Restricted Research - Award List, Note/Discussion Page

Fiscal Year: 2018

1983  The University of Texas at San Antonio  (75801)

Principal Investigator: Xu, Shouhuai (Principal Investigator)  

Total Amount of Contract, Award, or Gift (Annual before 2011): $ 1,687,509

Exceeds $250,000 (Is it flagged?): Yes

Start and End Dates: 7/1/17 - 6/30/21

Restricted Research: YES

Academic Discipline: COS COMPUTER SCIENCE  

Department, Center, School, or Institute: Institute for Cyber Security (ICS)  

Title of Contract, Award, or Gift: Modeling, Analyzing and Predicting Cyber Attacks

Name of Granting or Contracting Agency/Entity: US Dept of the Army

Program Title: N/A
CFDA Linked: Basic Scientific Research


This project studies cybersecurity phenomena as exhibited by cyber attack data, including the data that can be captured/observed by passive network instruments such as honeypots and blackholes. The phenomena can be naturally modeled using stochastic processes, dubbed stochastic cyber attack processes (attack processes for short), which are a new kind of mathematical objects of cybersecurity significance. This project studies these processes from three perspectives: • Characterizing properties: What statistical properties do the stochastic cyber attack processes possess? For example, a preliminary examination of some honeypot-captured cyber attack data shows that majority of the computer-level attack processes exhibit the Long-Range Dependence (LRD) property, also known as long-memory, which is in sharp contrast to the memoryless of Poisson processes. To our knowledge, this is the first time that LRD is found to be relevant in the cybersecurity domain. • Explaining causes of the properties: Why do the stochastic cyber attack processes exhibit those properties? Causes of the properties can be mysterious, but are important to know. For example, we present some initial evidences showing that LRD in the cybersecurity domain might have different causes than LRD in the benign traffic domain, where no attacks are present. • Exploiting the properties to predict cyber attacks: How can we exploit the properties to predict cyber attacks? In contrast to the folklore that cyber attacks are not predictable, we show (for example) that LRD can be exploited to predict the number of incoming attacks hours ahead of time. This means that such “gray-box” (rather than “black-box”) predictions would give the defender sufficient early-warning time for proactively allocating defense resources. This project will lead to deeper knowledge and understanding about cyber attacks, which represent some “natural” phenomena in cyberspace (the man-made “universe”). Understanding the nature and characteristics of these phenomena is a necessary step toward understanding cyberspace. In particular, characterizing the predictability of cyber attacks—i.e., to what degree cyber attacks can or cannot be predicted—is an important piece of our intellectual knowledge about cyberspace.

Discussion: No discussion notes


Close Window