Skip to main content

Scientists develop algorithm that can predict cyber warfare attacks

For a developed nation, cyber attacks have become something to fear. They're cheap to deploy, they can cause devastating results, like the closure of roads and disruption of basic utilities, and there is absolutely no way to predict them.

That is, until now.

Researchers Robert Axelrod and Rumen Iliev at the University of Michigan have published a paper in which they have defined an algorithm capable of predicting cyber attacks.

The algorithm works by determining the "optimum threshold" within which a cyber attack can take place. This is determined by cross-referencing four separate variables.

  • The specific vulnerability targeted by the cyber-weapons.
  • The stealth of the weapon measures the chance that an enemy may find out the use of the weapon and take necessary steps to stop its reuse.
  • Persistence of the weapon measures the chance that a weapon can still be used in the future, if not used now. Usually the chance that the enemy finds out their own vulnerability and fixes it, which renders the weapon useless.
  • Threshold defines the time when the stakes are high enough to risk the use of a weapon. Beyond the threshold you will gain more than you will lose.

The model can be used to adjust the threshold and determine the likelihood of an attack. For instance, if the weapon is particularly stealthy, the threshold decreases, as the longer it can avoid detection, the sooner an attacker should use it. When the persistence of a weapon increases, however, the threshold increases, as an attacker can wait longer before using it.

Based on the stakes of the outcome, a weapon must be used soon if the stakes are constant or later if the stakes are uneven.

Their model has been credited with perfectly predicting the timing of both the Stuxnet worm attack and Iran's counterattack in its strike on Aramco, an oil company in Saudi Arabia.

Because Stuxnet was designed to compromise Iran's attempts to enrich uranium to build nuclear weapons, which made the stakes, from an American perspective, very high. The worm was also incredibly stealthy, remaining hidden for nearly 17 months. According to the model, US and Israel should have attacked as soon as Stuxnet was ready for life in the wild.

That is exactly what seems to have happened.

In their 2012 book Cyber War: The Next Threat to National Security and What to Do About It, Richard Clarke and Robert Knake argue:

"It took a decade and a half after nuclear weapons were first used before a complex strategy for employing them, and better yet, for not using them, was articulated and implemented."

The emerging weapon that is cyber warfare may not have developed its own rules and strategies yet, but Axelrod and Iliev's paper could be the first step on the road to developing one.