Geo-Temporal Characterization of Security Threats - October 2015
Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.
PI(s): Kathleen M. Carley
Co-PI(s):
Researchers:
1) HARD PROBLEM(S) ADDRESSED (with short descriptions)
This refers to Hard Problems, released November 2012.
Scalability and Composability: New network metrics developed under this project are scalable.
Policy-governed secure collaboration: This project provides an empirical bases for identifying global issues and needs vis-a-vis secure collaboration; e.g., what states are most threatening and may need special policies. Results show wide variation in infrastructure such that, any procedures designed only for new systems will fail to create secured collaboration at the global level. Results also show that countries with high corruption and unsophisticated IT support are likely to be used by others as the apparent source of attacks.
Predictive Security Metrics: This project provides an empirical basis for assessment and validation of security models. Provides a global model of the flow of cyber threats and associated information, that can be used to develop new social and organizational policies to reduce security threats. Research identifies capability and IT gaps at the global level thus improving selection and prioritization processes.
Resilient Architecture: Nothing directly.
Human Behavior: This project provides an empirical basis for assessing human and organizational variability in capability to thwart and to engage in attacks at the global level. Results provide insight into how to determine whether attacks that appear to be coming from a country are being directed out for malicious intent or whether that country is being inadvertently used by other countries and is so appearing malicious. Results are particularly relevant from a human policy perspective.
2) PUBLICATIONS
The following paper was accepted for publication in a journal:
Ghita Mezzour, Kathleen M. Carley, and L. Richard Carley, 2015, An Empirical Study of Global Malware Encounters. Proceedings of ACM Symposium and Bootcamp on the Science of Security (HotSoS), April 2015, Urbana, IL
Ghita Mezzour, L. Richard Carley and Kathleen M. Carley, 2014. Longitudinal Analysis of a Large Corpus of Cyber Threat Descriptions. Journal of Computer Virology and Hacking Techniques. DOI: 10.1007/s11416-014-0217-8
Mezzour, Ghita, April 2015, "Assessing the Global Cyber and Biological Threat," Ph.D. Thesis, Carnegie Institute of Technology, Electrical and Computer Engineering & School of Computer Science, Institute for Software Research, Carnegie Mellon University, Pittsburgh, PA, USA.
3) KEY HIGHLIGHTS
There exists a small, but discernable signal in social media regarding cyber attacks. Geo-tagged twitter data was assessed to determine if there were discussions about cyber attacks. Such messages were found. It is not known at this time, how this signal relates to actual attacks.