Automated Defense: Reimaging Cybersecurity Via Anthropology

By   ISBuzz Team
Writer , Information Security Buzz | Jan 08, 2014 03:39 am PST

MANHATTAN, KS—Cybersecurity and anthropology researchers at Kansas State University are teaming up in an effort to develop automated tools that will make computer network defense more efficient.

According to a press release issued by the university, Xinming “Simon” Ou, associate professor of computing and information sciences, and Mike Wesch, associate professor of anthropology, recently received a $700,000 grant from the National Science Foundation to research cyber security analysts’ “tacit knowledge”— the unspoken language cyber professionals use to perform their duties at security operation centers (SOCs).

A professional analyst usually takes five or six minutes to find the Internet Protocol (IP) address and physical location of a computer that has been compromised by an attack.  But this task, when compared to the more daunting objective of figuring out how a computer system has been infiltrated and what data might have been compromised, is repetitive and falls short of engaging the full spectrum of an analyst’s skills and expertise.

To remedy this state of affairs, among others, anthropology researchers at KSU have been assigned to observe professional analysts who work at two companies’ SOCs.  It is the hope of Ou and Wesch that these ethnographies will yield insights into cyber analysts’ “tacit knowledge”, which tool developers can then use to generate algorithms that will automate the more repetitive duties of cyber security.

This is not the first attempt to develop a cybersecurity algorithm.  For example, in May of last year, it was announced that researchers at North Carolina State University had developed an algorithm that helps protect computer systems in the event of an attack.

Even so, Ou and Wesch may be the first researchers who have aspired to create an algorithm that relates to cyber security analysts’ day-to-day duties.

Ou is no stranger to computer and information security.  Among other things, he has received numerous grants and awards for his research, which includes an article investigating the effectiveness of moving-target defense (MTD).

MTD is a new concept of network defense.  The idea is to dynamically change computer programs’ properties using automation tools.  If a network alters its configuration frequently enough, it is hoped that analysts can better protect computer systems from certain traditionally static cyber attacks, such as probing.

Ou’s work with MTD, not to mention his and Wesch’s efforts to translate professionals’ “tacit knowledge” into analytical tools, reveals an important prediction about cyber security:  automation tools are the way of the future.

The cyber threat landscape has diversified and expanded in recent years.  It is therefore imperative that cyber security analysts acquire tools that allow them to direct their energies to the more time-consuming and cognitively “human” aspects of their profession.

In this sense, Ou and Wesch’s work stand to revolutionize cyber security—how analysts are trained, what duties they perform, and overall how the field actually works on a regular basis.

Dave BissonDavid Bisson | @DMBisson

Bio: David is currently a senior at Bard College, where he is studying Political Studies and writing his senior thesis on cyberwar and cross-domain escalation.  He also works at the Hannah Arendt Center for Politics and Humanities at Bard College as an Outreach intern.  Post-graduation, David would like to leverage his extensive journalism experience as well as his interest in computer coding and social media to pursue a career in cyber security, both its practice and policy.