EAGER: Collaborative: A Criminology-Based Simulation of Dynamic Adversarial Behavior in Cyberattacks

EAGER：协作：基于犯罪学的网络攻击中动态对抗行为模拟

基本信息

批准号：
1742789
负责人：
Shanchieh Yang
金额：
$ 14.96万
依托单位：
Rochester Institute of Tech
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2017
资助国家：
美国
起止时间：
2017-09-01 至 2020-08-31
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1742789&HistoricalAwards=false
关键词：
EAGER Collaborative Criminology Based Simulation

项目摘要

In 2016, the cyberthreat landscape showcased advanced attack techniques, escalated attack frequency, and high levels of adversarial sophistication. Conventional cyberattack management is response-driven, with organizations focusing their efforts on detecting threats, rather than anticipating adversarial actions. This reactive approach has limited efficacy, as it does not capture advanced and sophisticated adversaries, mutating or unknown malware, living-off-the-land techniques or new variants being deployed. There is thus an immediate need for a paradigm shift in the area of cybersecurity. Security experts are calling for anticipatory or proactive defense measures that focus on adversarial behavior and movement. This research aims to develop a criminological theory that captures the dynamics of cybercrime and a corresponding simulator to generate attack scenarios that adapts to ever changing and diverse cyber vulnerabilities, defense, and adversary tactics. This research has two connected objectives: (1) Develop (and evaluate) an integrated Dynamic Routine Activities Theory (DRAT), which examines the continually changing interaction between offender, target, and guardian (OTG) along cyberattack trajectories aided by Monte-Carlo simulation; and (2) Understand how variations in OTG impact dynamic adversarial attack trajectories. Specifically, how can these variations and amounts of variations be measured, modeled and simulated, and what might these variations imply for DRAT -- Understanding adversarial attack trajectories, and how these can be disrupted to impact adversaries, will be instrumental in comprehending anticipatory cyber defense and ultimately contribute to the paradigm shift towards proactive cybersecurity. This exploratory, multidisciplinary research marries the two disciplines of criminology and computer engineering to push the research frontier on proactive cybersecurity. This groundbreaking intersection will generate new criminological theoretical knowledge, mixed-method innovations, and theoretically-informed simulation that prepare defenders with preemptive and comprehensive knowledge and tools in facing adaptive and sophisticated adversaries.

在2016年，网络威胁景观展示了高级攻击技术，升级攻击频率和高水平的对抗性成熟。传统的网络攻击管理是由响应驱动的，组织将精力集中在检测威胁上，而不是预期对抗性行动。这种反应性方法具有有限的功效，因为它没有捕获高级和精致的对手，突变或未知的恶意软件，陆地技术或正在部署的新变体。因此，网络安全区域的范式转移迫切需要。安全专家呼吁采取预期的或主动的防御措施，专注于对抗行为和运动。这项研究旨在开发一种犯罪学理论，该理论捕捉了网络犯罪的动态和相应的模拟器，以产生攻击场景，以适应不断变化和多样化的网络脆弱性，防御和对手策略。这项研究具有两个相关的目标：（1）开发（并评估）综合动态常规活动理论（DRAT），该理论研究了沿网络攻击轨迹的犯罪者，目标和监护人（OTG）之间不断变化的相互作用，该轨迹得到了蒙特 - 卡洛模拟的帮助；（2）了解OTG的变化如何影响动态对抗攻击轨迹。具体而言，如何测量，建模和模拟这些变化的变化和数量，以及这些变化可能意味着DRAT的内容 - 了解对抗性攻击轨迹，以及如何破坏这些变化，如何破坏影响对手，这将在理解预期的网络防御方面具有重要作用，并最终促进了对范围的促进态度的转移，并倾向于主动地转移。这项探索性的多学科研究与犯罪学和计算机工程学的两个学科结合，以推动主动网络安全方面的研究前沿。这个开创性的十字路口将产生新的犯罪学理论知识，混合方法创新以及理论上知名的模拟，从而使捍卫者拥有先发制人，全面的知识和工具，以面对适应性和精致的对手。