Forecasting Cybersecurity Incidents and Its Role in Designing Incentive Mechanisms

In this talk I will present a number of predictive analytics studies we performed over the past few years aimed at characterizing the extent to which cyber security incidents can be predicted based on externally observable properties of an entity's network. While the general procedure follows the standard framework of supervised learning, significant challenges arose in (1) determining what types of data to collect, (2) how to clean and align the data in both space and time, and (3) how to deal with various deficiencies in the data. I will first describe the use of host malicious activity data (including spam, phishing, and active scanning) combined with network configuration data to obtain incident prediction at an organizational level. I will then describe the additional use of business details about an organization to obtain more fine-grained prediction, which looks at not just the overall risk of an incident, but the types of incidents it is particularly susceptible to. I will end the talk by describing how our ability to make predictions, or more generally, our ability to quantify at a global level the security postures of organizations, may be viewed as creating a form of "public monitoring" , which can be crucial in designing mechanisms that rely on inter-temporal incentives to induce socially desirable behaviors, from security practice to security investment to information sharing.

This is joint work with my current students Parinaz Naghizadeh and Armin Sarabi, my former student Yang Liu, as well as Prof. Michael Bailey from UIUC.

Mingyan Liu received her Ph.D in electrical engineering from the University of Maryland, College Park, in 2000. She has since been with the Department of Electrical Engineering and Computer Science at the University of Michigan, Ann Arbor, where she is currently a Professor. Her research interests are in optimal resource allocation, incentive design, and performance modeling and analysis, all within the context of communication networks. Her most recent research activities involve online learning, modeling and mining of large scale Internet measurement data concerning cyber security, and incentive mechanisms for inter-dependent security games. She is the recipient of the 2002 NSF CAREER Award, the University of Michigan Elizabeth C. Crosby Research Award in 2003 and 2014, the 2010 EECS Department Outstanding Achievement Award and the 2015 College of Engineering Excellence in Education Award. She holds Best Paper Awards from the International Conference on Information Processing in Sensor Networks (IPSN) in 2012 and the IEEE/ACM International Conference on Data Science and Advanced Analytics (DSAA) in 2014. She serves/has served on the editorial board of IEEE/ACM Trans. Networking, IEEE Trans. Mobile Computing, and ACM Trans. Sensor Networks. She is a Fellow of the IEEE and a member of the ACM.