CLIENTS

Malicious software activities, commonly known as “malware,” represent a big threat to modern society.

A UTSA-led research team is investigating ways to accurately predict these attacks. Mechanical Engineering Professor Yusheng Feng and doctoral student Van Trieu-Do in the Margie and Bill Klesse College of Engineering and Integrated Design, in collaboration with professor Shouhuai Xu from the Department of Computer Science at the University of Colorado at Colorado Springs, are studying how to use mathematical tools and supercomputer simulation to foresee cyberattacks.

According to the recent findings by the Atlas VPN team, blockchain hackers netted nearly $1.3 billion in 78 hack events throughout Q1 2022. In addition, hacks on Ethereum and Solana's ecosystems attributed to over $1 billion in losses alone during this quarter.

The current pervasive security threats motivated the UTSA researchers to develop and use cyber defense tools and sensors to monitor the threats and collect data, which can be used for various purposes in developing defense mechanisms.

“The current damages call for studies to understand and characterize cyber attacks from different perspectives and at various levels of intrusion. There are multiple variables that go into predicting the potential damage these attacks may cause as the aggressors get more sophisticated,” said Feng.

Using predictive situational awareness analysis, the team studied the distinctive nature of the attacks to accurately predict the threats that target and potentially harm personal devices, servers, and networks.

“Most studies on cyberattacks focus on microscopic levels of abstractions, meaning how to defend against a particular attack,” Feng said. “Cyber attackers can successfully break in by exploiting a single weakness in a computer system.”

The study aims to analyze the macroscopic levels of abstractions.

“Such macroscopic-level studies are important because they would offer insights towards holistic solutions to defending cyberattacks,” he added.

Feng explains, “It’s very hard to single out the cause of each attack, however, we have big data with time series for each IP address (location). In this research, we use ‘causality’ when there are inter-relationships among IP addresses that have similar patterns of temporal features for identifying the threat.”

The researchers utilized Granger causality (G-causality) to study the vulnerabilities from a regional perspective of multiple threats, analyzing the cause and effect to identify cyber vulnerabilities or how the infiltrators attack an entity, in this case, IP addresses.

G-causality is a statistical concept of causation that is based on prediction, to characterize causality, a well-defined mathematical notion has to be established. The research team used Granger causality to determine the nature of the cyberattack signals so the signals can be compared and analyzed holistically.

The team also plans to expand the current body of research and study further what other kinds of causality will impact users and how to develop the appropriate defense tools to protect against sophisticated attacks.