Want to learn more about predicting cyber attacks?
Join us Friday, Dec. 10th at 11am MT for this virtual event!
To Register in advance for this meeting, CLICK HERE. After registering, you will receive a confirmation email containing information about joining the meeting.
Speaker: Professor V.S. Subrahmanian is the Walter P. Murphy Professor of Computer Science and Buffett Faculty Fellow in the Buffett Institute for Global Affairs at Northwestern University. For a full bio, visit MLC.
Abstract: We consider the problem of predicting cyber attacks based on known Common Vulnerability & Exposure (CVE) numbers. Given a CVE, we wish to answer 3 questions: (i) Will the CVE be exploited by malicious hackers? (ii) If so, when? (iii) How severe will the attack be? The answers to these questions are critical for almost all companies with significant software/hardware investments, for manufacturers of those software/hardware components, and for governments of the nations involved. In this talk, I will primarily focus on when a vulnerability will be exploited. Using a 23-month dataset gleaned from 5 sources, I will present a novel family of CAT (CVE-Author-Tweet) graphs. Each CAT graph has a massive associated system of recursive equations whose solution yields ``popularity scores’’ for the CVE-Author-Tweet nodes in the graph. Using these scores for different CAT graphs, we show a model that can predict when a vulnerability will be exploited – and we will use real world case studies to illustrate the efficacy of the approach. The talk will briefly describe progress on problems (i) and (iii) as well, and will describe a research agenda going forward that uses the predictions generated to better secure an enterprise. I will conclude with a brief outline of policy questions resulting from our work.