Simple mathematical law benchmarks human confrontations.
ABSTRACT: Many high-profile societal problems involve an individual or group repeatedly attacking another - from child-parent disputes, sexual violence against women, civil unrest, violent conflicts and acts of terror, to current cyber-attacks on national infrastructure and ultrafast cyber-trades attacking stockholders. There is an urgent need to quantify the likely severity and timing of such future acts, shed light on likely perpetrators, and identify intervention strategies. Here we present a combined analysis of multiple datasets across all these domains which account for >100,000 events, and show that a simple mathematical law can benchmark them all. We derive this benchmark and interpret it, using a minimal mechanistic model grounded by state-of-the-art fieldwork. Our findings provide quantitative predictions concerning future attacks; a tool to help detect common perpetrators and abnormal behaviors; insight into the trajectory of a 'lone wolf'; identification of a critical threshold for spreading a message or idea among perpetrators; an intervention strategy to erode the most lethal clusters; and more broadly, a quantitative starting point for cross-disciplinary theorizing about human aggression at the individual and group level, in both real and online worlds.
Project description:Terror attacks in Israel produce a temporary lull in light accidents followed by a 35% spike in fatal accidents on Israeli roads 3 days after the attack. Our results are based on time-series analysis of Israeli traffic flows, accidents, and terror attacks from January 2001 through June 2002. Whereas prior studies have focused on subjective reports of posttraumatic stress, our study shows a population-level behavioral response to violent terror attacks.
Project description:Terrorism is a salient risk source in 21st century life and may deter tourists from visiting certain destinations. How people perceive the risk of a future terror attack abroad, and thus their traveling decisions, may be influenced by whether they think about the future in specific and personal terms (episodic future thinking) or in more general, abstract terms (semantic future thinking). In a pre-registered experiment (N = 277) we explored the potential impact of episodic future thinking on the perceived risk of terror attacks abroad. Participants were randomly assigned to one of four conditions: (1) An episodic future thinking-condition, where participants were asked to imagine a specific, terror-related personal episode that might occur in the future while traveling abroad; (2) a semantic future thinking-condition, where participants were asked to think more abstractly about terror events that might occur in the future; (3) an episodic counterfactual thinking-condition, where participants were asked to imagine a specific, terror-related personal episode that might have occurred in the past while traveling abroad and (4) a passive control condition. Participants indicated their perceived risk of six different future terror attacks occurring abroad. The manipulation checks suggest that the experimental manipulations functioned as intended. Contrary to the central hypothesis of the study, there were no differences in the perceived risk of terror attacks between the conditions. These results run counter to previous research and do not support the idea that how people think about the future influences their perceived risk of future dramatic events. Potential limitations and implications are discussed.
Project description:In December 2015, a cyber-physical attack took place on the Ukrainian electricity distribution network. This is regarded as one of the first cyber-physical attacks on electricity infrastructure to have led to a substantial power outage and is illustrative of the increasing vulnerability of Critical National Infrastructure to this type of malicious activity. Few data points, coupled with the rapid emergence of cyber phenomena, has held back the development of resilience analytics of cyber-physical attacks, relative to many other threats. We propose to overcome data limitations by applying stochastic counterfactual risk analysis as part of a new vulnerability assessment framework. The method is developed in the context of the direct and indirect socioeconomic impacts of a Ukrainian-style cyber-physical attack taking place on the electricity distribution network serving London and its surrounding regions. A key finding is that if decision-makers wish to mitigate major population disruptions, then they must invest resources more-or-less equally across all substations, to prevent the scaling of a cyber-physical attack. However, there are some substations associated with higher economic value due to their support of other Critical National Infrastructures assets, which justifies the allocation of additional cyber security investment to reduce the chance of cascading failure. Further cyber-physical vulnerability research must address the tradeoffs inherent in a system made up of multiple institutions with different strategic risk mitigation objectives and metrics of value, such as governments, infrastructure operators, and commercial consumers of infrastructure services.
Project description:A critical requirement for developing a cyber capable workforce is to understand how to challenge, assess, and rapidly develop human cyber skill-sets in realistic cyber operational environments. Fortunately, cyber team competitions make use of simulated operational environments with scoring criteria of task performance that objectively define overall team effectiveness, thus providing the means and context for observation and analysis of cyber teaming. Such competitions allow researchers to address the key determinants that make a cyber defense team more or less effective in responding to and mitigating cyber attacks. For this purpose, we analyzed data collected at the 12th annual Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC, http://www.maccdc.org), where eight teams were evaluated along four independent scoring dimensions: maintaining services, incident response, scenario injects, and thwarting adversarial activities. Data collected from the 13-point OAT (Observational Assessment of Teamwork) instrument by embedded observers and a cyber teamwork survey completed by all participants were used to assess teamwork and leadership behaviors and team composition and work processes, respectively. The scores from the competition were used as an outcome measure in our analysis to extract key features of team process, structure, leadership, and skill-sets in relation to effective cyber defense. We used Bayesian regression to relate scored performance during the competition to team skill composition, team experience level, and an observational construct of team collaboration. Our results indicate that effective collaboration, experience, and functional role-specialization within the teams are important factors that determine the success of these teams in the competition and are important observational predictors of the timely detection and effective mitigation of ongoing cyber attacks. These results support theories of team maturation and the development of functional team cognition applied to mastering cybersecurity.
