‘Enhanced Attribution’ will anonymise threat data, reveal past and future crimes
The US Military skunkworks Defense Advanced Research Projects Agency (DARPA) is hoping to build a platform to help bolster the treacherous world of attack attribution that would generate, anonymise, and share threat data.
The agency is seeking proposals for an “Enhanced Attribution” program which would bring high quality “transparency” to the “opaque” world of actor attribution, hopefully revealing the activities of online actors without compromising sources and methods.
Project lead Angelos Keromytis says there is presently little chance that a criminal will be caught.
“Malicious actors in cyberspace currently operate with little fear of being caught due to the fact that it is extremely difficult, in some cases perhaps even impossible, to reliably and confidently attribute actions in cyberspace to individual,” Keromytis says.
“The reason cyber attribution is difficult stems at least in part from a lack of end-to-end accountability in the current internet infrastructure.
“Cyber campaigns spanning jurisdictions, networks, and devices are only partially observable from the point of view of a defender that operates entirely in friendly cyber territory.”
DARPA wants ideas about how to identify actors using physical and behavioural biometrics, break down tools into knowledge “representations”, draw on open source data, and to build webs of information to reveal past and present malicious activity.
It should also sport algorithms to predict criminal campaign behaviour.
Internet-of-things, mobile phones, and desktop and laptops are all interesting “vantage points”, according to the program document [PDF].
Keromytis says actors can foil many attribution efforts by changing their tactics, techniques, and procedures, a fact which also inhibits response options and policy-making.
He says Enhanced Attribution will develop techniques and tools to produce “operationally and tactically relevant information about multiple concurrent independent malicious cyber campaigns” that each have multiple actors.
Threat intelligence has enjoyed a boom in the security industry with large firms and independent consultants spinning up firms dedicated to sieving through attack data and offering possible actor identities.
Proposals for the DARPA project should “investigate innovative approaches that enable revolutionary advances in science, devices, or systems”, the agency says.
It comes as DARPA appealed for hackers to weaponise everyday objects under its Improv project to find flaws in all things. ®
Rise of the machines