|
In 2016, the cyberthreat landscape showcased advanced attack techniques, escalated attack frequency, and high levels of adversarial sophistication. Conventional cyberattack management is response-driven, with organizations focusing their efforts on detecting threats, rather than anticipating adversarial actions. This reactive approach has limited efficacy, as it does not capture advanced and sophisticated adversaries, mutating or unknown malware, living-off-the-land techniques or new variants being deployed. There is thus an immediate need for a paradigm shift in the area of cybersecurity. Security experts are calling for anticipatory or proactive defense measures that focus on adversarial behavior and movement. This research aims to develop a criminological theory that captures the dynamics of cybercrime and a corresponding simulator to generate attack scenarios that adapts to ever changing and diverse cyber vulnerabilities, defense, and adversary tactics. This research has two connected objectives: (1) Develop (and evaluate) an integrated Dynamic Routine Activities Theory (DRAT), which examines the continually changing interaction between offender, target, and guardian (OTG) along cyberattack trajectories aided by Monte-Carlo simulation; and (2) Understand how variations in OTG impact dynamic adversarial attack trajectories. Specifically, how can these variations and amounts of variations be measured, modeled and simulated, and what might these variations imply for DRAT -- Understanding adversarial attack trajectories, and how these can be disrupted to impact adversaries, will be instrumental in comprehending anticipatory cyber defense and ultimately contribute to the paradigm shift towards proactive cybersecurity. This exploratory, multidisciplinary research marries the two disciplines of criminology and computer engineering to push the research frontier on proactive cybersecurity. This groundbreaking intersection will generate new criminological theoretical knowledge, mixed-method innovations, and theoretically-informed simulation that prepare defenders with preemptive and comprehensive knowledge and tools in facing adaptive and sophisticated adversaries.
|
EAGER: Collaborative: A Criminology-Based Simulation of Dynamic Adversarial Behavior in Cyberattacks