|
The proliferation of cybercrime has created an opportunity for researchers to study cybersecurity using a data-driven, and ultimately scientific, approach. This project seeks to improve the process of cybercrime data collection and analysis for the purpose of reducing its harm. Effort-based indicators, which measure the impact of defender actions such as the time taken to clean a compromised resource, are being constructed for use in analyzing data gathered on multiple categories of cybercrime. Indicators are being collected throughout the duration of the project in order to enable longitudinal analysis, for example, to measure any improvements that result from dissemination. It is also being investigated whether it is feasible to devise and deploy a prototype early-warning system that proactively alerts defenders quickly enough to arrest concentrated spikes in cybercriminal activity. The project's educational objective is to advance the science of cybersecurity by contributing public datasets of cybercriminal activity to be shared with other researchers and incorporated into curriculum modules. Instructional initiatives include improving existing curricula and publishing stand-alone resources that can be adopted by others. The project is advancing understanding of how to construct reliable cybercrime indicators. Effort-based indicators help mitigate information asymmetries, so that anyone can see which defenders are working harder to clean up compromised resources. This could in turn improve the response to cybercrime overall by solving coordination problems in which individual defenders shirk responsibility. The project is also advancing understanding of how the response to cybercrime changes over time by collecting data for several years. If widely shared, the indicators can help incentivize defenders to fight cybercrime over the long term. The project seeks to identify not only how to construct the indicators, but also what is the most effective way to share them. The early-warning system, if successful, could greatly enhance the efficiency of countermeasures by helping defenders get ahead of the shifting tactics used by attackers. In the education program supported by the project, datasets are being added to curriculum modules that teach scientific approaches to cybersecurity. Modules are being designed for not only graduate and undergraduate degree programs, but also for middle and high school students, free online courses co-developed by the PI, and a security economics textbook under development.
|
CAREER: Developing Robust Longitudinal Indicators and Early Warnings of Cybercrime