Malware in the Future? Forecasting of Analyst Detection of Cyber Events

There have been extensive efforts in government, academia, and industry to anticipate, forecast, and mitigate cyber attacks. A common approach is time-series forecasting of cyber attacks based on data from network telescopes, honeypots, and automated intrusion detection/prevention systems. This research has uncovered key insights such as systematicity in cyber attacks. Here, we propose an alternate perspective of this problem by performing forecasting of attacks that are analyst-detected and -verified occurrences of malware. We call these instances of malware cyber event data. Specifically, our dataset was analyst-detected incidents from a large operational Computer Security Service Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on automated systems. Our data set consists of weekly counts of cyber events over approximately seven years. Since all cyber events were validated by analysts, our dataset is unlikely to have false positives which are often endemic in other sources of data. Further, the higher-quality data could be used for a number for resource allocation, estimation of security resources, and the development of effective risk-management strategies. We used a Bayesian State Space Model for forecasting and found that events one week ahead could be predicted. To quantify bursts, we used a Markov model. Our findings of systematicity in analyst-detected cyber attacks are consistent with previous work using other sources. The advanced information provided by a forecast may help with threat awareness by providing a probable value and range for future cyber events one week ahead. Other potential applications for cyber event forecasting include proactive allocation of resources and capabilities for cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs. Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa

Visions, Participation and Engagement in New Community Information Infrastructures

Through the past seven years, our research group has engaged in a participatory action research collaboration with a variety of community partners to explore understandings, possibilities, and commitments for a new community networking infrastructure in State College, Pennsylvania. This paper describes a case study of multifaceted information technology infrastructures, and of collaborating with the plethora of actors and institutions that are stakeholders in such infrastructures. Information technology projects increasingly depend upon the commitment and energies of a great diversity of stakeholders. Understanding better how such broad projects move forward is critical to society.(I do not speak Spanish well enough to translate the abstract. I will be able to have a colleague make high-quality Spanish translation, if the paper is published in JCI)

Cyber Teaming and Role Specialization in a Cyber Security Defense Competition

A critical requirement for developing a cyber capable workforce is to understand how to challenge, assess, and rapidly develop human cyber skill-sets in realistic cyber operational environments. Fortunately, cyber team competitions make use of simulated operational environments with scoring criteria of task performance that objectively define overall team effectiveness, thus providing the means and context for observation and analysis of cyber teaming. Such competitions allow researchers to address the key determinants that make a cyber defense team more or less effective in responding to and mitigating cyber attacks. For this purpose, we analyzed data collected at the 12th annual Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC, http://www.maccdc.org), where eight teams were evaluated along four independent scoring dimensions: maintaining services, incident response, scenario injects, and thwarting adversarial activities. Data collected from the 13-point OAT (Observational Assessment of Teamwork) instrument by embedded observers and a cyber teamwork survey completed by all participants were used to assess teamwork and leadership behaviors and team composition and work processes, respectively. The scores from the competition were used as an outcome measure in our analysis to extract key features of team process, structure, leadership, and skill-sets in relation to effective cyber defense. We used Bayesian regression to relate scored performance during the competition to team skill composition, team experience level, and an observational construct of team collaboration. Our results indicate that effective collaboration, experience, and functional role-specialization within the teams are important factors that determine the success of these teams in the competition and are important observational predictors of the timely detection and effective mitigation of ongoing cyber attacks. These results support theories of team maturation and the development of functional team cognition applied to mastering cybersecurity

Seasonal Evolution of the Subglacial Hydrologic System Modified by Supraglacial Lake Drainage in Western Greenland

The impact of summer surface melt on the dynamics of the Greenland Ice Sheet is modulated by the state of the subglacial hydrologic system. Studies of ice motion indicate that efficiency of the subglacial system increases over the melt season, decreasing the sensitivity of ice motion to surface melt. However, these inferences are based on limited indirect observations of the subglacial hydrologic system that leave many factors poorly constrained, particularly the presence and stability of subglacial channels. Here we use observations from 11 GPS stations, from which we derive ice velocity, longitudinal strain rates, and basal uplift, alongside observations of surface ablation and supraglacial lake drainage events, to explore the coevolution of ice motion and the subglacial hydrologic system in the Pakitsoq region of western Greenland during the 2011 melt season. We observe ice acceleration after the onset of local surface melting, followed by gradual ice deceleration, consistent with the pattern expected from increased subglacial drainage efficiency. Supraglacial lake drainages appear to precipitate ice deceleration and increased basal traction, suggesting that lake drainages effectively reorganize the local subglacial hydrologic system into a more efficient state that persists through the remainder of the melt season. At high elevations, ice velocity and inferred basal uplift suggest that continued cavity growth or sediment behavior, not subglacial channelization, drive the apparent increase in subglacial efficiency. Our results further indicate that these transient perturbations are critical in the seasonal evolution of ice motion

Participation shifts explain degree distributions in a human communications network.

Human interpersonal communications drive political, technological, and economic systems, placing importance on network link prediction as a fundamental problem of the sciences. These systems are often described at the network-level by degree counts -the number of communication links associated with individuals in the network-that often follow approximate Pareto distributions, a divergence from Poisson-distributed counts associated with random chance. A defining challenge is to understand the inter-personal dynamics that give rise to such heavy-tailed degree distributions at the network-level; primarily, these distributions are explained by preferential attachment, which, under certain conditions, can create power law distributions; preferential attachment's prediction of these distributions breaks down, however, in conditions with no network growth. Analysis of an organization's email network suggests that these degree distributions may be caused by the existence of individual participation-shift dynamics that are necessary for coherent communication between humans. We find that the email network's degree distribution is best explained by turn-taking and turn-continuing norms present in most social network communication. We thus describe a mechanism to explain a long-tailed degree distribution in conditions with no network growth

Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users

Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting

A ten-year record of supraglacial lake evolution and rapid drainage in West Greenland using an automated processing algorithm for multispectral imagery

The rapid drainage of supraglacial lakes introduces large pulses of meltwater to the subglacial environment and creates moulins, surface-to-bed conduits for future melt. Introduction of water to the subglacial system has been shown to affect ice flow, and modeling suggests that variability in water supply and delivery to the subsurface play an important role in the development of the subglacial hydrologic system and its ability to enhance or mitigate ice flow. We developed a fully automated method for tracking meltwater and rapid drainages in large (> 0.125 km2) perennial lakes and applied it to a 10 yr time series of ETM+ and MODIS imagery of an outlet glacier flow band in West Greenland. Results indicate interannual variability in maximum coverage and spatial evolution of total lake area. We identify 238 rapid drainage events, occurring most often at low (< 900 m) and middle (900–1200 m) elevations during periods of net filling or peak lake coverage. We observe a general progression of both lake filling and draining from lower to higher elevations but note that the timing of filling onset, peak coverage, and dissipation are also variable. Lake coverage is sensitive to air temperature, and warm years exhibit greater variability in both coverage evolution and rapid drainage. Mid-elevation drainages in 2011 coincide with large surface velocity increases at nearby GPS sites, though the relationships between ice-shed-scale dynamics and meltwater input are still unclear.ISSN:1994-0416ISSN:1994-042