Abstract
Understanding group dynamics can provide valuable insight into how the adversaries progress through cyberattacks and adapt to any disruptions they encounter. However, capturing the characteristics of such dynamics is a difficult task due to complexities in the formation and focus of the adversarial team throughout the attack. In this study, we propose an approach based on concepts and measures of social network theory. The results of experiments performed on observations at the US Industrial Control Systems Computer Emergency Response Team’s (ICS-CERT) Red Team-Blue Team cybersecurity training exercise held at Idaho National Laboratory (INL) show that the team dynamics can be captured and characterized using the proposed approach. Moreover, we provide an analysis of the shifts in such dynamics due to the adversarial team’s adaptation to disruptions caused by the defenders.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Rege, A., Obradovic, Z., Asadi, N., Singer, B., Masceri, N.: A temporal assessment of cyber intrusion chains using multidisciplinary frameworks and methodologies. In: 2017 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), pp. 1–7. IEEE, June 2017
Rege, A., Obradovic, Z., Asadi, N., Parker, E., Masceri, N., Singer, B., Pandit, R.: Using a real-time cybersecurity exercise case study to understand temporal characteristics of cyberattacks. In: Lee, D., Lin, Y.-R., Osgood, N., Thomson, R. (eds.) SBP-BRiMS 2017. LNCS, vol. 10354, pp. 127–132. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60240-0_16
Cloppert, M.: Security Intelligence: Attacking the Cyber Kill Chain (2009). http://digital-forensics.sans.org/blog/2009/10/14/security-intelligence-attacking-the-kill-chain. Accessed 2 Feb 2014
Colbaugh, R., Glass, K.: Proactive Defense for Evolving Cyber Threats. Sandia National Laboratories [SAND2012-10177] (2012). https://fas.org/irp/eprint/proactive.pdf. Accessed 15 Feb 2017
Leclerc, B.: Crime scripts. In: Wortley, R., Townsley, M. (eds.) Environmental Criminology and Crime Analysis. Routledge, Abingdon (2016)
Krause, J., Croft, D.P., James, R.: Social network theory in the behavioural sciences: potential applications. Behav. Ecol. Sociobiol. 62(1), 15–27 (2007)
Rokach, L., Maimon, O.: Clustering methods. In: Maimon, O., Rokach, L. (eds.) Data Mining and Knowledge Discovery Handbook, pp. 321–352. Springer, Boston (2005). https://doi.org/10.1007/0-387-25465-X_15
Schneider, R.: Survey of peaks/valleys identification in time series. Department of Informatics, University of Zurich, Switzerland (2011)
Ellens, W., Kooij, R.E.: Graph measures and network robustness. arXiv preprint arXiv:1311.5064 (2013)
Acknowledgements
This material is based upon work supported by the National Science Foundation CAREER Award, Grant No. CNS1453040 and partially by National Science Foundation CPS Award, Grant No. 1446574. The authors thank the Industrial Control Systems Computer Emergency Response Team (ICSCERT) and Idaho National Laboratory (INL) for allowing data collection at their September/October 2014 Red Team/Blue Team Cybersecurity Training Exercise.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Asadi, N., Rege, A., Obradovic, Z. (2018). Assessment of Group Dynamics During Cyber Crime Through Temporal Network Topology. In: Thomson, R., Dancy, C., Hyder, A., Bisgin, H. (eds) Social, Cultural, and Behavioral Modeling. SBP-BRiMS 2018. Lecture Notes in Computer Science(), vol 10899. Springer, Cham. https://doi.org/10.1007/978-3-319-93372-6_44
Download citation
DOI: https://doi.org/10.1007/978-3-319-93372-6_44
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-93371-9
Online ISBN: 978-3-319-93372-6
eBook Packages: Computer ScienceComputer Science (R0)