Calling cybersecurity threats “one of the most serious national economic security challenges that we face,” President Obama last week signed an executive order to promote the sharing of cybersecurity threat information between the private sector and federal government. 

But what drives people to carry out cybersecurity attacks, and can such attacks be prevented?

Ahmed Abbasi, a professor of information technology at the University of Virginia’s McIntire School of Commerce, may soon be able to offer critical insight into some of the most fundamental questions of cybersecurity. He aims to find out how and why hackers and phishers conduct attacks, investigating the issue on several levels – technological and psycho-social – with a $1.5 million National Science Foundation grant.

Abbasi is working with a team of cybersecurity experts from the University of Utah, the University of Texas at Dallas, Drexel University and the University of Arizona to look for the root causes of cybersecurity attacks, as well as how such attacks might be predicted and prevented.

Seeking to gain insight into not only the technological elements of the attacks, but also their political, social and psychological drivers, Abbasi said a key objective of the grant is to combine the expertise of computational, data and social scientists.

“Security is a socio-technical problem,” he said. “To really understand security breaches, factors pertaining to sociology and psychology must be considered. What drives people to conduct cybersecurity attacks? How do economic, political and cultural indicators correlate with the origins and destinations of various attacks? More, what psychological factors impact users’ susceptibility to phishing?”

Although existing research in both the hard and social sciences has examined issues of cybersecurity, Abbasi said few studies have attempted to examine the subject from several perspectives at once.

“We hope to create an integrated, interdisciplinary community that will really help to extend and enrich the existing body of cybersecurity knowledge,” he said.

Abbasi and his fellow researchers will first focus on building a rich, large-scale “test bed” composed of tens of millions of data points from online hacker communities, phishing attacks and geopolitical content. The test bed, in turn, will be integrated into an online portal equipped with a suite of predictive and descriptive analytics tools that will scour the data, allowing users to analyze, forecast, segment and draw correlative and causal associations from it.

Some of the data, Abbasi said, will also be used in predictive analytics competitions hosted at data-mining workshops, at security conferences and through third-party crowdsourcing websites that cater to the data scientist community. Such crowdsourcing events, he noted, have proven to be remarkably efficient generators of creative – and effective – solutions to some of the most vexing business and scientific conundrums. NASA, for instance, recently conducted a three-month public competition that resulted in a 300 percent improvement in the accuracy of a key image recognition model; a four-month contest hosted by General Electric produced airline flight arrival-time predictions that were 40 percent more accurate than the industry standard, saving passengers an average of five minutes of wait-time at the gate and saving airlines millions of dollars annually.

“Our goal in devising this complementary test bed and tool kit is to enable the research and practitioner communities to unearth critical relationships hidden within the data,” Abbasi said. “Our hope is that identifying those relationships will help us to predict – and prevent – cybersecurity breaches that have so far proven unforeseeable.”