks on NATO states, particularly the USA and the Ukraine. That despite the publicity of the Russian attacks, former USSR states are more likely to attack Russia than Russia to attack them.
Ghita Mezzour was selected for the MIT EECS Rising Stars.
This is a program that brings together for a workshop the top graduate and postdoc women in EECS for two days of scientific discussions an information sessions at navigating their career.