Towards Human-Centric Predictive Analytics of Cyber-Threats: A Temporal Dynamics Approach

ABSTRACT

Determining the identity, group composition, whereabouts, methods, targets, and motives of an adversarial cyber group can lead to its effective containment by conventional means, thus eliminating its harmful cyber activities. Despite the plethora of attribution techniques, discovering information-rich electronic fingerprints of cyber-crimes is inherently a challenging problem due to the complex Internet architecture, the disparate administrative and governance systems regulating Internet policies, and the security gaps in legacy protocols (e.g., the IP protocol). We propose a synergistic approach to developing an adversarial group typology, whereby cyber data forensics is integrated with human-centric social network analysis tools under a common framework. The human-centric approach models adversarial groups not in isolation, but in ecology of relations to other entities (which might include hacker groups, nation states, criminal syndicates, individuals with expertise, etc.) across a variety of relationship types (sharing of skills, purchasing of components, trading skills for protection, and so on). One specific goal is detecting missing links between the cyber and social networks. To look for invisible and missing links between adversarial networks of individuals, we complement our cyber signature models. By using a hierarchical approach, our methods will apply to general-purpose, multi-scale networks as well as smaller social networks. By studying the temporal dynamics, hidden links can be detected across multiple time scales as well. Finally, to codify and check for evidence that an adversarial group’s motives match the actual activity, we will bring together the social science and cyber-security through formal methods such as Markov models.