|
The world increasingly relies on computer systems and associated software, yet attackers continue to exploit vulnerabilities in this software to threaten security in new and sophisticated ways. This research views exploitations of software vulnerabilities as critical, but not unique, examples of innovations that society would like to discourage? many other examples (e.g., biological weapons, sports doping, terrorist devices, privacy intrusions) exist. Purely technical panaceas are unlikely; instead, given inherent residual risk, society needs to better understand how adversaries adopt technological innovation and the efficacy of measures to stem their diffusion. Using large-scale data analysis, this research builds on innovation diffusion theory to model how exploitations of security vulnerabilities spread through attacker populations. The study of the specific software security context (particularly regarding disclosure and transparency) can clarify the complex interaction between attack and countermeasure activity and help society benefit from technology while reducing concomitant negative consequences.
The project integrates a cohesive set of empirical studies based on a massive dataset of intrusion alerts augmented by the National Vulnerability Database and manual data collection. It combines theory from economics, computer science, and sociology with advances in analytical tools to build predictive models. While researchers recognize that deeper understandings of attacks and countermeasures are critical, they remain difficult problems. However, recent advances in analytical techniques combined with the availability of large datasets present an emerging opportunity to model and understand attacker behavior. The project also promotes awareness of security through a range of activities (including instructional modules, workshops, and course offerings), using the theoretical insights from the research program to promote diffusion of measures that counter security threats. Regardless of how the threat landscape continues to evolve, rigorous methods for modeling attacker behavior and diffusing information will remain crucial.
|
CAREER: Using Analytics on Security Data to Understand Negative Innovations