A Statistical Framework for Analyzing Cyber Threats

Abstract

This 4-year project consists of a 3-year main project on building a statistical framework for analyzing cyber threats, called the main project thereafter, and a 1-year add-on project on investigating security metrics, call the add-on project thereafter. The research objective of the main project is centered on addressing the following fundamental questions: How can we decode the useful information about cyber threats that is encoded in the cyber attack data collected by various cyber defense instruments? To what extent, or at what levels of abstraction, can cyber attacks be predicted with a good/useful enough accuracy? What are the limits of prediction? How can we quantify the cyber defense (e.g., early warning) utilities of cyber attack data collected by cyber defense instruments? Adequately addressing these questions not only will deepen our understanding of cyber security, but also will offer insights for proactive cyber defense based on the prediction of incoming dynamic cyber threats. Our technical approach is centered on an innovative Grey-Box Statistical Framework. This framework is centered on investigating a new kind of mathematical objects, which we introduce and call Stochastic Cyber Attack Processes. These processes describe cyber threats at multiple resolutions, such as: network-level (e.g., considering all attacks against a network as a whole), computer-level (e.g., considering all attacks against a computer or IP address as a whole), port-level (e.g., the defender cares most about the attacks against certain ports or services). The grey-box statistical framework formulates a new methodology of Cybersecurity Data Analytics as follows: The analyst should extract the statistical properties exhibited by real-world data, and then use these properties to guide the design of prediction models. Our research showed that the grey-box framework is effective in predicting cybersecurity situational awareness.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 10, 2018
Accession Number
AD1051913

Entities

People

  • Maochao Xu
  • Shouhuai Xu

Organizations

  • University of Texas at San Antonio

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Case Studies
  • Computer Network Security
  • Computer Programs
  • Computer Science
  • Cyber Defense Techniques
  • Cyber Threats
  • Cyberattacks
  • Cybersecurity
  • Data Analysis
  • Data Sets
  • Detection
  • Intrusion Detection
  • Intrusion Detectors
  • Military Research
  • Network Science
  • Probability
  • Security

Fields of Study

  • Computer science

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Cybersecurity.
  • Systems Analysis and Design

Technology Areas

  • Cyber