Charles River Conducted Forensic Analysis of Cybersocial & Cybertechnical Attacks

Charles River Analytics’ Cyber Adversary Discovery Engine (CADE) delivers an AI-based tool that enables analysts to visualize and test their hypotheses about the tactics, techniques, and procedures that threat actors adopt By DA Staff / 03 Jan 2023

Cyber Defense

Discover cutting-edge solutions from leading global suppliers
SUPPLIER SPOTLIGHT
Cyber-Adversary-Discovery-Engine-CADE
Follow DA

One of Charles River Analytics (CRA)’s key achievements in 2022 was the receipt of $2.5 million in funding from the US Navy for modeling and inferring intent of cyberspace threat actors.

According to the company, analysts need effective forensic analysis of both kinds of cyberattacks; on IT infrastructure (cybertechnical) and through social media operations spreading disinformation (cybersocial). 

CRA believes that cyberattacks have become increasingly complex with explicit obfuscation techniques to avoid being detected. Worse, actors change strategies dynamically in reaction to real-time events. As a result of these complexities, forensic analysis, especially of cybersocial attacks, have largely been conducted manually.

The Cyber Adversary Discovery Engine (CADE) from CRA delivers an AI-based tool that collaborates with analysts. By using CADE, analysts are able to visualize and test their hypotheses about the Tactics, Techniques, and Procedures (TTP) that threat actors adopt. 

“With CADE, we are developing a thought accelerator system that works with the complex reasoning that analysts are already doing in their heads,” said Bryan Loyall, Director of Technology Innovation and Principal Scientist at Charles River Analytics. “Having an analyst put their thoughts down in terms of visualizations helps them put the puzzle pieces together more effectively.”

CRA believes thorough forensic analysis through AI requires three components:

  • A way of modeling complex and multi-tiered TTPs from threat actors
  • Recognition and interpretation of attacker behaviors in the data
  • A tool that can enable analysts to visualize the complex layers and test their hypotheses easily. The tool would also alert analysts of changes in threat actor TTPs, which could signal a new front in the attack.

CADE addresses all three pillars: it represents the sophisticated TTPs of today’s cyberattackers; helps find attacks in forensic data; and collaborates with analysts to identify goals, behaviors, and changes in TTPs. The system also identifies individual threat actors by tracking their signature TTPs and their evolution over time.

The R&D funding for CADE was provided by the Office of Naval Research Small Business Technology Transfer (STTR) program which is intended to foster transitions of joint efforts between qualified small businesses and research institutions. 

CRA’s research partner for the CADE effort was the University of California Santa Cruz, led by Professor Magy Seif El-Nasr. Dr. Seif El-Nasr’s research focuses on using machine learning and visualization systems to understand and track behavior through analytics.

Phase I of the project designed and demonstrated the feasibility of CADE. Phase II developed a prototype that helped identify and understand adversary behavior, track changes over time and flag those that do not result from known events. CADE is developed with cognitive models and probabilistic programming language-based machine learning, which can build robust models even from small amounts of data.

Future iterations of CADE will enable analysts to turn certain events ‘on’ and ‘off’ in visualization panels, so analysts can eliminate confirmation bias or test drive competing hypotheses and match those against the data. CADE accounts for multiple factors such as time and space so analysts can see patterns they might not have easily seen before.

Loyall believes that CADE’s potential impact is immense, especially given the potential for cyber threat actors to spread misinformation on a massive level: “CADE will be a great asset for analysts doing the difficult work of trying to make the landscape better. If we’re able to help the underresourced people who are trying to make things better, we can make a positive impact on the world.”

Posted by DA Staff Connect & Contact

Latest Articles

Tyto Robotics: Propeller Balancing Methods for UAVs

Tyto Robotics highlights how static, dynamic, and aerodynamic propeller balancing methods correct vibration-related issues in UAV systems

May 12, 2025
Meltio Expands Metal Additive Manufacturing Presence to Portugal

Meltio has partnered with PrimeOut to drive metal 3D printing commercialization and integration in Portugal

May 12, 2025
Creomagic Partnership Delivers Integrated Tactical Communications & Surveillance System

Creomagic and RT LTA have partnered to develop SkyCnet, an integrated aerostat-based system that enhances tactical communications and situational awareness for defense and security operations

May 12, 2025
MIL-STD-461-Ready Rugged Computers at FEINDEF 2025

Neousys and Cenvalsa to showcase extreme-rugged, MIL-STD-461-ready computers at FEINDEF 2025 in Madrid, 12th to 14th May at booth 6A03

May 12, 2025
Precision Inertial Navigation Solutions for GPS-Denied Operations

ANELLO Photonics is a developer of cutting-edge inertial navigation solutions that enable military vehicles, aircraft, naval vessels and other platforms...

May 12, 2025
DTC & Idaho National Laboratory to Advance Secure Mission-Critical Communications

DTC and Idaho National Laboratory have partnered under a CRADA to develop secure, resilient communication technologies for mission-critical defense and national security operations

May 12, 2025

Featured Content

U.S. Army Partnership Advances Autonomous Helicopter Logistics Program

The U.S. Army is partnering with Honeywell and Near Earth Autonomy to retrofit Black Hawk helicopters with scalable autonomy kits for uncrewed logistics operations

May 08, 2025
Modular Head-Mounted Digital System for Real-Time Decision Support in Contested Environments

Galvion's new CORTEX™ system integrates compute, power, and data management into a modular helmet-mounted platform designed for modern tactical operations.

May 06, 2025
Partnership to Enhance Networking Capabilities for Defense Platforms

Amphenol Aerospace and BotBlox have partnered to distribute and integrate compact, rugged Ethernet hardware for defense platforms, enhancing networking capabilities and accelerating product development for uncrewed and mobile systems

May 01, 2025
Advancing Defense Capability Through Strategic Collaboration Defense Advancement works with major OEMs to foster collaboration and increase engagement with SMEs, to accelerate innovation and drive defense capabilities forward.