Towards thwarting cyber corporate espionage by predicting its victims

通过预测受害者来阻止网络企业间谍活动

• 批准号: 491607-2015
• 负责人: Mesbah, Ali
• 金额: $ 1.82万
• 依托单位: University of British Columbia
• 依托单位国家: 加拿大
• 项目类别: Engage Grants Program
• 财政年份: 2015
• 资助国家: 加拿大
• 起止时间: 2015-01-01 至 2016-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=586993
• 关键词: Towards; thwarting; cyber; corporate; espionage

When enterprise computers or individual devices of employees are compromised, they become stepping stones in larger infiltrations of organizational assets. The rise of the Internet and computer networks has expanded the range and detail of information available and the ease of access for the purpose of cyber, corporate espionage. Malware and spyware are used as tools for corporate espionage for transmitting digital copies of trade secrets, customer information, business plans, and contacts. Current means of securing desktops, laptops, tablets, and smartphones of employees are not effective, so companies are increasingly keeping important information off the network. The costs of detecting compromised devices, performing forensics, recovering data, cleaning up, and securing them are high. The UK Government has recently estimated that cybercrime costs the country nearly £27 billion per year and, according to recent estimates, the global cost is $1 trillion every year. In this research, we plan to collaborate with TELUS in order to investigate techniques for early-detection of employee devices that would likely fall victims to cyber espionage and other security incidents. We will focus on machine learning and data mining algorithms to develop an early warning system, with the aim towards high accuracy and scalability, benefiting both TELUS and the larger research community. We will investigate machine learning techniques for developing a classifier that will use traces and logs of various observable actions performed by individual devices for identifying likely victims of security attacks, including phishing, Trojan horses, drive-by-downloads, etc. We will follow the understand-prototype-diagnose methodology.

当企业计算机或员工的个人设备受到威胁时，它们就会成为垫脚石。 更大规模的组织资产渗透互联网和计算机网络的兴起扩大了 可用信息的范围和细节，以及网络和企业间谍活动的访问便利性。 恶意软件和间谍软件被用作企业间谍活动的工具，用于传输商业机密的数字副本， 客户信息、业务计划和联系人。保护台式机、笔记本电脑、平板电脑和 员工的智能手机无法发挥作用，因此公司越来越多地将重要信息隐藏起来， 网络。检测受损设备、执行取证、恢复数据、清理， 并确保他们的安全。英国政府最近估计，网络犯罪使该国付出了代价。 每年近270亿英镑，根据最近的估计，全球每年的成本为1万亿美元。 在这项研究中，我们计划与TELUS合作，以研究早期检测的技术， 员工设备可能成为网络间谍活动和其他安全事件的受害者。我们将重点 关于机器学习和数据挖掘算法，以开发一个预警系统，目标是高 准确性和可扩展性，使TELUS和更大的研究社区受益。 我们将研究用于开发分类器的机器学习技术，该分类器将使用 由各个设备执行的用于识别安全攻击的可能受害者的各种可观察的动作， 包括网络钓鱼，特洛伊木马，驱动下载等，我们将按照了解原型诊断 方法论