The social science of cyberattacks

Nov 08, 2013 by Eric Swedlund

Thwarting cyberattacks could be as much a task for social scientists as it is for computer engineers.

A unique research collaboration at the University of Arizona is working on a special NSF exploratory grant to test exactly that notion, hoping that cooperation between social and can yield a breakthrough.

Cybersecurity is essential for protecting national interests in terms of defense and finance, but those security needs are increasingly found in other sectors as well.

However, current defenses have limited capabilities in predicting cyberattacks or determining their sources. Brint Milward, lead investigaor of the UA's grant, says the typical understanding of cyberattacks is along the lines of studying symptoms instead of a disease.

Milward, the Providence Service Corporation Chair in the School of Government and Public Policy, is teaming with sociology professor Ronald Breiger and two colleagues from electrical and computer engineering – Loukas Lazos and Jerzy W. Rozenblit, University Distinguished Professor and Raymond J. Oglethorpe Endowed Chair – to develop models of characteristics, classify adversarial groups according to similar features and analyze those groups using social network science.

"What we're saying from the social science perspective is don't focus on the attack. Focus on the attackers," Milward said. "Tracing where these attacks come from when they're bounced off computers all over the world is extraordinarily difficult and the best you can do is trace them back to a country. The ideal would be to move beyond that to identify the groups and their motives. A second best solution may be to identify the attackers by the kind of attack they carry out."

The researchers are integrating cyber data forensics with human-centric social network analysis, a novel approach that Milward hopes will contribute to counter-strategies down the road.

"One of the things we've done initially is classified attacks according to the purpose, like recreation, where people just want to create trouble, ideology, revenge and profit. All those things could be the motive and if you could attach a signature, based on the techniques a group uses to any of those motives, it tells you about the kinds of people who are engaging in this," Milward said.

"What the computer scientists are able to do is analyze enormous amounts of data and from that we can look at the smaller set of data associated with these attacks. In looking at the attacks, we can infer from the nature what the strategy or motive would be and find a signature and over time we can hopefully attach that signature to specific groups."

The proof-of-concept grant will also test whether the research team's interdisciplinary approach can yield answers that have eluded individual researchers in a single academic discipline.

"Can we bring people from very different fields with very different skill sets to attack a very hard problem and are they going to be able to tell us things that other people can't?"

Explore further: Local media have positive slant toward local businesses, Rice University expert finds

add to favorites email to friend print save as pdf

Related Stories

3Qs: The rules of cyber-engagement

Mar 06, 2013

The Obama administration is close to approving the nation's first set of rules for how the military can defend or retaliate against a major cyberattack, according to a report last month in The New York Ti ...

Researchers warn of 'hit and run' cyber attackers

Sep 26, 2013

Security researchers said Wednesday they uncovered a "cyber mercenary" team which specializes in attacks on targets in Japan and South Korea, and warned of more operations of that nature.

Answers to your questions about massive cyberattack

Mar 29, 2013

Here are some answers to questions about perhaps the biggest cyberattack ever, which recently targeted Spamhaus, an anti-spam group based in Geneva and London. It ended up slowing down or blocking access to numerous Interne ...

Recommended for you

Barclays to allow payments by using Twitter handles

Feb 27, 2015

The next chapter in banks moving into the digital age is a stretch beyond reminding customers over phone lines that they can also bank online. Barclays has launched Twitter payments through Pingit.

QR codes engineered into cybersecurity protection

Feb 27, 2015

QR, or Quick Response, codes – those commonly black and white boxes that people scan with a smartphone to learn more about something – have been used to convey information about everything from cereals ...

Australian laws on storing phone, Internet records to change

Feb 27, 2015

(AP)—A parliamentary committee on Friday recommended a major rewrite of draft laws that would force Australian telcos and Internet providers to store customers' personal data for the convenience of law enforcement agencies. ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.