Redefining the Metrics System: Research Establishes Foundation for Dynamic, Self-Organizing Cyber Threat Response Model

Research Establishes Foundation for Dynamic, Self-Organizing Cyber Threat Response Model
Research Establishes Foundation for Dynamic, Self-Organizing Cyber Threat Response Model

SaraWithrowSara Withrow /

Mar 10, 2017, 12:14 PM

With the number and severity of cybersecurity breaches skyrocketing, researchers at Embry-Riddle Aeronautical University’s College of Security and Intelligence at the Prescott Campus are creating a framework that may ultimately allow computer networks to autonomously detect intrusions and protect themselves accordingly.

Assistant Professor Gregory Vert, former Embry-Riddle graduate student Bryce Barrette and Bilal Gonen, assistant professor at the University of West Florida, are coauthors of Towards a Mathematical Model for Autonomously Organizing Security Metric Ontologies.

Peer reviewed and published at the 2016 International Conference on Security and Management, their research identifies operational cyber system security metrics, and then organizes these into larger classes of metrics, or ontologies, based on their similarities.

“Research groups have attempted to develop security metrics over the years; however, the issue with current security metric systems is their static nature. They often only account for a single indicator,” Vert says. Grouping metrics into classes based on how they apply to threat events within a system makes them more meaningful for decision-making regarding threat response, he explains.

Using computational math, researchers can assess potential threat events, looking at how closely those events occur together in time and space — the theory being that the closer they are together, the more likely the threat. If a threat is indicated, the model may react by dynamically self-reorganizing or recombining into larger classes of metrics that can deal with the threat as it moves across the network. Vert and his team define this dynamic model as the Adaptive Security Metric Method. “By determining which ontologies fit best with one another, frameworks can be determined for a best security model,” Vert says.

Vert adds that the work is conceptual at this point and that more empirical testing and validation are necessary. However, the model lays the mathematical groundwork for a future cybersecurity system that could dynamically and autonomously combat a cyber intrusion (i.e., spyware) or attack.

The research is being developed further for journal publication with undergraduates at Embry-Riddle’s Prescott Campus.

 

Related News