University of Michigan
November 12, 2024
3:00 refreshments
3:30 lecture
Abstract: With increasingly frequent and evermore costly data breaches and other cyber incidents, organizations large and small are faced with the question of not only how to secure their systems but also how to allocate limited resources among seemingly endless number of choices: software upgrade, patch deployment, new products, new training, new CISO, yes CrowdStrike, no CrowdStrike, a stash of bitcoins for when (not if) hit by ransomware; the list goes on. Within this context, sophisticated cybersecurity tools alone are no longer sufficient; we must also develop advanced risk assessment tools to help inform strategic decision making.
In this talk I will present a decade-long research journey in cybersecurity risk quantification and risk management. I will start with our early work on using Internet measurements combined with classical machine learning to perform breach prediction, and the subsequent commercialization of this technology. I will then discuss how this type of risk assessment can facilitate risk management. In particular, I will present a contract-theoretic framework that transforms cyber insurance policies from risk-transfer instruments to risk-reduction instruments. I end this talk by going through two recent case studies to highlight how the use of advanced deep learning tools ushers in not only new ways to extract information from conventional Internet measurement data but also new ways of assessing cyber risk: the first uses VAE to compress Internet scan records which enables distance-based downstream analysis; the second uses LLM to map these records to machine/human-readable fingerprints, which enables device-level risk assessment.
Bio: Mingyan Liu is the Alice L. Hunt Collegiate Professor of Engineering, a professor of Electrical Engineering & Computer Science, and the Associate Dean for Academic Affairs of the College of Engineering at the University of Michigan, Ann Arbor. She received her Ph.D in electrical engineering from the University of Maryland, College Park, in 2000 and has been with UM ever since. From Sept 2018 to May 2023, she was the Peter and Evelyn Fuss Chair of Electrical and Computer Engineering. Her research interests are in optimal resource allocation, sequential decision theory, game theory and incentive mechanisms, with applications to large-scale networked systems. Her most recent research involves cyber risk quantification using large-scale Internet measurement data and machine learning techniques. Technologies she developed in this space have been successfully transitioned. She is the recipient of an NSF CAREER Award in 2002 and a number of best paper awards. She received the University of Michigan Elizabeth C. Crosby Research Award in 2003 and 2014, the College of Engineering Excellence in Education Award (2015) and Excellence in Service Award (2017), and the Distinguished University Innovator Award in 2018. She is a Fellow of the IEEE and a member of the ACM.