Malicious software operations, often known as “malware,” pose a significant threat to modern society.
A study team led by the University of Texas at San Antonio (UTSA) is looking into techniques to effectively forecast terrorist attacks. Mechanical Engineering Professor Yusheng Feng and doctoral student Van Trieu-Do from the Margie and Bill Klesse College of Engineering and Integrated Design are working with Professor Shouhuai Xu from the Department of Computer Science at the University of Colorado at Colorado Springs to learn how to predict cyberattacks using mathematical tools and computer simulation.
According to ForgeRock’s 2019 research, 2.8 billion consumer data records were compromised in 2018, costing U.S. firms more than $654 billion, posing a huge industry danger.
“Most studies on cyberattacks focus on microscopic levels of abstractions, meaning how to defend against a particular attack. Cyber attackers can successfully break in by exploiting a single weakness in a computer system.”
Feng said.
The current ubiquitous security risks prompted UTSA researchers to create and deploy cyber defense tools and sensors to monitor attacks and collect data that can be utilized for a variety of purposes in creating defense mechanisms.
The existing damage necessitates research into understanding and characterizing cyberattacks from diverse perspectives and at varying levels of entry. As aggressors become more sophisticated, there are numerous aspects that contribute to anticipating the potential damage these attacks may inflict, “Feng stated.
The researchers investigated the particular characteristics of the attacks by using predictive situational awareness analysis to effectively identify the threats that target and potentially disrupt personal devices, servers, and networks.
“Most studies on cyberattacks focus on tiny levels of abstraction, which means how to protect against a specific attack”, Feng explained. “Cyber attackers can successfully break into a computer system by exploiting a single flaw.”
The study’s goal is to investigate the macroscopic levels of abstraction.
“Such macroscopic-level research is vital because it will provide insights into comprehensive methods to fight against cyberattacks,” he noted.
According to Feng, “It is extremely difficult to pinpoint the source of each assault; nevertheless, we have large amounts of data with time series for each IP address (location). In this study, we use “causality” to identify threats when there are inter-relationships between IP addresses with comparable patterns of temporal aspects.
The researchers used Granger causality (G-causality) to investigate the vulnerabilities of different threats from a regional perspective, studying the cause and effect to identify cyber vulnerabilities or how infiltrators target an entity, in this case, IP addresses.
G-causality is a statistical idea of causation based on prediction; to characterize causality, a well-defined mathematical notion must be established. Granger causality was employed by the research team to define the nature of the cyberattack signals, allowing them to be compared and studied holistically.
The team also intends to broaden the present body of data and do additional research on how various types of causality will affect users and how to provide adequate security capabilities to protect against sophisticated attacks.