From the website of IARPA (Intelligence Advanced Research Projects Activity (IARPA) — a US research agency under the Director of National Intelligence.
“Approaches to cyber defense typically focus on post-mortem analysis of the various attack vectors utilized by adversaries. As attacks have evolved and increased over the years, established approaches (e.g., signature-based detection, anomaly detection) have not adequately enabled cybersecurity practitioners to get ahead of these threats. This has led to an industry that has invested heavily in analyzing the effects of cyber-attacks instead of analyzing and mitigating the “cause” of cyber-attacks,
The CAUSE (Cyber-attack Automated Unconventional Sensor Environment)Program seeks to develop cyber-attack forecasting methods and detect emerging cyber phenomena to assist cyber defenders with the earliest detection of a cyber-attack (e.g., Distributed Denial of Service (DDoS), successful spearphishing, successful drive-by, remote exploitation, unauthorized access, reconnaissance). The CAUSE Program aims to develop and validate unconventional multi-disciplined sensor technology (e.g., actor behavior models, black market sales) that will forecast cyber-attacks and complement existing advanced intrusion detection capabilities. Anticipated innovations include: methods to manage and extract huge amounts of streaming and batch data, the application and introduction of new and existing features from other disciplines to the cyber domain, and the development of models to generate probabilistic warnings for future cyber events. Successful proposers will combine cutting-edge research with the ability to develop robust forecasting capabilities from multiple sensors not typically used in the cyber domain…”
Excerpt from IARPA website