“Quantitative Cybersecurity Assessment: From Breach Prediction to Incentive Design” Dr. Mingyan Liu, University of Michigan, Ann Arbor Friday, April 14, 2017 2:00 – 3:00PM EEB 248 Abstract: In this talk I will present a number of predictive analytics studies we performed over the past few years aimed at characterizing the extent to which cybersecurity incidents may be predicted based on externally observable properties of an entity's network. While the general procedure follows the standard framework of supervised learning, significant challenges arose in (1) determining what types of data to collect, (2) how to clean and align the data in both space and time, and (3) how to deal with various deficiencies in the data. I will first describe the use of host malicious activity data (including spam, phishing, and active scanning) combined with network configuration data to obtain incident prediction at an organizational level. I will then describe the additional use of business details about an organization to obtain more fine-grained prediction, which looks at not just the overall risk of an incident, but the types of incidents it is particularly susceptible to. In the second part of the talk I will describe how our ability to make predictions, or more generally, our ability to quantify at a global level the security postures of organizations, can be crucial in designing mechanisms to induce more socially desirable behaviors at the firm level. In particular, I will illustrate how quantitative assessment of this type may be viewed as creating a form of "public monitoring" that enables inter-temporal incentives to sustain long-term security information sharing among firms, or viewed as a form of "security pre-screening" to effectively mitigate moral hazard in underwriting cyber insurance policies through premium and coverage discrimination. The key technology underlying the first part of this talk was successfully transitioned to practice and led to the founding of a start-up, QuadMetrics, Inc. in late 2014; it was subsequently acquired by the analytics software firm FICO in May 2016. Bio: Mingyan Liu received her Ph.D in electrical engineering from the University of Maryland, College Park, in 2000. She has since been with the Department of Electrical Engineering and Computer Science at the University of Michigan, Ann Arbor, where she is currently a Professor. Her research interests are in optimal resource allocation, incentive design, and performance modeling and analysis, all within the context of communication networks. Her most recent research activities involve online learning, modeling and mining of large scale Internet measurement data concerning cyber security, and incentive mechanisms for inter-dependent security games. She is the recipient of the 2002 NSF CAREER Award, the University of Michigan Elizabeth C. Crosby Research Award in 2003 and 2014, the 2010 EECS Department Outstanding Achievement Award and the 2015 College of Engineering Excellence in Education Award. She holds Best Paper Awards from the International Conference on Information Processing in Sensor Networks (IPSN) in 2012 and the IEEE/ACM International Conference on Data Science and Advanced Analytics (DSAA) in 2014. She serves/has served on the editorial board of IEEE/ACM Trans. Networking, IEEE Trans. Mobile Computing, and ACM Trans. Sensor Networks. She is a Fellow of the IEEE and a member of the ACM.