Assessment of Group Dynamics During Cyber Crime Through Temporal Network Topology

Asadi, Nima; Rege, Aunshul; Obradovic, Zoran

doi:10.1007/978-3-319-93372-6_44

Nima Asadi¹⁷,
Aunshul Rege¹⁸ &
Zoran Obradovic¹⁷

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10899))

Included in the following conference series:

International Conference on Social Computing, Behavioral-Cultural Modeling and Prediction and Behavior Representation in Modeling and Simulation

3269 Accesses
1 Citations

Abstract

Understanding group dynamics can provide valuable insight into how the adversaries progress through cyberattacks and adapt to any disruptions they encounter. However, capturing the characteristics of such dynamics is a difficult task due to complexities in the formation and focus of the adversarial team throughout the attack. In this study, we propose an approach based on concepts and measures of social network theory. The results of experiments performed on observations at the US Industrial Control Systems Computer Emergency Response Team’s (ICS-CERT) Red Team-Blue Team cybersecurity training exercise held at Idaho National Laboratory (INL) show that the team dynamics can be captured and characterized using the proposed approach. Moreover, we provide an analysis of the shifts in such dynamics due to the adversarial team’s adaptation to disruptions caused by the defenders.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Rege, A., Obradovic, Z., Asadi, N., Singer, B., Masceri, N.: A temporal assessment of cyber intrusion chains using multidisciplinary frameworks and methodologies. In: 2017 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), pp. 1–7. IEEE, June 2017
Google Scholar
Rege, A., Obradovic, Z., Asadi, N., Parker, E., Masceri, N., Singer, B., Pandit, R.: Using a real-time cybersecurity exercise case study to understand temporal characteristics of cyberattacks. In: Lee, D., Lin, Y.-R., Osgood, N., Thomson, R. (eds.) SBP-BRiMS 2017. LNCS, vol. 10354, pp. 127–132. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60240-0_16
Chapter Google Scholar
Cloppert, M.: Security Intelligence: Attacking the Cyber Kill Chain (2009). http://digital-forensics.sans.org/blog/2009/10/14/security-intelligence-attacking-the-kill-chain. Accessed 2 Feb 2014
Colbaugh, R., Glass, K.: Proactive Defense for Evolving Cyber Threats. Sandia National Laboratories [SAND2012-10177] (2012). https://fas.org/irp/eprint/proactive.pdf. Accessed 15 Feb 2017
Leclerc, B.: Crime scripts. In: Wortley, R., Townsley, M. (eds.) Environmental Criminology and Crime Analysis. Routledge, Abingdon (2016)
Google Scholar
Krause, J., Croft, D.P., James, R.: Social network theory in the behavioural sciences: potential applications. Behav. Ecol. Sociobiol. 62(1), 15–27 (2007)
Article Google Scholar
Rokach, L., Maimon, O.: Clustering methods. In: Maimon, O., Rokach, L. (eds.) Data Mining and Knowledge Discovery Handbook, pp. 321–352. Springer, Boston (2005). https://doi.org/10.1007/0-387-25465-X_15
Chapter MATH Google Scholar
Schneider, R.: Survey of peaks/valleys identification in time series. Department of Informatics, University of Zurich, Switzerland (2011)
Google Scholar
Ellens, W., Kooij, R.E.: Graph measures and network robustness. arXiv preprint arXiv:1311.5064 (2013)

Download references

Acknowledgements

This material is based upon work supported by the National Science Foundation CAREER Award, Grant No. CNS1453040 and partially by National Science Foundation CPS Award, Grant No. 1446574. The authors thank the Industrial Control Systems Computer Emergency Response Team (ICSCERT) and Idaho National Laboratory (INL) for allowing data collection at their September/October 2014 Red Team/Blue Team Cybersecurity Training Exercise.

Author information

Authors and Affiliations

Computer and Information Sciences Department, Temple University, Philadelphia, USA
Nima Asadi & Zoran Obradovic
Department of Criminal Justice, Temple University, Philadelphia, USA
Aunshul Rege

Authors

Nima Asadi
View author publications
You can also search for this author in PubMed Google Scholar
Aunshul Rege
View author publications
You can also search for this author in PubMed Google Scholar
Zoran Obradovic
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nima Asadi .

Editor information

Editors and Affiliations

United States Military Academy, West Point, New York, USA
Robert Thomson
Bucknell University, Lewisburg, Pennsylvania, USA
Christopher Dancy
The Ohio State University, Columbus, Ohio, USA
Ayaz Hyder
University of Michigan–Flint, Flint, Michigan, USA
Halil Bisgin

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Asadi, N., Rege, A., Obradovic, Z. (2018). Assessment of Group Dynamics During Cyber Crime Through Temporal Network Topology. In: Thomson, R., Dancy, C., Hyder, A., Bisgin, H. (eds) Social, Cultural, and Behavioral Modeling. SBP-BRiMS 2018. Lecture Notes in Computer Science(), vol 10899. Springer, Cham. https://doi.org/10.1007/978-3-319-93372-6_44

Download citation

DOI: https://doi.org/10.1007/978-3-319-93372-6_44
Published: 14 June 2018
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-93371-9
Online ISBN: 978-3-319-93372-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics