Identifying and Modelling Victim, Business, Regulatory and Malware Behaviours in a Changing Cyberthreat Landscape

在不断变化的网络威胁环境中识别和建模受害者、业务、监管和恶意软件行为

• 批准号: EP/K03345X/1
• 负责人: Omer Rana
• 金额: $ 131.17万
• 依托单位: CARDIFF UNIVERSITY
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2013
• 资助国家: 英国
• 起止时间: 2013 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FK03345X%2F1
• 关键词: Identifying; Modelling; Victim; Business; Regulatory

HM Cabinet Office and Detica reported in 2011 that the annual cost to the UK economy from cybercrime was £27 billion. Regardless of the accuracy of this estimate the British Crime Survey and Eurostat ICT survey evidence that cybercrime is now the typical volume property crime in the UK, impacting more of the public than traditional acquisitive crimes such as burglary and car theft. Because of its global nature similar estimates of the prevalence and losses of cybercrime are found in most other countries. However, whilst most politicians, police, and business leaders agree that cybercrimes are one of the greatest crime challenges of modern times, few seem to fully understand what causes them and how to best predict their occurrence and limit their impact upon the UK economy and society.This project aims to address these uncertainties using methods and concepts from a range of disciplines including criminology, psychology, economics, mathematics and computer science. The key objectives of the project are to identify, understand and predict:1. The behaviour of malware and human cyber perpetrators within and outside of Cloud environments; 2. Business risk assessment practices, threat awareness levels, and adaptive behaviours as related to cybercrime;3. The response of criminal justice agencies to cybercrime and business trust in the regulatory system;4. Business and criminal justice cyber security practices (e.g. information sharing) in relation to issues of privacy, accountability and civil liberties.The project will develop a computational tool that will assist in the prediction of business related cyber attacks. For the first time both technical (e.g. malware behaviour, network vulnerabilities etc.) and human/organisational (level of cooperation, perception of risk, threat assessment, costs, criminal justice response etc.) measures will be combined in this predictive process. It is envisaged that this tool will assist both policy makers and practitioners in the field of cyber security and crime. It will identify which businesses (by sector, size, level of cooperation etc.) are most vulnerable to attack allowing policy, codes of practice and advice to be tailored and targeted. The tool also has the potential to provide digital and human/organisational forms of evidence and other information relevant to investigation and prosecution proceedings. In order to disseminate the tool and results from the research we will incorporate an action research element where we will develop a forum (two workshops in years 2&3) where initial or draft (but verified) findings are released in stages, through briefing papers to businesses of varying sectors and sizes (particularly SMEs). We will also disseminate results via peer-reviewed journal articles and conferences. Throughout the project via the advisory group we will link into other key commercial initiatives (e.g. Saturn project at BT Labs) and statutory and third sector organisations such as ENISA, the Honeynet Project, Home Office; Cabinet Office Identity Assurance Programme; Office for National Statistics; National Fraud Authority; Serious Fraud Office; Trading Standards; Serious Organised Crime Agency/National Crime Agency; Association of Chief Police Officers; Met Police Central eCrime Unit; NPIA/Police College; EADS; Get Safe Online, Liberty and Wise Kids.

英国内阁办公室和Detica在2011年报告称，网络犯罪每年给英国经济造成的损失为270亿英镑。无论这一估计的准确性如何，英国犯罪调查和欧盟统计局信息和通信技术调查都证明，网络犯罪现在是英国典型的大宗财产犯罪，比入室盗窃和汽车盗窃等传统的掠夺性犯罪对公众的影响更大。由于网络犯罪的全球性，大多数其他国家也对网络犯罪的发生率和损失作出了类似的估计。然而，虽然大多数政治家，警察和商界领袖都认为网络犯罪是现代最大的犯罪挑战之一，但似乎很少有人完全了解造成这些犯罪的原因以及如何最好地预测其发生并限制其对英国经济和社会的影响。该项目旨在使用犯罪学，心理学，经济学，数学和计算机科学。该项目的主要目标是识别，理解和预测：1。恶意软件和人类网络犯罪者在云环境内外的行为; 2.与网络犯罪有关的业务风险评估做法、威胁意识水平和适应行为;3.刑事司法机构对网络犯罪的反应和企业对监管系统的信任;4.与隐私、问责制和公民自由问题相关的商业和刑事司法网络安全实践（例如信息共享）。该项目将开发一种计算工具，帮助预测与商业相关的网络攻击。这是第一次既有技术（例如恶意软件行为，网络漏洞等）和人/组织（合作水平、风险感知、威胁评估、成本、刑事司法反应等）在这一预测过程中将结合各种措施。据设想，这一工具将有助于网络安全和犯罪领域的决策者和从业人员。它将确定哪些企业（按部门、规模、合作水平等）最容易受到攻击，因此可以定制和针对性地制定政策、行为守则和建议。该工具还有潜力提供数字和人/组织形式的证据以及与调查和起诉程序有关的其他信息。为了传播工具和研究结果，我们将纳入一个行动研究元素，我们将开发一个论坛（第2年和第3年的两个研讨会），通过向不同部门和规模的企业（特别是中小企业）提供简报文件，分阶段发布初步或草案（但经过验证）调查结果。我们还将通过同行评审的期刊文章和会议传播结果。在整个项目中，我们将通过咨询小组与其他关键的商业举措联系起来。（例如BT实验室的Saturn项目）以及法定和第三部门组织，如ENISA、Honeynet项目、内政部、内阁办公室身份保证计划、国家统计局、国家欺诈管理局、严重欺诈办公室、贸易标准、严重有组织犯罪机构/国家犯罪机构;首席警官协会;大都会警察中央电子犯罪股; NPIA/警察学院;埃兹;上网安全，自由和聪明的孩子。

项目成果

Identifying cyber risk hotspots: A framework for measuring temporal variance in computer network risk

• DOI: 10.1016/j.cose.2015.11.003
• 发表时间: 2016-03
• 期刊: Comput. Secur.
• 作者: M. S. Awan;P. Burnap;O. Rana

Behavioral-based feature abstraction from network traffic

• 发表时间: 2015-03
• 作者: Gaseb Alotibi;Fudong Li;N. Clarke;S. Furnell

Continuous and transparent multimodal authentication: reviewing the state of the art

• DOI: 10.1007/s10586-015-0510-4
• 发表时间: 2016-03-01
• 期刊: CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS
• 影响因子: 4.4
• 作者: Al Abdulwahid, Abdulwahid;Clarke, Nathan;Reich, Christoph
• 通讯作者: Reich, Christoph

User profiling from network traffic via novel application-level interactions

通过新颖的应用程序级交互从网络流量中进行用户分析

• DOI: 10.1109/icitst.2016.7856712
• 发表时间: 2016
• 作者: Alotibi G

Leveraging Biometrics for Insider Misuse Identification

利用生物识别技术进行内部滥用识别

• DOI: 10.22619/ijcsa.2016.100107
• 发表时间: 2016
• 期刊: International Journal on Cyber Situational Awareness
• 作者: Alruban A