COVERT ID: Cybersecurity Operations Vectors: Verifying External Resilience of Transgressors and their Identification through Cybersecurity Forensics

Abstract

Nearly all businesses and government agencies will be connected to the Internet of Things (IoT) in the near future with more than 43 billion devices connected by 2023. As military forces transition more valuable information and operations to the IoT, they will open more vulnerabilities into our organizations, driving even more opportunities for cyber-attacks. Reports from Pipeline Security indicated that more than 57% of the devices currently connected to the IoT have vulnerabilities that placed them at a high risk of cyberattack. The consequences of a cyber-attack on a business or military unit are not limited to the theft or leakage of financial, medical or personal information, but also carry other risks related to devastating risks concerning outcomes of current and future operations, livelihoods and safety of employeeÕs extended families, as well as the individualÕs health and safety. Future military operations are also now on the line, especially when the cyberattacks are formulated by nation-states or proxy transnational criminal organizations. It is imperative not only to have a line of defense, but to be able to identify the attackers, as well as Òthe networkÓ of proxies which hide the ultimate malicious instigator, and benefactors of the nefarious activity. Statement of Objectives: The proposed research will develop COVERT ID: A Forensic suite of software tools to Identify Cybersecurity attack Operations Vectors, while Verifying External Relationships of Transgressors and their Identifications. This new research effort will consists of four components, namely: 1) robust, resilient malware identification agents, 2) rapid forensic analysis of identifying features, 3) employment of artificial intelligence and machine learning components, and, 4) near-real-time identification, verification and mapping of vectors and clusters associated with the malicious operators. Methods to be Employed: The research will introduce novel techniques in machine learning for building deep packet inspection (DPI) capabilities by adopting Ensemble Learning, which is the use multiple learning algorithms to obtain better predictive performance in targeting high rates of precision identification of IoT attackers and their malware. Significance of Proposed Activity: This research project will create a digital forensic investigation layer, a cloud/IoT infrastructure layer, and a forensic evidence isolation layer. The new framework strengthens the capabilities of the cybersecurity investigation and provides a high level of certainty, while preserving the necessary elements of digital forensic investigations. The new tools will provide reliable digital penetration, attribution and profiling and provide a visualization of the criminal relationships or associations across the geographical mapping of all digital evidence. Finally, the system will perform operations in near real-time and be usable in todayÕs highly mobile battlefields, while reducing the number of steps required to maintain compliance with standard operating procedures (SOP) for evidence and reducing opportunities for operator error.

Document Details

Document Type

DoD Grant Award

Publication Date

Jun 25, 2021

Source ID

W911NF2110201

Entities

Tags