(The Hosting News) – University of Michigan student, Rumen Iliev, and former UN and US Department of Defense employee, Robert Axelrod, have released a mathematical model titled “Timing of cyber conflict” which analyzes how and when a cyber attack is done by hackers.
The goal of the research is to “promote the understanding of this domain of cyber conflict to mitigate the harm it can do, and harness the capabilities it can provide.”
The model focuses on zero-day vulnerabilities, a security flaw that exploits previously unknown vulnerabilities within the computer, and four case studies to predict the optimal time for an attack.
The case studies used are the Stuxnet attack on Iran’s nuclear program, Iranian cyber-attack on Saudi Aramco, economic coercion by China, and cyber espionage by Chinese military.
“The heart of our model is the trade-off between waiting until the stakes of the present situation are high enough to warrant the use of the resource, but not waiting so long that the vulnerability the resource exploits might be discovered and patched even if the resource is never used,” the report states.
Although the research is mostly done from the mindset of a hacker, it does offer some beneficial information for users who need to protect their data.
“The results, however, are equally relevant to a defender who wants to estimate how high the stakes have to be in order for the offence to exploit an unknown vulnerability.”