Mathematical Model Predicts When Hackers Will Strike Source: Stephanie Mlot
Who says math won't help you in the real world? Researchers at the University of Michigan believe they have calculated the optimum time for a cyber attack.
The model, from student Rumen Iliev and political science professor Robert Axelrod, focuses heavily on timing: Wait until the attack will cause the most destruction, but not too long so that the vulnerability hackers are exploiting has been fixed.
"The question of timing is analogous to the question of when to use a double agent to mislead the enemy," the researchers wrote in their paper. "Where it may be worth waiting for an important event but waiting too long may mean the double agent has been discovered by the target and become useless."
Though presented from the perspective of the offense―the hacker looking for the best moment to exploit a vulnerability―the findings are equally relevant to those companies and agencies hoping to fend off a future attack - something that companies like Target might find useful.
Taking a closer look at zero-day vulnerabilities, the researchers built their model using four variables: resources, stealth, persistence, and threshold.
The first pinpoints a specific vulnerability in a target's computer system, begging the question of what is at stake in the current situation. Will you be at war with the target in a year? Or will you be at peace when you find a new resource to steal?
Once the stakes are set, the hacker uses stealth to measure their chance of invading before the target realizes they've been attacked. Similarly, persistence assesses the chance someone recognizes their own vulnerability and fixes it before any damage can be done.
"Both Stealth and Persistence depend not only on the resource itself, but also on the capacity and vigilance of the intended target," the research explained.
Axelrod and Iliev, however, suggest that the best policy is to wait until the stakes are high enough to risk losing the resource because of limited stealth―what they call threshold. The lower the threshold, the lower the average gains.
"Cyber conflict has already begun. Exploitation of vulnerabilities in computer systems has been used for both espionage and sabotage," the researchers said, adding that it has also led to new ways of conducting and fighting crime. "In the near future, cyber conflict will likely allow international sanctions to be more precisely targeted than economic sanctions alone and will provide powerful force multipliers for so-called kinetic warfare."
| }
|