CAREER: Using Analytics on Security Data to Understand Negative Innovations

职业：使用安全数据分析来了解负面创新

• 批准号: 1350061
• 负责人: Samuel Ransbotham
• 金额: $ 40.12万
• 依托单位: Boston College
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-06-01 至 2021-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1350061&HistoricalAwards=false
• 关键词: CAREER; Using; Analytics; Security; Data

The world increasingly relies on computer systems and associated software, yet attackers continue to exploit vulnerabilities in this software to threaten security in new and sophisticated ways. This research views exploitations of software vulnerabilities as critical, but not unique, examples of innovations that society would like to discourage? many other examples (e.g., biological weapons, sports doping, terrorist devices, privacy intrusions) exist. Purely technical panaceas are unlikely; instead, given inherent residual risk, society needs to better understand how adversaries adopt technological innovation and the efficacy of measures to stem their diffusion. Using large-scale data analysis, this research builds on innovation diffusion theory to model how exploitations of security vulnerabilities spread through attacker populations. The study of the specific software security context (particularly regarding disclosure and transparency) can clarify the complex interaction between attack and countermeasure activity and help society benefit from technology while reducing concomitant negative consequences.The project integrates a cohesive set of empirical studies based on a massive dataset of intrusion alerts augmented by the National Vulnerability Database and manual data collection. It combines theory from economics, computer science, and sociology with advances in analytical tools to build predictive models. While researchers recognize that deeper understandings of attacks and countermeasures are critical, they remain difficult problems. However, recent advances in analytical techniques combined with the availability of large datasets present an emerging opportunity to model and understand attacker behavior. The project also promotes awareness of security through a range of activities (including instructional modules, workshops, and course offerings), using the theoretical insights from the research program to promote diffusion of measures that counter security threats. Regardless of how the threat landscape continues to evolve, rigorous methods for modeling attacker behavior and diffusing information will remain crucial.

世界越来越依赖于计算机系统和相关软件，然而攻击者继续利用这些软件中的漏洞，以新的和复杂的方式威胁安全。这项研究认为利用软件漏洞是关键的，但不是唯一的，社会想要阻止的创新例子。还有许多其他例子（例如，生物武器、体育兴奋剂、恐怖主义装置、侵犯隐私）。纯技术的灵丹妙药是不可能的；相反，考虑到固有的剩余风险，社会需要更好地了解对手如何采用技术创新以及阻止其扩散的措施的有效性。利用大规模数据分析，本研究建立在创新扩散理论的基础上，对安全漏洞的利用如何在攻击者群体中传播进行建模。研究特定的软件安全环境（特别是关于披露和透明度）可以澄清攻击和对抗活动之间复杂的相互作用，并帮助社会从技术中受益，同时减少伴随的负面后果。该项目整合了一套有凝聚力的实证研究，该研究基于由国家漏洞数据库和人工数据收集增强的大量入侵警报数据集。它将经济学、计算机科学和社会学的理论与先进的分析工具相结合，以建立预测模型。虽然研究人员认识到对攻击和对策的深入理解至关重要，但它们仍然是难题。然而，分析技术的最新进展与大型数据集的可用性相结合，为建模和理解攻击者的行为提供了新的机会。该项目还通过一系列活动（包括教学模块、研讨会和课程设置）提高安全意识，利用研究项目的理论见解促进应对安全威胁措施的传播。无论威胁形势如何发展，建模攻击者行为和传播信息的严格方法仍然至关重要。