CRII: SaTC: RUI: An Intelligent Data-Driven Framework to Achieve Proactive Cybersecurity
Cal Poly Pomona Foundation, Inc., Pomona CA
Investigators
Abstract
Information for cyber-attack deployment has been increasingly shared by hackers on the underground world of the darkweb. In those hidden and anonymous environments, cyber criminals discuss how to 1) identify software vulnerabilities, 2) create or purchase exploits, 3) choose a target and recruit collaborators, 4) obtain access to the infrastructure needed, and 5) plan and execute the attack. Although this behavior helps hackers to produce a huge amount of malware, it also provides valuable intelligence for defenders, as the information shared online can be leveraged as precursors to various types of cyber threats. By relying on proactive cyber-threat intelligence analysis, this project addresses the following key research question: can emerging cyber-threats be accurately and aforesaid predicted? With continuous retrieval and analysis of hacker communication, this research will shed light on the assets, capabilities, behaviors, and interests of malicious hackers that can be leveraged for establishing cyber threat prediction. To accomplish that, two finer-grained problems are being investigated. These investigations constitute the project’s novelties and are key factors for the design of better cyber-defense systems. First, the prediction of software vulnerability exploitation is conducted through classification techniques that correlate hackers' digital traces on hacker forums and marketplaces, and security advisories with real- world hacking attempts. The positive predictions (i.e., it will be exploited) are then ranked for patch prioritization, overcoming two current shortcomings not addressed by machine learning work in this domain: 1) the lack of differentiation of the predicted exploitation and 2) the lack of time interval for predictions. Second, the anticipation of malicious information cascades that might propagate to viral proportions is also performed. Here, classification techniques leveraging social network analysis are used to extract hacker topological information and to estimate social influence, predicting which techniques, strategies, or exploits included in hacking forums might be widely adopted in the near future. Both project efforts will lead to new techniques to predict cyber threats that are time sensitive, giving defenders a better chance in the fight against attackers. The project deliverables, data and models, will be disseminated through the security community. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →