To help train government and industry organizations on how to prevent cyberattacks, as part of a research project for the U.S. Army, scientists at The University of Texas at San Antonio, developed the first framework to score the agility of cyber attackers and defenders.
“The DOD and U.S. Army recognize that the cyber domain is as important a battlefront as ground, air and sea,” said Dr. Purush Iyer, division chief, network sciences at Army Research Office, an element of the Army Futures Command’s Army Research Laboratory. “Being able to predict what the adversaries will likely do provides opportunities to protect and to launch countermeasures. This work is a testament to successful collaboration between academia and government.”
The framework developed by the researchers will help government and industry organizations visualize how well they out-maneuver attacks. Their work is published in IEEE Transactions on Information Forensics and Security, a top journal for cybersecurity.
“Cyber agility isn’t just about patching a security hole, it’s about understanding what happens over time. Sometimes when you protect one vulnerability, you expose yourself to 10 others,” said Jose Mireles, who works for the DOD and co-developed this first-known framework as part of his UTSA master’s thesis. “In car crashes, we understand how to test for safety using the rules of physics. It is much harder to quantify cybersecurity because scientists have yet to figure out what are the ‘rules of cybersecurity.’ Having formal metrics and measurement to understand the attacks that occur will benefit a wide range of cyber professionals.”
To develop quantifiable metrics, Mireles collaborated with a fellow UTSA student Eric Ficke, researchers at Virginia Tech, and a researcher at CCDC ARL and the U.S. Air Force Research Laboratory.
The project under the supervision of UTSA Professor Shouhuai Xu, who serves as the director of the UTSA Laboratory for Cybersecurity Dynamics. Together, they used a honeypot—a computer system that lures real cyber-attacks—to attract and analyze malicious traffic according to time and effectiveness. As both attackers and defenders created new techniques, the researchers were able to better understand how a series of engagements transformed into a new adaptive and responsive agile pattern or what they called an evolution generation.
“The cyber agility framework is the first of its kind and allows cyber defenders to test out numerous and varied responses to an attack,” Xu said. “This is an outstanding piece of work as it will shape the investigation and practice of cyber agility for the many years to come.”
Mireles added, “A picture or graph in this case is really worth more than 1,000 words. Using our framework, security professionals will recognize if they’re getting beaten or doing a good job against an attacker.”