Project description:We study the spatiotemporal correlation of terrorist attacks by al-Qaeda, the Islamic State of Iraq and Syria (ISIS), and local insurgents, in six geographical areas identified via k-means clustering applied to the Global Terrorism Database. All surveyed organizations exhibit near-repeat activity whereby a prior attack increases the likelihood of a subsequent one by the same group within 20 km and on average 4 (al-Qaeda) to 10 (ISIS) weeks. Near-response activity, whereby an attack by a given organization elicits further attacks from a different one, is found to depend on the adversarial, neutral, or collaborative relationship between the two. When in conflict, local insurgents respond quickly to attacks by global terror groups while global terror groups delay their responses to local insurgents, leading to an asymmetric dynamic. When neutral or allied, attacks by one group enhance the response likelihood of the other, regardless of hierarchy. These trends arise consistently in all clusters for which data are available. Government intervention and spillover effects are also discussed; we find no evidence of outbidding. Understanding the regional dynamics of terrorism may be greatly beneficial in policy making and intervention design.
Project description:This article presents a dataset produced to investigate how data and information quality estimations enable to detect aNomalies and malicious acts in cyber-physical systems. Data were acquired making use of a cyber-physical subsystem consisting of liquid containers for fuel or water, along with its automated control and data acquisition infrastructure. Described data consist of temporal series representing five operational scenarios - Normal, aNomalies, breakdown, sabotages, and cyber-attacks - corresponding to 15 different real situations. The dataset is publicly available in the .zip file published with the article, to investigate and compare faulty operation detection and characterization methods for cyber-physical systems.
Project description:Cyber conflict is now a common and potentially dangerous occurrence. The target typically faces a strategic choice based on its ability to attribute the attack to a specific perpetrator and whether it has a viable punishment at its disposal. We present a game-theoretic model, in which the best strategic choice for the victim depends on the vulnerability of the attacker, the knowledge level of the victim, payoffs for different outcomes, and the beliefs of each player about their opponent. The resulting blame game allows analysis of four policy-relevant questions: the conditions under which peace (i.e., no attacks) is stable, when attacks should be tolerated, the consequences of asymmetric technical attribution capabilities, and when a mischievous third party or an accident can undermine peace. Numerous historical examples illustrate how the theory applies to cases of cyber or kinetic conflict involving the United States, Russia, China, Japan, North Korea, Estonia, Israel, Iran, and Syria.
Project description:We present evidence of a novel form of group hunting. Individual sailfish (Istiophorus platypterus) alternate attacks with other group members on their schooling prey (Sardinella aurita). While only 24% of attacks result in prey capture, multiple prey are injured in 95% of attacks, resulting in an increase of injured fish in the school with the number of attacks. How quickly prey are captured is positively correlated with the level of injury of the school, suggesting that hunters can benefit from other conspecifics' attacks on the prey. To explore this, we built a mathematical model capturing the dynamics of the hunt. We show that group hunting provides major efficiency gains (prey caught per unit time) for individuals in groups of up to 70 members. We also demonstrate that a free riding strategy, where some individuals wait until the prey are sufficiently injured before attacking, is only beneficial if the cost of attacking is high, and only then when waiting times are short. Our findings provide evidence that cooperative benefits can be realized through the facilitative effects of individuals' hunting actions without spatial coordination of attacks. Such 'proto-cooperation' may be the pre-cursor to more complex group-hunting strategies.
Project description:The growth of web technology has brought convenience to our life, since it has become the most important communication channel. However, now this merit is threatened by complicated network-based attacks, such as denial of service (DoS) and distributed denial of service (DDoS) attacks. Despite many researchers' efforts, no optimal solution that addresses all sorts of HTTP DoS/DDoS attacks is on offer. Therefore, this research aims to fix this gap by designing an alternative solution called a flexible, collaborative, multilayer, DDoS prevention framework (FCMDPF). The innovative design of the FCMDPF framework handles all aspects of HTTP-based DoS/DDoS attacks through the following three subsequent framework's schemes (layers). Firstly, an outer blocking (OB) scheme blocks attacking IP source if it is listed on the black list table. Secondly, the service traceback oriented architecture (STBOA) scheme is to validate whether the incoming request is launched by a human or by an automated tool. Then, it traces back the true attacking IP source. Thirdly, the flexible advanced entropy based (FAEB) scheme is to eliminate high rate DDoS (HR-DDoS) and flash crowd (FC) attacks. Compared to the previous researches, our framework's design provides an efficient protection for web applications against all sorts of DoS/DDoS attacks.
Project description:BACKGROUND: An important step in annotation of sequenced genomes is the identification of transcription factor binding sites. More than a hundred different computational methods have been proposed, and it is difficult to make an informed choice. Therefore, robust assessment of motif discovery methods becomes important, both for validation of existing tools and for identification of promising directions for future research. RESULTS: We use a machine learning perspective to analyze collections of transcription factors with known binding sites. Algorithms are presented for finding position weight matrices (PWMs), IUPAC-type motifs and mismatch motifs with optimal discrimination of binding sites from remaining sequence. We show that for many data sets in a recently proposed benchmark suite for motif discovery, none of the common motif models can accurately discriminate the binding sites from remaining sequence. This may obscure the distinction between the potential performance of the motif discovery tool itself versus the intrinsic complexity of the problem we are trying to solve. Synthetic data sets may avoid this problem, but we show on some previously proposed benchmarks that there may be a strong bias towards a presupposed motif model. We also propose a new approach to benchmark data set construction. This approach is based on collections of binding site fragments that are ranked according to the optimal level of discrimination achieved with our algorithms. This allows us to select subsets with specific properties. We present one benchmark suite with data sets that allow good discrimination between positive and negative instances with the common motif models. These data sets are suitable for evaluating algorithms for motif discovery that rely on these models. We present another benchmark suite where PWM, IUPAC and mismatch motif models are not able to discriminate reliably between positive and negative instances. This suite could be used for evaluating more powerful motif models. CONCLUSION: Our improved benchmark suites have been designed to differentiate between the performance of motif discovery algorithms and the power of motif models. We provide a web server where users can download our benchmark suites, submit predictions and visualize scores on the benchmarks.