Dartmouth Events

Abstract:  Today, top decision makers have little insight about the cyber-vulnerability of their enterprise networks. Given a host population H belonging to an enterprise, we define data-driven methods to characterize the ability of the enterprise to both detect malware and patch vulnerabilities. We then show how we can accurately predict the number of hosts in H that will be infected by a given malware m.  In particular, we develop a novel ensemble predictor consisting of a mix of classifiers, clustering methods, epidemic models, and regression. We test and validate our ensemble using real world data from Symantec. Based on these results, we developed the Country Cyber Attack Forecasting Engine (CCAFE) which demonstrates these methods on data about 44 countries and 50 malware samples.  Time permitting, I will also briefly discuss methods to classify Android malware into different families to support better anti-virus signatures and for appropriate malware removal methods, as well as the DARPA Twitter Bot Challenge.
 

Bio:  V.S. Subrahmanian is Professor of Computer Science and Director of the Center for Digital International Government at the University of Maryland. He previously served a 6.5 year stint as Director of the University of Maryland Institute for Advanced Computer Studies. VS has worked extensively on logical reasoning with uncertainty, probabilistic logics, temporal probabilistic logics, and managing huge, heterogeneous databases with incomplete and inconsistent information, and multimedia databases. He was the first to build computational models of terrorist group behavior and applied them to making forecasts and suggesting policies to shape behaviors of groups like Hezbollah, Lashkar-e-Taiba, and Indian Mujahideen. He is a leader in predictive analytics – he led the team that won DARPA's Twitter Influence Bot Detection Challenge under their SMISC program and the Harvard/Albany NGRID challenge on predicting the intensity of psychological symptoms from text. In cyber-security, VS developed some of the first secure query processing algorithms, flexible authentication frameworks, unexplained behavior detection, scalable detection of known threats, deception models, and optimal patching methods. His Global Cyber-Vulnerability Report published in January, 2016, characterizes cyber-risk of 44 countries by studying data on over 44 hosts per year over 2 years using over 20 billion malware/telemetry reports. A fellow of AAAI and AAAS, VS also serves or has served on the editorial boards of Science, IEEE TKDE, ACM-TOCL, ACM-TIST, and several other journals.