You are not logged in.

Announcement

Welcome to the IMPACT Forum, a place for researchers, developers, data & tool providers, and other cyber risk stakeholders can discuss all things IMPACT!

#1 2020-03-14 9:07:39 pm

jessemyn
Member
From: Canberra
Registered: 2020-03-11
Posts: 1

Assistance requested - data matching for cybersecurity research

Hi all,
I am a researcher at UNSW ADFA looking at applications of epidemiology to cybersecurity. I am wondering if anyone is aware of data sets that might help me! Here is a rough summary of my research aims/methodology.

Background
Epidemiology provides a novel approach to understanding cybersecurity risk. It provides a systematic model for the analysis of likelihood, consequence, management and prevention measures. While current research exists on the analysis of individual cybersecurity risk factors, there is a significant research gap on the collective interaction of these risk factors and their impact on the risk of cybersecurity compromise. Effective cybersecurity risk management requires the estimation of the probability of infection, based on a comprehensive range of historical and environmental factors, including system or network configurations and characteristics. The application of epidemiology highlights two fundamental approaches to increasing the efficiency and potency of cybersecurity; the requirement for comprehensive analysis of all cybersecurity risk factors, not just specific network vulnerabilities or uses, and the requirement for a centralised reporting, monitoring and data centre for cybersecurity incidents to inform this analysis, and facilitate a collective community response to mitigating cybersecurity risks.

Research Questions:
1.    What is the relationship between the collective interaction of cybersecurity risk factors?
2.    How can these factors be analysed and profiled to determine the risk of cybersecurity compromise?
3.    How can epidemiology be applied to construct a systematic model for the analysis of risk likelihood, consequence, management and prevention measures?
4.    How can this risk assessment inform security policies and technologies (supply chain risk management, intrusion detection and prevention, social engineering, and configuration management).
5.    To what extent is data at scale (CDC for malware) required to provide an adequate assessment of these factors?  How would a CDC for malware be architected, managed and regulated?
Methodology

Part A:
Network configuration data, as ‘cyber security risk factors’ will be collected, or attained from research partners. This will comprise all variables including hardware, software and configuration details of a network.
N-Map will be utilised to gather data from an extant network. This data set will include Operating System, Host Name, IP Address, Installed Software and connected Hardware. See extended methodology for Nmap collection method.

Part B:
Network data will be collected, or attained from research partners, as examples of ‘diseases’ to contrast against the network configuration data as ‘cyber security risk factors’ to determine the relationship between network characteristics, and risk (likelihood x consequence) of compromise. This data will comprise the following forms of cyber-attack data:
-    Traffic Flow data
-    Botnet traffic
-    Simulated attacks
-    Malicious traffic
-    Malware
-    Denial of Service
-    Computer worms

Note: human-related attacks e.g. phishing, search engine poisoning etc are not included at this stage.

From this, likelihood and compromise can be scored to determine risk of compromise based on network characteristics, for each attack vector.

Part C:
A test range will also be developed, comprising a network of different hardware, software and asset configurations. Multiple forms of cyber-attack will be tested on each network configuration to analyse compromise. The configuration of these networks will then be modified and re-tested against the same sets of cyber-attack vectors. From this, likelihood and compromise can be scored to determine risk of compromise based on network characteristics, for each attack vector.

Offline

Board footer