EPSRC logo

Details of Grant 

EPSRC Reference: EP/L022702/1
Title: Bayesian Analysis of Competing Cyber Hypotheses
Principal Investigator: Maskell, Professor S
Other Investigators:
Alison, Professor L SAVIRIMUTHU, Mr J
Researcher Co-Investigators:
Project Partners:
Hewlett Packard plc (UK)
Department: Electrical Engineering and Electronics
Organisation: University of Liverpool
Scheme: Standard Research
Starts: 01 October 2014 Ends: 31 October 2017 Value (£): 189,699
EPSRC Research Topic Classifications:
Artificial Intelligence Information & Knowledge Mgmt
Psychology
EPSRC Industrial Sector Classifications:
Aerospace, Defence and Marine Information Technologies
Related Grants:
Panel History:
Panel DatePanel NameOutcome
22 Jan 2014 BACCHUS Full Proposals Announced
Summary on Grant Application Form
Cyber security is recognised as important at the highest levels of international government. President Obama has said that "the Cyber threat is one of the most serious economic and national security challenges [the US] face as a nation". Even the £650M in additional funding that accompanied the UK's Cyber Security Strategy is dwarfed by the >£10B estimated annual cost of cyber-crime to the UK economy. Additionally, we see links to "transnational organised crime" (cyber-crime is lucrative and widespread) as well as "Terrorism" (state-sponsored cyber-warfare is increasing) and "Ideologies and beliefs" (anti-establishment hacktivists, eg Anonymous, are also resorting to cyber-attack to express their views).

Companies such as HP help organisations who are subjected to cyber attacks to protect their assets and information from such attacks. These cyber defence companies achieve this using a combination of hardware and software augmented with human effort. Allocating human effort to activity is critical since inappropriate allocation can result in human time being wasted or attacks going unchallenged. Time pressure, the presence of ambiguous information and the high stakes involved can then degrade the human judgement associated with this allocation process.

Psychologists understand that such pressures degrade human decision making and similar issues have been found to exist in other domains. Indeed, Pearl Harbour and the Cuban Missile Crisis were each the result of failures in the intelligence process that can be traced back to human analysis errors educating decision making.

Motivated by such experiences, in the 1970s, the CIA developed a technique, "Analysis of Competing Hypotheses" which encourages analysts and decision makers to avoid the pitfalls that can be associated with intelligence analysis. This technique involves consideration of multiple candidate explanations for what is being observed. The hypotheses are then assessed (and iteratively refined) using the observations to discriminate between likely and unlikely hypotheses. While the technique has proven its utility, for it to work effectively, it is important that the hypotheses considered include the "possible" not just the "probable" explanations. Unfortunately, "possible" and "probable" aren't precisely defined in this context.

However, a recent advance in the statistics literature, "Sequential Monte Carlo Samplers", exhibits many of the same features as Analysis of Competing Hypotheses. Sequential Monte Carlo samplers are typically applied in contexts where a computer (not a person) generates the hypotheses and assesses them. However, just like Analysis of Competing Hypotheses, they consider a population of hypotheses, assessed against data and then iteratively used to spawn a new population of hypotheses. Crucially, the analogous concept to the notion of "possible" and "probable" hypotheses is both well defined and well understood.

We propose to adapt Sequential Monte Carlo samplers to become part of Analysis of Competing Hypotheses. We further propose to apply and demonstrate a tool embodying the technique in an operational cyber security context.

If successful, this project would develop techniques that would ensure that decisions made in operational cyber security settings were well motivated. Where those decisions relate to the allocation of human analyst resources to activities, this would improve the efficiency of cyber security operations. The technology will position the UK at the forefront of the state-of-the-art in this high priority application domain.

Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Impacts
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Summary
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: http://www.liv.ac.uk