Charles River Conducted Forensic Analysis of Cybersocial & Cybertechnical Attacks

Charles River Analytics’ Cyber Adversary Discovery Engine (CADE) delivers an AI-based tool that enables analysts to visualize and test their hypotheses about the tactics, techniques, and procedures that threat actors adopt By DA Staff / 03 Jan 2023
Cyber-Adversary-Discovery-Engine-CADE
Follow DA

One of Charles River Analytics (CRA)’s key achievements in 2022 was the receipt of $2.5 million in funding from the US Navy for modeling and inferring intent of cyberspace threat actors.

According to the company, analysts need effective forensic analysis of both kinds of cyberattacks; on IT infrastructure (cybertechnical) and through social media operations spreading disinformation (cybersocial). 

CRA believes that cyberattacks have become increasingly complex with explicit obfuscation techniques to avoid being detected. Worse, actors change strategies dynamically in reaction to real-time events. As a result of these complexities, forensic analysis, especially of cybersocial attacks, have largely been conducted manually.

The Cyber Adversary Discovery Engine (CADE) from CRA delivers an AI-based tool that collaborates with analysts. By using CADE, analysts are able to visualize and test their hypotheses about the Tactics, Techniques, and Procedures (TTP) that threat actors adopt. 

“With CADE, we are developing a thought accelerator system that works with the complex reasoning that analysts are already doing in their heads,” said Bryan Loyall, Director of Technology Innovation and Principal Scientist at Charles River Analytics. “Having an analyst put their thoughts down in terms of visualizations helps them put the puzzle pieces together more effectively.”

CRA believes thorough forensic analysis through AI requires three components:

  • A way of modeling complex and multi-tiered TTPs from threat actors
  • Recognition and interpretation of attacker behaviors in the data
  • A tool that can enable analysts to visualize the complex layers and test their hypotheses easily. The tool would also alert analysts of changes in threat actor TTPs, which could signal a new front in the attack.

CADE addresses all three pillars: it represents the sophisticated TTPs of today’s cyberattackers; helps find attacks in forensic data; and collaborates with analysts to identify goals, behaviors, and changes in TTPs. The system also identifies individual threat actors by tracking their signature TTPs and their evolution over time.

The R&D funding for CADE was provided by the Office of Naval Research Small Business Technology Transfer (STTR) program which is intended to foster transitions of joint efforts between qualified small businesses and research institutions. 

CRA’s research partner for the CADE effort was the University of California Santa Cruz, led by Professor Magy Seif El-Nasr. Dr. Seif El-Nasr’s research focuses on using machine learning and visualization systems to understand and track behavior through analytics.

Phase I of the project designed and demonstrated the feasibility of CADE. Phase II developed a prototype that helped identify and understand adversary behavior, track changes over time and flag those that do not result from known events. CADE is developed with cognitive models and probabilistic programming language-based machine learning, which can build robust models even from small amounts of data.

Future iterations of CADE will enable analysts to turn certain events ‘on’ and ‘off’ in visualization panels, so analysts can eliminate confirmation bias or test drive competing hypotheses and match those against the data. CADE accounts for multiple factors such as time and space so analysts can see patterns they might not have easily seen before.

Loyall believes that CADE’s potential impact is immense, especially given the potential for cyber threat actors to spread misinformation on a massive level: “CADE will be a great asset for analysts doing the difficult work of trying to make the landscape better. If we’re able to help the underresourced people who are trying to make things better, we can make a positive impact on the world.”

Posted by DA Staff Connect & Contact

Latest Articles

The Benefits of Geospatial Analytics with FlySight’s OPENSIGHT Solutions

FlySight’s OPENSIGHT solutions deliver cutting-edge geospatial analytical capabilities, empowering airborne missions with enhanced situational awareness and streamlined operational processes

Jan 13, 2025
Septentrio Adds GNSS Correction Services to Agnostic Corrections Partner Program

Septentrio expands its Agnostic Corrections Program with the addition of GEODNET offering customers access to validated decentralized RTK network options

Jan 13, 2025
High-Capacity 6T Military Vehicle Battery Announced

The new NATO 6T Li-Ion battery for military vehicles from Epsilor Electric Fuel Ltd., is MIL-PRF-32565C certified and will be presented at IAV 2025 in Farnborough, January 21-23

Jan 13, 2025
BlueHalo to Provide EW Sensor Support for U.S. Military UAS

BlueHalo is set to provide hardware, materials, and operational support for electronic warfare (EW) sensors onboard UAS for the U.S. Navy and USSOCOM

Jan 10, 2025
Initial Operating Capability Declared for Next-Gen Jammer

The US Navy has declared initial operational capability for the Next Generation Jammer Mid-Band system, providing increases in power, target flexibility, and jamming technique

Jan 10, 2025
Elbit Systems to Deliver Counter-UAS Solution

Elbit Systems will supply a NATO country with its ReDrone C-UAS solution, featuring advanced DAiR Radar, SIGINT sensors, EW counter measures, and EO day/night payloads

Jan 09, 2025

Featured Content

Combating Unauthorized UAVs at Borders with Advanced C-UAS Systems

D-Fend Solutions explains the role of advanced counter-drone technologies in tackling the misuse of UAVs, ensuring secure borders and protecting critical airspace from evolving threats

Jan 09, 2025
Assured PNT Solutions for Defense Systems

Defense Advancement showcases Oscilloquartz's network synchronization technology and assured positioning, navigation and timing (PNT) solutions that secure defense systems and critical network infrastructure

Jan 07, 2025
PDW Secures U.S. Army Contracts to Field Heavy-Lift Quadcopter

Performance Drone Works (PDW's) C100 to be deployed by United States Indo-Pacific Command, European Command, and Central Command

Jan 02, 2025
New Contract for Advanced Fighter Pilot Helmet Display

The Striker ll Helmet Mounted Display (HMD) uses the latest technologies to integrate its all-digital night vision system and daylight-readable colour display

Dec 24, 2024
New Low SWaP GNSS Anti-Jam Technology Launched

NovAtel’s new GAJT-310 is a low SWaP GNSS Anti-Jam Technology, the latest in a line of battle-proven solutions for assured PNT that protects against hostile RF interference

Dec 19, 2024
Advanced FOG INS for Boxer Combat Reconnaissance Vehicles

Advanced Navigation’s FOG INS provides superior navigation data while maintaining a small form factor

Dec 12, 2024