Hybrid Modeling of Cyber Adversary Behavior

Sliva, A., Guarino, S., Weyhrauch, P., Galvin, P., Mitchell, D., Campolongo, J., and Taylor, T.

Presented at the International Conference on Social Computing, Behavioral Modeling, and Prediction, Washington, DC (July 2017).

Cyber adversaries continue to become more proficient and sophisticated, increasing the vulnerability of the network systems that pervade all aspects of our lives. While there are many approaches to modeling network behavior and identifying anomalous and potentially malicious traffic, most of these approaches detect attacks once they have already occurred, enabling reaction only after the damage has been done. In traditional security studies, mitigating attacks has been a focus of many research and planning efforts, leading to a rich field of adversarial modeling to represent and predict what an adversary might do. In this paper, we present an analogous approach to modeling cyber adversaries to gain a deeper understanding of the behavioral dynamics underlying cyberattacks and enable predictive analytics and proactive defensive planning. We present a hybrid modeling approach that combines aspects of cognitive modeling, decision-theory, and reactive planning to capture different facets of adversary decision making and behavior.

For More Information

To learn more or request a copy of a paper (if available), contact Amy Sliva.

(Please include your name, address, organization, and the paper reference. Requests without this information will not be honored.)