Cyberattack Grammars for Risk/Cost Analysis

Patten, T., Mitchell, D., and Call, C. ICCWS 2020 : 15th International Conference on Cyber Warfare and Security, Norfolk, VA (March 2020). In practice, mitigating cyber risk involves economic analysis—it is not realistic to eliminate all risk, so the goal is to find the most cost-effective mitigations for the most significant risks. This economic analysis, […]

Cognitive Task Analysis Methods in Envisioned Tactical Command Decision Making

News Article Icon

McGeorge, N., Kane, S., and Muller, C. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, Volume 63, Issue 1, Pages 262-266 (November 2019) The battlespace is a volatile and complex environment in which tactical commanders face cognitively challenging responsibilities, compounded with the increased complexity of emerging cyber warfare. It is critical that tactical commanders gain adequate situation […]

Understanding Cyberattack Behaviors with Sentiment Information on Social Media

Shu, K.2, Sliva, A.1, Sampson, J.2, and Liu, H.2 Presented at the 2018 International Conference on Social Computing, Behavioral-Cultural Modeling, & Prediction and Behavior Representation in Modeling and Simulation (SBP-BRiMS), Washington DC, USA (July 2018) In today’s increasingly connected world, cyberattacks have become a serious threat with detrimental effects on individuals, businesses,and broader society. Truly mitigating […]

Leveraging Systemic Functional Grammars for Script Analysis and Understanding Human Behavior

Sliva, A., Call, C., and Patten, T. Presented at the 45th International Systemic Functional Congress (ISFC 2018), Boston, MA (July 2018). In sociolinguistics, it is desirable to understand not only social-functional aspects of language, but also the broader social and behavioral landscape. In psychology, script theory posits that human behavior follows discernable patterns, or “scripts,” […]

Designing a Pragmatic Graphical Grammar

Eusebi, L., and Guarino, S. Presented at the 2017 IEEE Conference on Cognitive and Computational Aspects of Situation Management (CogSIMA), Savannah, GA (March 2017) Modern adversaries have become more proficient in conducting cyberattacks against our military’s command and control (C2) infrastructure. To maintain security against these threats, operators perform a range of high-fidelity security assessments of […]

Predicting Signatures of Future Malware Variants

Howard, M., Pfeffer, A., Dalal, M., and Reposa, M. The 12th International Conference on Malicious and Unwanted Software (MALWARE 2017) One of the challenges of malware defense is that the attacker has the advantage over the defender. In many cases, an attack is successful and causes damage before the defender can even begin to prepare […]

Probabilistic Modeling of Insider Threat Detection Systems

Ruttenberg, B.1, Blumstein, D.1, Druce, J.1, Howard, M.1, Reed, F.1, Wilfong, L.2, Lister, C.2, Gaskin, S.3, Foley, M.4, and Scofield, D.4 Presented at The Fourth International Workshop on Graphical Models for Security (GraMSec 2017), Santa Barbara, CA (August 2017) Due to the high consequences of poorly performing automated insider threat detection systems (ITDSs), it is advantageous […]

Hybrid Modeling of Cyber Adversary Behavior

Sliva, A., Guarino, S., Weyhrauch, P., Galvin, P., Mitchell, D., Campolongo, J., and Taylor, T. Presented at the International Conference on Social Computing, Behavioral Modeling, and Prediction, Washington, DC (July 2017). Cyber adversaries continue to become more proficient and sophisticated, increasing the vulnerability of the network systems that pervade all aspects of our lives. While there are […]

CAML: Machine Learning-based Predictable, System-Level Anomaly Detection

Song1, J., Fry2, G., Wu2, C., and Parmer1, G. 1st Workshop on Security and Dependability of Critical Embedded Real-Time Systems, in conjunction with IEEE Real-Time Systems Symposium, Porto, Portugal  (November 2016). Security challenges are increasing in distributed cyber-physical systems (CPSs), which integrate computation and physical processes. System security is complicated by both the temporal and safety […]

Hierarchical Management of Large-Scale Malware Data

Kellogg, L., Ruttenberg, B., O’Connor, A., Howard, M., and Pfeffer, A. Presented at the IEEE International Conference on Big Data 2014 (IEEE BigData 2014), Washington, DC (October 2014) As the pace of generation of new malware accelerates, clustering and classifying newly discovered malware requires new approaches to data management. We describe our Big Data approach to managing malware […]

Identifying Shared Software Components to Support Malware Forensics

Ruttenberg, B.1, Miles, C.2, Kellogg, L.2, Notani, V.2, Howard, M.1, Ledoux, C.2, Lakhotia, A.2, and Pfeffer, A.1 Presented at the 11th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Egham, England (July 2014)   Recent reports from the anti-malware industry indicate similarity between malware code resulting from code reuse can aid in developing a […]

FuncTracker: Discovering Shared Code to Aid Malware Forensics

LeDoux, C., Lakhotia, A., Miles, C., Notani, V., and Pfeffer, A. The 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), Washington, DC (August 2013) Malware code has forensic value, as evident from recent studies drawing relationships between creators of Duqu and Stuxnet through similarity of their code. We present FuncTracker, a system developed […]

Countering Malware Evolution Using Cloud-Based Learning

Ouellette, J., Pfeffer, A., and Lakhotia, A. Proceedings of Malware 2013: the 8th International Conference on Malicious and Unwanted Software, Fajardo, Puerto Rico, (October 2013) Recent years have seen an explosion in the number and sophistication of malware attacks. The sheer volume of novel malware has made purely manual signature development impractical and has led to […]

Malware Analysis and Attribution using Genetic Information

Pfeffer1, A ., Call1, C., Chamberlain1, J., Kellogg1, L., Ouellette1, J., Patten1, T., Zacharias1, G., Lakhotia2, A., Golconda2, S., Bay3, J., Hall3, R., and Scofield3, D. Presented at the 7th International Conference On Malicious And Unwanted Software (Malware 2012). As organizations become ever more dependent on networked operations, they are increasingly vulnerable to attack by a […]

A Cognitive Task Analysis for Cyber Situational Awareness

Mahoney1, S., Roth2, E., Steinke3, K., Pfautz1, J., Wu1, C., and Farry1, M. Proceedings from the Human Factors and Ergonomics Society 54th Annual Meeting, San Francisco, CA (2010) Cyber Network degradation and exploitation can covertly turn an organization’s technological strength into an operational weakness. It has become increasingly imperative, therefore, for an organization’s personnel to […]

Implications of Cyber Warfare

Saunders, T. (Chair), Levis, A. (Vice Chair), Boehm-Davis, D., Chen, P., Ford, K., Fouse, S., Hull, G, . . . Zacharias, G. Volumes 1 and 2: Final Report, US Air Force Scientific Advisory Board Report SAB-TR-07-02, Washington, DC (August). For More Information To learn more or request a copy of a paper (if available), contact G. […]

Adaptive Cyberattack Modeling System

Gonsalves, P. and Dougherty, E. Proceedings of SPIE Defense & Security, vol. 6201, Orlando, FL (April 2006) The pervasiveness of software and networked information systems is evident across a broad spectrum of business and government sectors. Such reliance provides an ample opportunity not only for the nefarious exploits of lone wolf computer hackers, but for […]