Grants and Contributions:

Grant or Award spanning more than one fiscal year (2017-2018 to 2018-2019).

Computer accounts get compromised for reasons: some used weak passwords; some created a digital exhaustx000D
much higher than normal; some were at high-risk positions (e.g., executives, accounting) and were exposed tox000D
too many attacks. Learning lessons from compromised accounts and password use would help people designx000D
better defense technologies. Following this principle, this Engage project is to develop a set of new algorithms,x000D
which automatically learn the trends in compromised accounts and password use and identify potential threatsx000D
earlier. The project plans to answer the following questions related to computer security: how and where tox000D
retrieve relevant information from publicly available data on compromised accounts? How insecure are mostx000D
passwords? How long would it take to brute force crack/guess them? Do the passwords being used follow anyx000D
best practice (e.g., letters + numbers)? Are there correlations with password security and the user's professionalx000D
positions (e.g., executives, managers, and accounting)? Who are the accounts most likely to get compromisedx000D
and what industry are they in? Do the compromised accounts have a higher than normal digital exhaustx000D
presence? With the patterns learnt from trend analysis, could we build a model to predict which accounts arex000D
likely to get compromised? Could the model also give recommendations on how to patch the security problemsx000D
of accounts that are likely to get compromised?x000D
The output of this project includes: (1) a data collection module that can retrieve and store information fromx000D
publicly available data on compromised accounts from dark web, (2) a set of algorithms that can answer thex000D
above-raised questions in trend analysis, and (3) a prediction model that can predict a user's likelihood to bex000D
compromised.