Shanchieh (Jay) Yang
Rochester Institute of Technology
Cyberattacks on enterprise networks have moved into an era where both attackers and security analysts utilize complex strategies to confuse and mislead one another. Critical attacks often take multitudes of reconnaissance, exploitations, and obfuscation techniques to achieve the goal of cyber espionage and/or sabotage. The discovery and detection of new exploits, though needing continuous efforts, is no longer sufficient. Imagine a system that automatically extracts the ways the attackers use various techniques to penetrate a network and generates empirical models that can be used for in-depth analysis or even predict next attack actions. What if we can simulate synthetic attack scenarios based on characteristics of the network and adversary behaviors? Will publicly available information on the Internet be viable to forecast cyberattacks before they take place? This talk will discuss advances that enable anticipatory cyber defense and open research questions. Specifically, this talk will present a suite of research prototypes: ASSERT integrates Bayesian-based learning with clustering validity index to generate and refine attack models based on observed malicious activities; CASCADES employs contextual models to reflect how the attackers gradually accumulate his/her knowledge of the network with various preferences and behavior traits; CAPTURE overcomes limitations of imbalanced, insufficient, and insignificant data to forecast cyberattacks before they happen using unconventional signals in the public domain. These ongoing research will provide anticipatory capability for proactive cyber defense.