CAREER: Applying a Criminological Framework to Understand Adaptive Adversarial Decision-Making Processes in Critical Infrastructure Cyberattacks

职业：应用犯罪学框架来理解关键基础设施网络攻击中的自适应对抗决策过程

• 批准号: 1453040
• 负责人: Aunshul Rege
• 金额: $ 45万
• 依托单位: Temple University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-09-01 至 2021-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1453040&HistoricalAwards=false
• 关键词: CAREER; Applying; Criminological; Framework; Understand

Infrastructure systems (such as power, water and banking) have experienced a surge in cyberattacks over the past decade. These attacks are becoming more sophisticated and resilient, suggesting that the perpetrators are intelligent, determined and dynamic. Unfortunately, current cyberdefense measures are reactive and frequently ineffective. Defenders need to move to a proactive approach, which will require an understanding of the human characteristics and behaviors of the people behind these cyberattacks. At present, this absence of the human element in existing cyberattack analysis is a fundamental weakness in our infrastructure protection. This project will integrate observations from live cybersecurity exercises, interviews with infrastructure protection experts, and logs from real-time cyberattacks to understand adaptive adversarial processes. This research will offer a new understanding to the protection of digital infrastructure by bringing together a diverse set of multidisciplinary academics and national and international infrastructure cybersecurity experts.This project will investigate the adaptive and evolving adversarial decision-making (ADM) process in critical infrastructure cyberattacks. Specifically, this project will apply a criminological perspective to achieve five research objectives: (1) Investigate adversary-defender interaction and identify adversarial attack paths, (2) Understand adversarial adaptability when attack paths are disrupted, (3) Investigate the importance and characteristics of the various stages in attack paths, (4) Identify which factors impact ADM at each stage of the attack path, and (5) Improve the transparency, consistency and validation of adversarial attack paths. The Rational Choice Perspective criminological theoretical framework will be exploited to comprehend how adversaries make decisions on target selection, exploit criminal environments, plan, design, and execute attacks, and manage preventative and reactive measures. Three methods will be triangulated to examine ADM: (i) interviews with infrastructure cybersecurity experts to identify attack paths and factors impacting ADM, (ii) observations of attacker-defender (red team-blue team) cybersecurity exercises to examine real-time and adaptive decision-making processes, and (iii) logs from real-time cyberattacks. Each of these datasets will yield unique perspectives on ADM processes and will be combined to better capture the human element in cyberattacks.

基础设施系统（如电力、水和银行）在过去十年中经历了网络攻击的激增。这些攻击正变得越来越复杂和有弹性，这表明肇事者是聪明、坚定和有活力的。不幸的是，目前的网络防御措施是被动的，而且经常无效。防御者需要采取积极主动的方法，这将需要了解这些网络攻击背后的人的人类特征和行为。目前，在现有的网络攻击分析中缺乏人为因素是我们基础设施保护的一个根本弱点。该项目将整合来自实时网络安全演习的观察结果，与基础设施保护专家的访谈，以及实时网络攻击的日志，以了解适应性对抗过程。该研究将汇集多学科学者和国家和国际基础设施网络安全专家，为数字基础设施的保护提供新的理解。该项目将研究关键基础设施网络攻击中的适应性和不断发展的对抗性决策（ADM）过程。具体而言，该项目将应用犯罪学视角实现五个研究目标：（1）调查对抗者-防御者的相互作用并识别对抗性攻击路径，（2）理解攻击路径中断时的对抗性适应性，（3）调查攻击路径中各个阶段的重要性和特征，（4）识别哪些因素影响攻击路径每个阶段的ADM，（5）提高对抗性攻击路径的透明性、一致性和有效性。理性选择视角的犯罪学理论框架将被用来理解对手如何做出目标选择的决定，利用犯罪环境，计划，设计和执行攻击，以及管理预防和反应措施。三种方法将被三角化以检查ADM：（i）与基础设施网络安全专家的访谈，以确定攻击路径和影响ADM的因素，（ii）观察攻击者-防御者（红队-蓝队）网络安全演习，以检查实时和自适应决策过程，以及（iii）实时网络攻击的日志。这些数据集中的每一个都将产生关于ADM流程的独特视角，并将被结合起来，以更好地捕捉网络攻击中的人为因素。