Georgia Tech gets $17 million to research cyberattack attribution
In ancient Greek mythology Rhamnousia — also known as Nemesis — was the goddess who visited divine punishment on those displaying arrogance before the gods.
Now, armed with a $17.3 million cybersecurity research contract from the Pentagon, scientists at Georgia Tech want to visit that divine retribution on hackers. According to a statement this week from the university, the research will aim at creating an “attribution framework” dubbed Rhamnousia. The goal is to develop techniques to track and identify hackers in real time across the vast and borderless wilderness of cyberspace.
The technology will help discourage hacking, the researchers believe, because it will strip away the deniability many rely on.
“We should know who our friends are and who our enemies are in the cyber-domain,” said Manos Antonakakis, an assistant professor in Georgia Tech’s School of Electrical and Computer Engineering and the project’s principal investigator. “We want to take away the potential deniability that these attack groups now have.”
Michael Farrell, associate director of the university’s Institute for Information Security & Privacy, said deterring attacks is “virtually impossible if you’re unable to identify the adversary.”
“Attribution is the linchpin for deterrence in cyberspace, and the U.S. government is in need of a repeatable and releasable way forward,” he said.
He should know — he spent many years in a series in a series of technical and research jobs at the Department of Defense.
Attributing cyberattacks to specific groups or individuals can be achieved to some degree today, but it is a “manual process that requires highly skilled investigators and weeks or months to complete,” according to the Georgia Tech post. “Rhamnousia will accelerate that process and provide both scientific reasoning and hard evidence about the guilty parties.”
“We have a limited number of people working in cybersecurity and attacks occur every day, so we need to be able to optimize the forensic analysis that would lead to attribution,” Antonakakis said. “In this project, we will use machine learning and algorithms to scale up the attribution process to help companies and the government protect against those bad actors.
“We will provide a systematic and scientific way to deal with the attacks.”
Speed is also important, since justice is best meted out swiftly, Antonakakis said. The new research effort will use data science and engineering techniques to sift through existing and new data sets to find relevant information.
“We can distill the information that will be useful to identifying the virtual cyber actors,” Antonakakis said. “These bad actors have to use the network and computer systems, and they have to interact with sources. They are leaving crumbs behind, and we can leverage those.”
“Historically, attribution has been done primarily for law enforcement so they could put people behind bars and use that as a deterrent for others who might engage in these activities,” said Antonakakis. “We want to make sure that the people doing these attacks know that there is a very good chance that they will get caught and publicly attributed.”
The project aims to develop technology in three areas, according to the post:
- Efficient algorithmic attribution methods able to convert the research team’s experience with manual attack attribution to novel, tensor-based learning methods. The algorithms will allow expansion of existing efforts to create a science of attribution and traceback.
- Actionable attribution, in which the application of the algorithms will produce attribution reports to be shared with the attribution community.
- Historic public attack datasets brought together into a single distributed environment.