For over a year, GozNym, a gang of five Russian cyber criminals, stole login credentials and emptied bank accounts from unaware Americans.
In an effort to detect and quickly respond to escalating cyber-attacks like these, researchers at the University of Texas at San Antonio (UTSA) developed a framework to score the agility of cyber attackers and defenders.
“Cyber agility isn’t just about patching a security hole, it’s about understanding what happens over time. Sometimes when you protect one vulnerability, you expose yourself to 10 others,” said computer science alumnus Jose Mireles ’17, who now works for the Department of Defense (DoD) and co-developed the framework as part of his UTSA master’s thesis. “In car crashes, we understand how to test for safety using the rules of physics. It is much harder to quantify cybersecurity because scientists have yet to figure out what are the rules of cybersecurity. Having formal metrics and measurement to understand the attacks that occur will benefit a wide range of cyber professionals.”
To develop a quantifiable framework, Mireles collaborated with fellow UTSA student Eric Ficke, researchers at Virginia Tech, U.S. Air Force Research Laboratory, and the U.S. Army Combat Capabilities Development Command Army Research Laboratory (CCDC ARL). The project was conducted under the supervision of UTSA Professor Shouhuai Xu, who serves as the director of the UTSA Laboratory for Cybersecurity Dynamics.
Together, they used a honeypot — a computer system that lures real cyber-attacks — to attract and analyze malicious traffic according to time and effectiveness. As attackers and the defenders created new techniques, the researchers were able to better understand how a series of engagements transformed into an adaptive, responsive and agile pattern or what they called an evolution generation.
The framework proposed by the researchers will help government and industry organizations visualize how well they out-maneuver attacks.
“The DoD and U.S. Army recognize that the Cyber domain is as important a battlefront as Ground, Air and Sea,” said Purush Iyer, Ph.D. division chief, network sciences at Army Research Office, an element of CCDC ARL. “Being able to predict what the adversaries will likely do provides opportunities to protect and to launch countermeasures.”
“A picture or graph in this case is really worth more than 1,000 words,” Mireles said. “Using our framework, security professionals will recognize if they’re getting beaten or doing a good job against an attacker.”
UTSA is home to an interdisciplinary cybersecurity program that spans three colleges: the College of Business, College of Engineering and College of Sciences. Research centers and outreach programs provide UTSA students and faculty with additional opportunities to explore the various facets of this high demand and ever-changing field.