C3E Idea Detail - Think Like a Bad Guy


Submitted by Luanne Burns

Title: Think Like a Bad Guy

 

Problem:

The increased rate of proliferation over the past year of malware, botnets, and viruses demonstrates that many of our adversaries are gaining both an appreciation for the utility of cyber crime and proficiency in executing such crime.   As the number and strength of our adversaries grows it becomes more important for us to understand both what they are capable of and what motivates them so that we can best spend our scarce resources protecting against them.

Proposal:

The government should invest in research to better understand the capabilities and motivations of our adversaries in cyberspace. While many intelligence organizations are already doing this, the addition of more scientific research on the topic could help quantify and model specific ways in which our adversaries are behaving.

 

Such a research program could include the following elements:
 
Think Like a Bad Guy 1– Criminal Organization Reverse Engineering - Some of the most practiced people in the world at operating under constant attack, monitoring and mistrust are web-based criminal organizations. We can and should be benefitting from their R&D (e.g., fast-flux & double fast flux networks, etc…) by studying the ways in which they control access to their enclaves and how they tear down and then reconstitute those enclaves once they believe their mission to be compromised.
 
Think Like a Bad Guy 2 - Adversary Incentive Modeling - We can learn about the motivations of our adversaries by observing the things they are trying to do or find in our systems. Distillation of these observations into models can help us to develop classifiers to better characterize adversary behavior in our networks in real time and prepare real time responses. This research program should explore what makes information or a honey pot sweet from the perspective of our adversaries, how can we use analytics to evaluate the attractiveness of information on our network from their point of view, and explore ways in which we can use this knowledge to draw their focus from what is important to us by "dressing up" the things that we think are attractive to them.

Strengths:

  • Advances in applying behavioral economics to product advertising are allowing companies to exploit large datasets to better understand how individuals behave, what motivates them, and how to best position their products to maximize sales.

Weaknesses:

  • It might not be possible to collect a sufficient number of observations of adversary behavior to move from an anecdotal/case-study-based approach to a more scientific model-driven approach.

References:

National Cyber Leap Year Summit 2009 Participants’ Ideas Report, NITRD Program Office, September 16, 2009, pp 39-41
 
Schudel, G., Wood, B., & Parks R. (2000) Modeling Behavior of the Cyber-Terrorist. Conference Proceedings: Research on Mitigating the Insider Threat to Information Systems #2, 49-59.