EAGER: Collaborative: A Criminology-Based Simulation of Dynamic Adversarial Behavior in Cyberattacks

EAGER：协作：基于犯罪学的网络攻击中动态对抗行为模拟

• 批准号: 1742747
• 负责人: Aunshul Rege
• 金额: $ 15.04万
• 依托单位: Temple University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-09-01 至 2021-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1742747&HistoricalAwards=false
• 关键词: EAGER; Collaborative; Criminology; Based; Simulation

In 2016, the cyberthreat landscape showcased advanced attack techniques, escalated attack frequency, and high levels of adversarial sophistication. Conventional cyberattack management is response-driven, with organizations focusing their efforts on detecting threats, rather than anticipating adversarial actions. This reactive approach has limited efficacy, as it does not capture advanced and sophisticated adversaries, mutating or unknown malware, living-off-the-land techniques or new variants being deployed. There is thus an immediate need for a paradigm shift in the area of cybersecurity. Security experts are calling for anticipatory or proactive defense measures that focus on adversarial behavior and movement. This research aims to develop a criminological theory that captures the dynamics of cybercrime and a corresponding simulator to generate attack scenarios that adapts to ever changing and diverse cyber vulnerabilities, defense, and adversary tactics. This research has two connected objectives: (1) Develop (and evaluate) an integrated Dynamic Routine Activities Theory (DRAT), which examines the continually changing interaction between offender, target, and guardian (OTG) along cyberattack trajectories aided by Monte-Carlo simulation; and (2) Understand how variations in OTG impact dynamic adversarial attack trajectories. Specifically, how can these variations and amounts of variations be measured, modeled and simulated, and what might these variations imply for DRAT -- Understanding adversarial attack trajectories, and how these can be disrupted to impact adversaries, will be instrumental in comprehending anticipatory cyber defense and ultimately contribute to the paradigm shift towards proactive cybersecurity. This exploratory, multidisciplinary research marries the two disciplines of criminology and computer engineering to push the research frontier on proactive cybersecurity. This groundbreaking intersection will generate new criminological theoretical knowledge, mixed-method innovations, and theoretically-informed simulation that prepare defenders with preemptive and comprehensive knowledge and tools in facing adaptive and sophisticated adversaries.

2016年，网络威胁形势显示出先进的攻击技术、不断升级的攻击频率和高水平的对抗性复杂性。传统的网络攻击管理是响应驱动的，组织将精力集中在检测威胁上，而不是预测敌对行动。这种反应式方法的有效性有限，因为它无法捕获先进和复杂的对手，变异或未知的恶意软件，生活在陆地上的技术或正在部署的新变种。因此，迫切需要在网络安全领域进行范式转变。安全专家呼吁采取前瞻性或主动性的防御措施，重点是对抗性的行为和运动。这项研究旨在开发一种犯罪学理论，捕捉网络犯罪的动态和相应的模拟器，以生成适应不断变化和多样化的网络漏洞，防御和对手战术的攻击场景。本研究有两个相关的目标：（1）开发（和评估）一个综合的动态常规活动理论（DRAT），该理论通过蒙特-卡罗模拟来研究罪犯，目标和监护人（OTG）之间沿着网络攻击轨迹不断变化的相互作用;（2）了解OTG的变化如何影响动态对抗性攻击轨迹。具体来说，如何测量，建模和模拟这些变化和变化量，以及这些变化对DRAT意味着什么-了解对抗性攻击轨迹，以及如何破坏这些轨迹以影响对手，将有助于理解预期的网络防御，并最终有助于向主动网络安全的范式转变。 这种探索性的多学科研究结合了犯罪学和计算机工程两个学科，推动了主动网络安全的研究前沿。这种突破性的交叉将产生新的犯罪学理论知识，混合方法创新和理论上知情的模拟，使防御者在面对适应性和复杂的对手时具有先发制人的全面知识和工具。

项目成果

Dissecting Cyberadversarial Intrusion Stages via Interdisciplinary Observations

通过跨学科观察剖析网络对抗入侵阶段

• DOI: 10.1145/3375708.3380317
• 发表时间: 2020
• 期刊: Proceedings from the 6th ACM International Workshop on Security and Privacy Analytics 2020
• 作者: Rege, A.

Understanding cybercriminals through analysis of penetration testing group dynamics

通过渗透测试群体动态分析了解网络犯罪分子

• DOI: 10.1109/cybersa52016.2021.9478252
• 发表时间: 2021
• 期刊: IEEE Cyber Science Conference
• 作者: Bleiman, R.

An Examination of Industry Standards of Success within Penetration Testing Groups

渗透测试组内成功的行业标准检验

• 发表时间: 2021
• 期刊: IEEE Integrated STEM Education Conference
• 作者: Ducoste, M.

Pattern discovery in intrusion chains and adversarial movement

入侵链和对抗运动中的模式发现

• 发表时间: 2019
• 期刊: data analytics and assessment
• 作者: Asadi, N.