Researchers create cyber attack strike time formula
University of Michigan researchers outline mathematical model to predict when best to launch a cyber attack.
A mathematical model has been created by researchers from the University of Michigan that can predict when a cyber attack is likely to be launched.
The model's calculations are based on two parameters: the stealth of the attack vector and its persistence.
The former relates to the probability that if the attack vector is used now it will still be available afterwards, whereas persistence is the probability that not exploiting the resource means it will still be usable in future.
Simply put, this allows cyber attackers to work out when best to launch an assault against a target's systems for maximum impact.
It was created by Robert Axelrod, a professor of political science and public policy at the university, and Rumen Iliev, who is one of the academic institution's postdoctoral research fellows.
"A good resource should have both stealth and persistence," Iliev said. "The less persistent a resource is, the sooner it should be used lest the vulnerability is fixed before there's a chance to exploit it."
In a research paper, outlining their findings, the pair said cyber attackers need to carefully time their attacks to exploit vulnerabilities within their target's computer systems.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"The heart of our model is the trade-off between waiting until the stakes of the present situation are high enough to warrant the use of the resource, but not waiting so long that the vulnerability the resource exploits might be discovered and patched even if the resource is never used," the report states.
While their findings are largely presented from the perspective of a cyber attacker, the pair insist their research will also benefit those who need to safeguard a computer system's defences.
"Our model is presented from the perspective of the offence: when should a cyber resource be used to exploit a vulnerability in a target's computer network," their report reads.
"The results, however, are equally relevant to a defender who wants to estimate how high the stakes have to be in order for the offence to exploit an unknown vulnerability."
The report uses four case studies, including the Stuxnet attack on Iran's nuclear power programme and the Iranian cyber attack on the energy firm Saudi Aramco, to highlight how the model works.
"We hope this will encourage other efforts to study these things in a rigorous way," Axelrod said.
"There's a lot of discussion about cyber problems, but it's so new that the language isn't established. People use the word attack to mean anything from stealing a credit card number to sabotage of an industrial system," he added.