Sensing for suspicion at scale: A Bayesian approach for cyber conflict attribution and reasoning

Harsha K. Kalutarage*, Siraj A. Shaikh, Qin Zhou, Anne E. James

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

16 Citations (Scopus)

Abstract

Cyber conflict monitoring remains one of the biggest challenges today, amidst increasing scaling up of cyberspace in terms of size, bandwidth and volume. Added to this, the increased determination of cyber actors to operate beneath the threshold makes it ever more difficult to identify unauthorised activities with desired levels of certainty and demonstrability. We acknowledge a case for persistent and pervasive monitoring; detection of serious sabotage and espionage activities, however, is dependent, in part, upon the ability to maintain traffic history over extended periods of time, somewhat beyond current computational and operational constraints. This makes it crucial for research in cyber monitoring infrastructures, which are configured to handle cyberspace at live and modern scale and sense suspicious activity for further investigation. This paper explores Bayesian methods together with statistical normality to judge for effective activity attribution, particularly in high-volume high-scale environments, by combining both prior and posterior knowledge in the scenario. The set of experiments presented in this paper provides tactical and operational principles for systematic and efficient profiling and attribution of activity. Such principles serve a useful purpose for technologists and policy-makers who want to monitor cyberspace for suspicious and malicious behaviour, and narrow down to likely sources. The proposed approach is domain agnostic and hence of interest to a cross-disciplinary audience interested in technology, policy and legal aspects of cyber defence.

Original languageEnglish
Title of host publication2012 4th International Conference on Cyber Conflict, CYCON 2012 - Proceedings
Publication statusPublished - 2012
Externally publishedYes
Event2012 4th International Conference on Cyber Conflict, CYCON 2012 - Tallinn, Estonia
Duration: 05 Jun 201208 Jun 2012

Conference

Conference2012 4th International Conference on Cyber Conflict, CYCON 2012
Country/TerritoryEstonia
CityTallinn
Period05/06/201208/06/2012

Keywords

  • anomaly detection
  • attribution
  • Bayesian approach
  • cyber attacks
  • reasoning

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Sensing for suspicion at scale: A Bayesian approach for cyber conflict attribution and reasoning'. Together they form a unique fingerprint.

Cite this