PROJECT ABSTRACT Deviant and criminal groups flourish in virtual spaces because the actors can operate in relative anonymity without fear of shame or stigma. A recent report by FBI IC3 shows that company losses from the cybercrime rose from 264.6 million dollars to 559.7 million dollars. The situation keeps getting worse when deviant and criminal groups make use of legitimate web services for their malicious command and control (C&C) communication channels. While there is some knowledge on the ways that vulnerabilities are exploited, there is little research exploring the ways that attack agents such as bots and malicious codes related to advanced persistent threats (APT) are distributed across cyberspace. Individuals who control existing bot networks also sell access to their infected machines for a variety of attacks including spam and denial of service attacks. In addition, the current malware analysis does not provide accurate and comprehensive attribution due to hidden activities behind the incidents since malware authors are still at large. As a consequence, these markets enable a great deal of unskilled computer users to engage in cybercrime and net-centric attacks. Therefore, it is necessary to systematically investigate the creation, distribution, and attack patterns of attack agents circulating cyberspace. This vital information can be used to further investigate specific social communities related to adversarial threats and to detect and prevent such net-centric threats. In this project, we address a multi-dimensional approach to (a) understand net-centric attacks including malware investigation with on- and off-line assessment, reverse engineering, and dynamic analysis, (b) discover distribution chain based on computer mediated communications (CMCs) that not only allows adversaries to identify easy-to-use or high quality tools, but also obfuscates the creation of malware by taking credit for a tool that was created by someone elsethe diverse range of social communications platforms available on-line make it exceedingly difficult to understand and identify the resources used and abused by deviant groups on-line, and (c) correlate attack attributions from malware investigation and social dynamics to produce a comprehensive and effective intelligence. Our goal is to develop a comprehensive and effective intelligence and this vision is a complex and highly sophisticated one that requires ongoing research and analysis to continue concurrently with the changing role and face of digital information creation and usage in CMCs. DoD has been trying to globally interconnect information capabilities, automated processes, and personnel for collecting, storing, processing, managing, and disseminating information on demand to policy makers, supporters, and war fighters. Our proposed tasks will help reduce the risk of disruption of mission-critical operations within a network-centric defense information infrastructure, achieving important tasks in DoDs network-centric defense information infrastructure for dealing with cyber crimes/terrorism. It would eventually influence the development of a common process for tactical defense so that DoD can continuously monitor situations, evaluate disruptions, and enable prudent decision-making based on our risk-aware approach and social dynamics.
|Effective start/end date||10/1/13 → 6/30/14|
- DOD-ARMY-ARL: Army Research Office (ARO): $50,000.00