Adaptive cyber security decision support to prevent cyber attacks

June 27, 2017, University of Nottingham
Credit: CC0 Public Domain

Recognising the complexity of cyber attacks and the multi-stakeholder nature of tackling cyber security are the key components of a new data-driven cyber security system being developed by experts led by the University of Nottingham. The aim is to support organisations of all sizes in maintaining adequate levels of cyber security through a semi-automatic, regularly updated, organisation-tailored security assessment of their digital infrastructures.

The £1 million project, funded by the Engineering and Physical Sciences Research Council (EPSRC) and the National Cyber Security Centre (formerly CESG), will establish the foundations for a digital 'Online Cyber Security System' decision support service (OCYSS) which is designed to rapidly bring together information on system vulnerabilities and alert organisations which may be affected.

The interdisciplinary project brings together academics in different areas of cyber , information integration and decision making from the University of Nottingham, UK and Carnegie Mellon University, USA. They will be working closely with the UK's National Cyber Security Centre.

Dr Christian Wagner, from the School of Computer Science at the University of Nottingham, who is currently also a visiting professor at Michigan Technological University, USA, is the lead academic. He said: "While the UK has access to some of the world's leading experts in cyber security, the scale and variety of systems in UK organisations, both public and private, make it extremely challenging to flag potential system threats in a timely fashion. This international collaborative project targets a novel approach to semi-automatically identify system vulnerabilities, thus greatly increasing the efficiency and capacity to respond to emerging threats." Also involved as co-investigators are Prof. Garibaldi, who has previously worked with the team at CESG on modelling expert decision making, and Prof. McAuley, who is Director of the Horizon Digital Economy Hub and has specific expertise in security and privacy research.

The UK cyber security sector already has world-leading capabilities and is worth over £6 billion, employing 40,000 people. Cyber attacks are increasing in severity and sophistication and companies are struggling to recruit the expertise needed to defend their organisations.

Cyber security underpinned with scientific expertise

The system will be designed to directly address the acute shortage of availability and access to highly qualified cyber security experts by small-to-large scale organisations - from government to industry.

Dr Wagner notes: "The lack of sufficient access to highly trained and experienced is a key challenge for the UK. It prevents a range of users from establishing and maintaining continuously adequate levels of protection of their assets in a rapidly changing security landscape. We view this challenge as a multi-stakeholder problem because a number of human stakeholders, from users and IT managers, with varying levels of expertise, to cyber security and software providers, need to effectively communicate and work together in order to deliver systems with an appropriate level of cyber security assurance."

This new, semi-automatic, data-driven approach is underpinned by novel research on integrating information from a number of different sources while managing discord and potential dependencies of individual components within systems. The aim is to enable systems which are capable of maximizing the utility of the available cyber security insights and to rapidly deliver user-tailored, up-to-date threat analysis and decision support to help organisations mitigate potential before they happen.

Dr Travis Breaux, from the School of Computer Science at Carnegie Mellon University in Pittsburgh, is supporting the project and is especially concerned about the challenge of system composability. Dr Breaux notes: "Increasingly, computer systems are built from hundreds, if not thousands, of hardware and software components that interact with one another. To improve security, system analysts must pay special attention to how these components interact, and they must place these interactions in the context of specific threats. The number of configurations and possible cyber threats is simply insurmountable for human analysts to effectively comprehend and evaluate on their own, which necessitates a semi-automated approach that can stay ahead of emerging technology. Our goal is to empower these analysts to comprehend a larger attack surface without being overwhelmed by increasingly complex systems."

A system tailored to real-world cyber security challenges

Expertise to assess the level of security of a particular IT system is not commonly available in one location. In addition, knowledge on vulnerabilities in systems develops rapidly, making it essential for organisations to maintain up-to-date awareness of their systems' potential exposure. The proposed approach is designed to capture and integrate security assessments, including associated uncertainty, from a number of sources, including government services such as the NCSC and third party security providers. The key challenge here is to develop ways to gather and model this often complex information effectively, while also dealing systematically with discord in the security assessments provided by individual sources.

By building up a continuously evolving database of system vulnerabilities, the OCYSS framework is designed to provide organisations with an up-to-date threat assessment, incl. associated uncertainty, tailored to their specific systems, thus supporting them in their decision making on threat mitigation.

A key aspect here is that the OCYSS approach is designed to avoid delays in threat detection and potential mitigation by providing a direct pathway for newly emerging vulnerabilities arising from individual system components or their interactions.

Dr Wagner said: "Going beyond the scope of theoretical research and developing advances in data science and human computer interaction, the project will also deliver a functioning prototype of the OCYSS framework, enabling us to conduct an exceptional level of evaluation tailored to real-world cyber security challenges, working closely with our partners at the UK's National Cyber Security Centre. The idea is to deliver both internationally published novel science and re-usable open source software, thus facilitating the reproduction of results, as well as substantially boosting the potential of commercial up-take of the project outcomes."

The University of Nottingham is currently recruiting additional experts at post-doctoral level.

Explore further: Greater readiness repels cyber threats to manufacturers

Related Stories

Greater readiness repels cyber threats to manufacturers

December 14, 2016

Together with the National Emergency Supply Agency and the private sector, VTT Technical Research Centre of Finland has developed tailored solutions bringing improved cyber security and disruption-free operations to manufacturers. ...

German military to launch cyber command

March 31, 2017

Germany's armed forces Saturday launch a cyber command, with a status equal to that of the army, navy and air force, meant to shield its IT and weapons systems from attack.

EU, Japan to start cyber-security dialogue

May 5, 2014

The European Union will discuss Internet security during talks this week in Brussels with Japanese Prime Minister Shinzo Abe, a senior EU official said Monday.

Recommended for you

Coffee-based colloids for direct solar absorption

March 22, 2019

Solar energy is one of the most promising resources to help reduce fossil fuel consumption and mitigate greenhouse gas emissions to power a sustainable future. Devices presently in use to convert solar energy into thermal ...

EPA adviser is promoting harmful ideas, scientists say

March 22, 2019

The Trump administration's reliance on industry-funded environmental specialists is again coming under fire, this time by researchers who say that Louis Anthony "Tony" Cox Jr., who leads a key Environmental Protection Agency ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.