Resumen de Contributions to Supply Chain Cyber Risk Management Analytics

Alberto Redondo Hernández

• The digital era is bringing along new global threats among which cybersecurity related ones emerge as truly worrisome. Cybercrime is rising and attackers may have varied incentives such as financial, revenge or intellectual. Against this background, cyber infrastructures often install firewalls to filter incoming traffic to the network as a first defense line. However, these have weaknesses. For instance, they cannot protect from spoofed attacks bypassing its filter rules.The proliferation of cyber attacks and the increasing interconnectivity of organi- sations provide a major interest referring to the new cyber threats affecting supply chain operations in a new field which we call Supply Chain Cyber Risk Management (SCCRM). Given the reluctance of companies to release attack data, the inefficiencies of detecting systems and the problem at hand, we develop a general framework for SCCRM based on expert judgement. The framework supports risk assessment regarding various attacking techniques tailored to an organization and its suppliers, making use of information coming from a Threat Intelligent System. The framework estimates the probability of a sufficiently harmful attack taking into account the security environment and posture, as well as the possible impacts over the company and its suppliers. The information obtained permits forecasting dangerous situations, supply chain disruptions, or ranking of suppliers and facilitates the negotiation of insurance contracts. One of the global threats affecting SCCRM is malware. Attackers learn advanced obfuscation techniques to degrade its detection through anti-malware tools and machine learning algorithms. We tackle this problem providing a framework for malware detection. It uses a hybrid approach to obtain the relevant information from malware, extracting static features directly from binaries and dynamic features obtained by executing the binaries in an isolated environment. The framework is based on an adversarial risk analysis approach to improve the detection of malware obfuscated through metamorphic tools. We analyzed it observing which features are relevant during the obfuscation process and how their entailed data transformation may affect classifier performance. We conclude the study extending the model to detect multiclass malware com- monly presented in crime servers. Its classification performance degrades for standard classifiers. The detection of different types of malware is crucial as it affects decision making during the mitigation process. The extension of the model permits to use both generative and discriminative algorithms. The model improves performance compared with raw classifiers.