Predicting Adversarial Behaviours and the Motivation for Automated Network Defense

Project Start Date: 

July 2019

Project Status: 

On-going

Project Objectives and Scope

The project aims to design a framework modelling the motivations, cognitive antecedents and dynamic decision-making processes of adversaries in the lead-up to, as well as during, a cyber-attack. The team will also research novel algorithms for graph embedding with application to anomaly and attack detection. They will design and develop an SDN-programmable networking testbed to validate their findings, including algorithms for predicting adversarial behaviors and automating network defense and intrusion detection.

Challenges

The challenges we foresee are as follows,

1. Lack of representative and comprehensive data about possible attack strategies given that attackers can be quite unique and creative
2. Difficulty of modelling human beings using any hard-and-fast engineering principles, due to issues such as limited rationality, emotions, etc
3. Need for agile and robust programmability of network defense to dynamic evidence and unforeseen situations

Methodology/Approach

In this project, we will first begin by setting up an enterprise environment with enough computing nodes to test the functions of the SDN controller. We also plan to include nodes with known vulnerabilities in them so that an attacker can exploit them for us to capture the network traffic for analysis. Concurrently, we will develop a comprehensive taxonomy of motivations underpinning criminal behaviour in cybercrime that facilitates real-time classification by integrating insights and methods from social and behavioral sciences.. Finally, we will research on novel algorithms for graph embedding with application to anomaly detection for identification of cyber-attacks.