Home > Seminars > Mingyan Liu - Cyber Risk Assessment: From Breach Prediction to Incentive Design

Mingyan Liu - Cyber Risk Assessment: From Breach Prediction to Incentive Design


12/6/2018 at 3:30PM


12/6/2018 at 4:45PM


138 DeBartolo


College of Engineering close button

Dong Wang

Dong Wang

VIEW FULL PROFILE Email: dwang5@nd.edu
Phone: 574-631-3749
Website: http://www.nd.edu/~dwang5
Office: 214B Cushing


College of Engineering Assistant Professor
Big Data Analytics, Cyber-Physical Systems (CPS), Social Sensing, Smart Cities, Internet of Things (IoT), Network Science
Click for more information about Dong
Add to calendar:
iCal vCal

In this talk I will present our ongoing effort in the quantitative assessment of an organization's cybersecurity risk from externally observable properties, by applying modern machine techniques to large quantities of Internet measurement data.  Specifically, I will first describe the use of host malicious activity data (including spam, phishing, and active scanning) combined with network configuration data to obtain cybersecurity incident prediction at a firm level.  I will then describe the additional use of business details about an organization to obtain more fine-grained prediction, which examines not just the overall risk of an incident, but the types of incidents it is particularly susceptible to.  Both of these studies follow a supervised learning framework where ground truth information in the form of data breach reports is used.  In the third study I will show how deep learning techniques can be used to obtain application-agnostic, universal, and light-weight features from global scan measurements in an unsupervised setting; these features can then be used in a variety of supervised learning applications including that of prediction of malicious hosts.  I will conclude the talk by describing how our ability to make predictions, or more generally, our ability to quantify at a global level the security postures of organizations, can be crucial in designing mechanisms to induce more socially desirable behavior at the firm level.  In particular, quantitative assessment of this type may be viewed as creating a form of "public monitoring" that enables inter-temporal incentives to sustain long-term security information sharing among firms, or viewed as a form of "security pre-screening" to effectively mitigate moral hazard in underwriting cyber insurance policies through premium discrimination.

Seminar Speaker:

Mingyan Liu

Mingyan Liu

University of Michigan

Mingyan Liu received her Ph.D in electrical engineering from the University of Maryland, College Park, in 2000.  She has since been with the Department of Electrical Engineering and Computer Science at the University of Michigan, Ann Arbor, where she is currently a Professor and the Peter and Evelyn Fuss Chair of Electrical and Computer Engineering. 
Her research interests are in optimal resource allocation, incentive design, and performance modeling and analysis, all within the context of networked systems.  Her most recent research activities involve online learning, modeling and mining of large scale Internet measurement data concerning cyber security, and incentive mechanisms for cybersecurity.  She is the recipient of the 2002 NSF CAREER Award, the University of Michigan Elizabeth C. Crosby Research Award in 2003 and 2014, the 2010 EECS Department Outstanding Achievement Award, the 2015 College of Engineering Excellence in Education Award, and the 2018 Distinguished University Innovator Award.  She holds Best Paper Awards from the International Conference on Information Processing in Sensor Networks (IPSN) in 2012 and the IEEE/ACM International Conference on Data Science and Advanced Analytics (DSAA) in 2014.  She has served on the editorial board of IEEE/ACM Trans. Networking, IEEE Trans. Mobile Computing, and ACM Trans. Sensor Networks.  She is a Fellow of the IEEE and a member of the ACM.

Seminar Sponsors: