TTP: Small: Network-Level Security Posture Assessment and Predictive Analytics: From Theory to Practice

TTP：小：网络级安全态势评估和预测分析：从理论到实践

• 批准号: 1616575
• 负责人: Mingyan Liu
• 金额: $ 50万
• 依托单位: Regents of the University of Michigan - Ann Arbor
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-08-15 至 2021-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1616575&HistoricalAwards=false
• 关键词: TTP; Small; Network; Level; Security

This project addresses the following two key questions in cyber security: (1) how is the security condition of a network assessed, and (2) to what extent can we predict data breaches or other cyber security incidents for an organization. The ability to answer both questions has far-reaching social and economic impact. Recent data breaches such as those at Target, JP Morgan, Home Depot, Office of Personnel Management (OPM), and Anthem Healthcare, to name just a few, highlight the increasing social and economic impact of such cyber security incidents. Often, by the time a breach is detected, it is too late and damage has already occurred. Consequently, being able to predict such incidents accurately can greatly enhance an organization's ability to put preventative and proactive measures in place. The answers to these questions also have implications on public policy design - not only for the security policies themselves, but also for related incentive mechanisms. Such mechanisms might be aimed at encouraging adoption of better security policies and cybersecurity frameworks, including cyber insurance, liability limitation, and rate recovery among others. Presidential Policy Directive (PPD) 21, on Critical Infrastructure Security and Resilience, encourages efforts to strengthen and maintain secure, functioning, and resilient critical infrastructure. Understanding the potential attack vector presented by an enterprise or organization is a crucial part of achieving this goal.This project follows a comprehensive agenda aimed at transitioning to practice technologies developed by the research team in the domain of quantitative assessment of the security posture at both a network and an organizational level. The use of such assessments enables more accurate forecasting of cyber security incidents. The technological innovation is a sound quantitative framework that combines a large collection of cybersecurity data, novel data processing methods, advanced machine learning techniques, and extensive cybersecurity domain expertise. The resulting framework produces accurate predictions of security incidents for a given organization, thereby providing tangible information and crucial input for decision makers such as an insurance underwriter, or an enterprise customer seeking to validate vendor specifications.

该项目解决了网络安全中的以下两个关键问题：(1)如何评估网络的安全状况，以及(2)我们可以在多大程度上预测组织的数据泄露或其他网络安全事件。回答这两个问题的能力具有深远的社会和经济影响。最近的数据泄露事件，如塔吉特(Target)、摩根大通(JP Morgan)、家得宝(Home Depot)、人事管理办公室(OPM)和国歌医疗(Anhim Healthcare)等，突显出此类网络安全事件的社会和经济影响越来越大。通常，当检测到漏洞时，为时已晚，损害已经发生。因此，能够准确地预测此类事件可以极大地提高组织实施预防性和前瞻性措施的能力。这些问题的答案也对公共政策设计有影响--不仅对安全政策本身，而且对相关的激励机制。这种机制可能旨在鼓励采用更好的安全政策和网络安全框架，包括网络保险、责任限制和费率追回等。关于关键基础设施安全和复原力的总统政策指令(PPD)21鼓励努力加强和维护安全、运行和有弹性的关键基础设施。了解企业或组织提供的潜在攻击媒介是实现这一目标的关键部分。该项目遵循一个全面的议程，旨在将研究团队在网络和组织级别的安全态势定量评估领域开发的技术过渡到实践。使用这种评估可以更准确地预测网络安全事件。技术创新是一个完善的量化框架，结合了大量的网络安全数据、新颖的数据处理方法、先进的机器学习技术和广泛的网络安全领域专业知识。由此产生的框架可为给定组织生成准确的安全事件预测，从而为决策者(如保险承保人或寻求验证供应商规格的企业客户)提供切实的信息和重要的输入。

项目成果

Will Catastrophic Cyber-Risk Aggregation Thrive in the IoT Age? A Cautionary Economics Tale for (Re-)Insurers and Likes

灾难性网络风险聚合会在物联网时代蓬勃发展吗？

• DOI: 10.1145/3446635
• 发表时间: 2021
• 期刊: ACM Transactions on Management Information Systems
• 影响因子: 2.5
• 作者: Pal, Ranjan;Huang, Ziyuan;Lototsky, Sergey;Yin, Xinlong;Liu, Mingyan;Crowcroft, Jon;Sastry, Nishanth;De, Swades;Nag, Bodhibrata
• 通讯作者: Nag, Bodhibrata

Preference-Based Privacy Markets

基于偏好的隐私市场

• DOI: 10.1109/access.2020.3014882
• 发表时间: 2020
• 期刊: IEEE Access
• 影响因子: 3.9
• 作者: Pal, Ranjan;Crowcroft, Jon;Wang, Yixuan;Li, Yong;De, Swades;Tarkoma, Sasu;Liu, Mingyan;Nag, Bodhibrata;Kumar, Abhishek;Hui, Pan
• 通讯作者: Hui, Pan

Aggregate Cyber-Risk Management in the IoT Age: Cautionary Statistics for (Re)Insurers and Likes

物联网时代的总体网络风险管理：（再）保险公司和类似机构的警示统计数据

• DOI: 10.1109/jiot.2020.3039254
• 发表时间: 2021
• 期刊: IEEE Internet of Things Journal
• 影响因子: 10.6
• 作者: Pal, Ranjan;Huang, Ziyuan;Yin, Xinlong;Lototsky, Sergey;De, Swades;Tarkoma, Sasu;Liu, Mingyan;Crowcroft, Jon;Sastry, Nishanth
• 通讯作者: Sastry, Nishanth

Designing Cyber Insurance Policies: The Role of Pre-Screening and Security Interdependence

• DOI: 10.1109/tifs.2018.2812205
• 发表时间: 2018-03
• 期刊: IEEE Transactions on Information Forensics and Security
• 影响因子: 6.8
• 作者: Mohammad Mahdi Khalili;Parinaz Naghizadeh;M. Liu

Incentivizing effort in interdependent security games using resource pooling

使用资源池激励相互依赖的安全游戏的努力

• DOI: 10.1145/3338506.3340272
• 发表时间: 2019
• 期刊: Systems and Computation
• 作者: Khalili, Mohammad Mahdi;Zhang, Xueru;Liu, Mingyan
• 通讯作者: Liu, Mingyan