Advertisement

Using a Real-Time Cybersecurity Exercise Case Study to Understand Temporal Characteristics of Cyberattacks

  • Aunshul RegeEmail author
  • Zoran Obradovic
  • Nima Asadi
  • Edward Parker
  • Nicholas Masceri
  • Brian Singer
  • Rohan Pandit
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10354)

Abstract

Anticipatory cyber defense requires understanding of how cyber adversaries make decisions and adapt as cyberattacks unfold. This paper uses a dataset of qualitative observations conducted at a force on force (“paintball”) exercise held at the 2015 North American International Cyber Summit (NAICS). By creating time series representations of the observed data, a broad range of data mining tools can be utilized to discover valuable verifiable knowledge about adversarial behavior. Two types of such analysis discussed in this work include clustering, which aims to find out what stages show similar temporal patterns, and peak detection for adaptation analysis. Collectively, this mixed methods approach contributes to understanding how adversaries progress through cyberattacks and adapt to any disruptions they encounter.

Keywords

Adaptive human behaviour Dynamic decision making Temporal analysis Time series data Clustering Field research 

Notes

Acknowledgements

This material is supported by the National Science Foundation (NSF) CAREER Award No. 1446574 and partially by NSF CPS Award No. 1453040. The authors thank the Merit Network and the Michigan Cyber Range for allowing data collection at their 2015 NAICS event.

References

  1. 1.
    Cloppert, M.: Attacking the cyber kill chain. http://digital-forensics.sans.org/blog/2009/10/14/security-intelligence-attacking-the-kill-chain. Accessed 2 Feb 2014
  2. 2.
    Colbaugh, R., Glass, K.: Proactive Defense for Evolving Cyber Threats. Sandia National Laboratories [SAND2012-10177] (2012). https://fas.org/irp/eprint/proactive.pdf. Accessed 15 Feb 2017
  3. 3.
    Leclerc, B.: Crime scripts. In: Wortley, R., Townsley, M. (eds.) Environmental Criminology and Crime Analysis. Routledge (2016)Google Scholar
  4. 4.
    Rokach, L., Maimon, O.: Clustering methods. In: Maimon, O., Rokach, L. (eds.) Data Mining and Knowledge Discovery Handbook, pp. 321–352. Springer, New York (2005)Google Scholar
  5. 5.
    Schneider, R.: Survey of Peaks/Valleys identification in Time Series. University of Zurich, Department of Informatics, Switzerland (2011)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Aunshul Rege
    • 1
    Email author
  • Zoran Obradovic
    • 2
  • Nima Asadi
    • 2
  • Edward Parker
    • 1
  • Nicholas Masceri
    • 1
  • Brian Singer
    • 1
  • Rohan Pandit
    • 1
  1. 1.Department of Criminal JusticeTemple UniversityPhiladelphiaUSA
  2. 2.Computer and Information Sciences DepartmentTemple UniversityPhiladelphiaUSA

Personalised recommendations