The social science of cyberattacks

November 8, 2013 by Eric Swedlund

Thwarting cyberattacks could be as much a task for social scientists as it is for computer engineers.

A unique research collaboration at the University of Arizona is working on a special NSF exploratory grant to test exactly that notion, hoping that cooperation between social and can yield a breakthrough.

Cybersecurity is essential for protecting national interests in terms of defense and finance, but those security needs are increasingly found in other sectors as well.

However, current defenses have limited capabilities in predicting cyberattacks or determining their sources. Brint Milward, lead investigaor of the UA's grant, says the typical understanding of cyberattacks is along the lines of studying symptoms instead of a disease.

Milward, the Providence Service Corporation Chair in the School of Government and Public Policy, is teaming with sociology professor Ronald Breiger and two colleagues from electrical and computer engineering – Loukas Lazos and Jerzy W. Rozenblit, University Distinguished Professor and Raymond J. Oglethorpe Endowed Chair – to develop models of characteristics, classify adversarial groups according to similar features and analyze those groups using social network science.

"What we're saying from the social science perspective is don't focus on the attack. Focus on the attackers," Milward said. "Tracing where these attacks come from when they're bounced off computers all over the world is extraordinarily difficult and the best you can do is trace them back to a country. The ideal would be to move beyond that to identify the groups and their motives. A second best solution may be to identify the attackers by the kind of attack they carry out."

The researchers are integrating cyber data forensics with human-centric social network analysis, a novel approach that Milward hopes will contribute to counter-strategies down the road.

"One of the things we've done initially is classified attacks according to the purpose, like recreation, where people just want to create trouble, ideology, revenge and profit. All those things could be the motive and if you could attach a signature, based on the techniques a group uses to any of those motives, it tells you about the kinds of people who are engaging in this," Milward said.

"What the computer scientists are able to do is analyze enormous amounts of data and from that we can look at the smaller set of data associated with these attacks. In looking at the attacks, we can infer from the nature what the strategy or motive would be and find a signature and over time we can hopefully attach that signature to specific groups."

The proof-of-concept grant will also test whether the research team's interdisciplinary approach can yield answers that have eluded individual researchers in a single academic discipline.

"Can we bring people from very different fields with very different skill sets to attack a very hard problem and are they going to be able to tell us things that other people can't?"

Explore further: Researchers explore how cyber-attackers think like regular crooks

Related Stories

3Qs: The rules of cyber-engagement

March 6, 2013

The Obama administration is close to approving the nation's first set of rules for how the military can defend or retaliate against a major cyberattack, according to a report last month in The New York Times. One such new ...

Answers to your questions about massive cyberattack

March 29, 2013

Here are some answers to questions about perhaps the biggest cyberattack ever, which recently targeted Spamhaus, an anti-spam group based in Geneva and London. It ended up slowing down or blocking access to numerous Internet ...

Researchers warn of 'hit and run' cyber attackers

September 26, 2013

Security researchers said Wednesday they uncovered a "cyber mercenary" team which specializes in attacks on targets in Japan and South Korea, and warned of more operations of that nature.

Recommended for you

Microsoft describes hard-to-mimic authentication gesture

August 1, 2015

Photos. Messages. Bank account codes. And so much more—sit on a person's mobile device, and the question is, how to secure them without having to depend on lengthy password codes of letters and numbers. Vendors promoting ...

Power grid forecasting tool reduces costly errors

July 30, 2015

Accurately forecasting future electricity needs is tricky, with sudden weather changes and other variables impacting projections minute by minute. Errors can have grave repercussions, from blackouts to high market costs. ...

Netherlands bank customers can get vocal on payments

August 1, 2015

Are some people fed up with remembering and using passwords and PINs to make it though the day? Those who have had enough would prefer to do without them. For mobile tasks that involve banking, though, it is obvious that ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.