U-M researchers estimate best time to launch a cyber attack

January 13, 2014

Abstract image of 1s and 0s and circuit paths with a hand holding an electronic pen. Image credit: sxc.hu user erkinsahinANN ARBOR—University of Michigan researchers have developed new ways to analyze Internet security risks by creating a mathematical model that can predict when a cyber attack may be launched.

Robert Axelrod, professor of political science and public policy at U-M’s Ford School, and Rumen Iliev, postdoctoral research fellow at the school, created the model to help develop a basis for understanding the strategic implications of cyber technology.

Focusing on the timing of cyber conflict, their model analyzes when an attacker is most motivated to exploit vulnerabilities in a target’s computer system for espionage or disruption.

“One of our major contributions is to develop some concepts to deal with this new realm of cyber conflict,” Axelrod said. “It took 15 years in the nuclear world for people to understand the implications of nuclear technology. It is our hope that it won’t take that long to understand the strategic capabilities of cyber technology.”

They developed two concepts. One is stealth, which is the ability of a resource to exploit a vulnerability in a target’s computer system to stay undiscovered if it is used. The other is persistence, which is to keep the vulnerability undiscovered if it isn’t used.

“A good resource should have both stealth and persistence,” Iliev said. “The less persistent a resource is, the sooner (it should be used) lest the vulnerability is fixed before (there’s) a chance to exploit it.”

They illustrate their model using four case studies, including the Stuxnet attack on Iran’s nuclear program and the Iranian cyber attack on the energy firm Saudi Aramco.

“We also hope this will encourage other efforts to study these things in a rigorous way,” Axelrod said. “There’s a lot of discussion about cyber problems, but it’s so new that the language isn’t established. People use the word attack to mean anything from stealing a credit card number to sabotage of an industrial system.”

Their research appears in the Proceedings of the National Academy of Sciences.


Related Links: