EAGER: Collaborative: A Criminology-Based Simulation of Dynamic Adversarial Behavior in Cyberattacks

EAGER：协作：基于犯罪学的网络攻击中动态对抗行为模拟

• 批准号: 1742789
• 负责人: Shanchieh Yang
• 金额: $ 14.96万
• 依托单位: Rochester Institute of Tech
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-09-01 至 2020-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1742789&HistoricalAwards=false
• 关键词: EAGER; Collaborative; Criminology; Based; Simulation

In 2016, the cyberthreat landscape showcased advanced attack techniques, escalated attack frequency, and high levels of adversarial sophistication. Conventional cyberattack management is response-driven, with organizations focusing their efforts on detecting threats, rather than anticipating adversarial actions. This reactive approach has limited efficacy, as it does not capture advanced and sophisticated adversaries, mutating or unknown malware, living-off-the-land techniques or new variants being deployed. There is thus an immediate need for a paradigm shift in the area of cybersecurity. Security experts are calling for anticipatory or proactive defense measures that focus on adversarial behavior and movement. This research aims to develop a criminological theory that captures the dynamics of cybercrime and a corresponding simulator to generate attack scenarios that adapts to ever changing and diverse cyber vulnerabilities, defense, and adversary tactics. This research has two connected objectives: (1) Develop (and evaluate) an integrated Dynamic Routine Activities Theory (DRAT), which examines the continually changing interaction between offender, target, and guardian (OTG) along cyberattack trajectories aided by Monte-Carlo simulation; and (2) Understand how variations in OTG impact dynamic adversarial attack trajectories. Specifically, how can these variations and amounts of variations be measured, modeled and simulated, and what might these variations imply for DRAT -- Understanding adversarial attack trajectories, and how these can be disrupted to impact adversaries, will be instrumental in comprehending anticipatory cyber defense and ultimately contribute to the paradigm shift towards proactive cybersecurity. This exploratory, multidisciplinary research marries the two disciplines of criminology and computer engineering to push the research frontier on proactive cybersecurity. This groundbreaking intersection will generate new criminological theoretical knowledge, mixed-method innovations, and theoretically-informed simulation that prepare defenders with preemptive and comprehensive knowledge and tools in facing adaptive and sophisticated adversaries.

2016年，网络威胁领域展示了先进的攻击技术、不断升级的攻击频率和高水平的对抗复杂性。传统的网络攻击管理是响应驱动的，组织将精力集中在检测威胁上，而不是预测对抗行动。这种反应性方法的效果有限，因为它不能捕获高级和复杂的对手、变异或未知的恶意软件、离线技术或正在部署的新变体。因此，迫切需要在网络安全领域进行范式转变。安全专家呼吁采取预先或积极的防御措施，重点关注敌对行为和行动。本研究旨在发展一种犯罪学理论，捕捉网络犯罪的动态和相应的模拟器，以生成适应不断变化和多样化的网络漏洞、防御和对手战术的攻击场景。本研究有两个相互关联的目标：(1)发展（并评估）一个集成的动态常规活动理论（DRAT），该理论在蒙特卡洛模拟的帮助下，沿着网络攻击轨迹研究罪犯、目标和监护人（OTG）之间不断变化的相互作用；(2)了解OTG的变化如何影响动态对抗性攻击轨迹。具体来说，这些变化和变化的数量如何被测量、建模和模拟，以及这些变化对DRAT的影响——理解对抗性攻击轨迹，以及如何破坏这些轨迹以影响对手，将有助于理解预期的网络防御，并最终有助于向主动网络安全的范式转变。这项探索性的多学科研究结合了犯罪学和计算机工程两个学科，推动了主动网络安全的研究前沿。这个开创性的交叉点将产生新的犯罪学理论知识，混合方法创新和理论信息模拟，为防御者准备先发制人和全面的知识和工具，以面对适应性和复杂的对手。

项目成果

Synthetic Intrusion Alert Generation through Generative Adversarial Networks

通过生成对抗网络生成合成入侵警报

• DOI: 10.1109/milcom47813.2019.9020850
• 发表时间: 2019
• 期刊: Proceedings of IEEE MILCOM
• 作者: Sweet, C.;Moskal, S.;Yang, S. J.
• 通讯作者: Yang, S. J.

Dissecting Cyberadversarial Intrusion Stages via Interdisciplinary Observations

通过跨学科观察剖析网络对抗入侵阶段

• DOI: 10.1145/3375708.3380317
• 发表时间: 2020
• 期刊: Proceedings from the 6th ACM International Workshop on Security and Privacy Analytics 2020
• 作者: Rege, A.

SoK: Contemporary Issues and Challenges to Enable Cyber Situational Awareness for Network Security

SoK：实现网络安全网络态势感知的当代问题和挑战

• 发表时间: 2020
• 期刊: Reliability and Security (ARES
• 作者: Husák, M.;Jirsik, T.;Yang, S. J.
• 通讯作者: Yang, S. J.

Session-level Adversary Intent-Driven Cyberattack Simulator

会话级对手意图驱动的网络攻击模拟器

• 发表时间: 2020
• 期刊: Proceedings of IEEE/ACM DS-RT 2020
• 作者: Drasar, M.;Moskal, S.;Yang, S. J.;Zaťko, P.
• 通讯作者: Zaťko, P.

On the Variety and Veracity of Cyber Intrusion Alerts Synthesized by Generative Adversarial Networks

关于生成对抗网络合成的网络入侵警报的多样性和准确性

• DOI: 10.1145/3394503
• 发表时间: 2020
• 期刊: ACM Transactions on Management Information Systems
• 影响因子: 2.5
• 作者: Sweet, Christopher Ryan;Moskal, Stephen;Yang, Shanchieh
• 通讯作者: Yang, Shanchieh