Cyberattacks on enterprise networks have moved into an era where both attackers and security analysts utilize complex strategies to confuse and mislead one another. Critical attacks often take multitudes of reconnaissance, exploitations, and obfuscation techniques to achieve the goal of cyber espionage and/or sabotage. The discovery and detection of new exploits, though needing continuous efforts, is no longer sufficient. Imagine a system that automatically extracts the ways the attackers use various techniques to penetrate a network and generates empirical models that can be used for in-depth analysis or even predict next attack actions. What if we can simulate synthetic attack scenarios based on characteristics of the network and adversary behaviors? Will publicly available information on the Internet be viable to forecast cyberattacks before they take place?
This talk will discuss advances that enable anticipatory cyber defense and open research questions. Specifically, this talk will present a suite of research efforts and prototypes: ASSERT integrates Bayesian-based learning with clustering to generate and refine attack models based on observed malicious activities; CASCADES explores how attackers discover vulnerabilities of the systems in the network to simulate potential attack progressions; CAPTURE overcomes limitations of imbalanced, insignificant, and non-stationary data to forecast cyberattacks before they happen using public domain signals. These ongoing research works provide much needed anticipatory capability for proactive cyber defense.
This talk will be at a sufficiently high level to describe the needs for anticipatory cyber defense and some capabilities. The intended audience ranges from researchers, practitioners, policy makers, and students who have some high level knowledge about cybersecurity.
Speaker bio:
Dr. S. Jay Yang received his BS degree in Electronics Engineering from National Chaio-Tung University in Taiwan in 1995, and MS and Ph.D. degrees in Electrical and Computer Engineering from the University of Texas at Austin in 1998 and 2001, respectively. He is currently a Professor and the Department Head for the Department of Computer Engineering at Rochester Institute of Technology. He also serves as the Director of Global Outreach in the Center of Cybersecurity at RIT, and a Co-Director of the Networking and Information Processing (NetIP) Laboratory. His research group has developed several pioneering machine learning, attack modeling, and simulation systems to provide predictive analysis of cyberattacks, enabling anticipatory or proactive cyber defense. His earlier works included FuSIA, VTAC, ViSAw, F-VLMM, and attack obfuscation modeling. More recently, his team is developing a holistic body of work that encompasses ASSERT to provide timely separation and prediction of critical attack behaviors, CASCASE to simulate synthetic cyberattack scenarios that integrates data-driven and theoretically grounded understanding of adversary behaviors, and CAPTURE to forecast cyberattacks before they happen using unconventional signals in the public domain. Dr. Yang has published more than sixty papers and worked on eighteen sponsored research projects. He has served on organizing committees for several conferences and as a guest editor and a reviewer for a number of journals and textbooks. He was invited as a keynote or panel speaker for several venues. He was a recipient of Norman A. Miles Outstanding Teaching Awards, and a key contributor to the development of two Ph.D. programs at RIT and several global partnership programs.
More information about Jay can be found at: https://www.camlis.org/shanchieh-jay-yang
Presentations are recorded and include time for questions with the audience.
Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."