Visible to the public Geo-Temporal Characterization of Security Threats - April 2016

Submitted by Jamie Presken on Thu, 03/17/2016 - 7:05am

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): Kathleen M. Carley
Co-PI(s):
Researchers:

1) HARD PROBLEM(S) ADDRESSED (with short descriptions)
This refers to Hard Problems, released November 2012.

Scalability and Composability: New network metrics developed under this project are scalable.

Policy-governed secure collaboration: This project provides an empirical bases for identifying global issues and needs vis-a-vis secure collaboration; e.g., what states are most threatening and may need special policies. Results show wide variation in infrastructure such that, any procedures designed only for new systems will fail to create secured collaboration at the global level. Results also show that countries with high corruption and unsophisticated IT support are likely to be used by others as the apparent source of attacks.

Predictive Security Metrics: This project provides an empirical basis for assessment and validation of security models. Provides a global model of the flow of cyber threats and associated information, that can be used to develop new social and organizational policies to reduce security threats. Research identifies capability and IT gaps at the global level thus improving selection and prioritization processes.

Resilient Architecture: Nothing directly.

Human Behavior: This project provides an empirical basis for assessing human and organizational variability in capability to thwart and to engage in attacks at the global level. Results provide insight into how to determine whether attacks that appear to be coming from a country are being directed out for malicious intent or whether that country is being inadvertently used by other countries and is so appearing malicious. Results are particularly relevant from a human policy perspective.

2) PUBLICATIONS

None yet in this fiscal year

3) KEY HIGHLIGHTS

  • Although the USA was the top recipient of DDOS attacks between June 2013 and March 2016, the number of attacks on the USA has been decreasing since 2014 and the number on European countries, such as France, increasing.

  • Countries with high bandwidth are more likely to be the source of attacks, possibly because machines in those countries could be used by those outside the country.

  • Attacks are more likely to occur from one country to another if the receiving country has greater GDP than the sender, if the receiving country and the sender are allies, and if the sending country has a higher level of corruption.

Groups: