What are the best data sources to use when evaluating a cyber-attack?

IARPA The Intelligence Advanced Research Projects Activity (IARPA) wants to learn about the best data sources that would help it and other researchers evaluate the latest cyber-attack tools and methods.

Specifically, IARPA wants to increase its understanding of current structured databases (which report on cyber-attacks with minimal latency between the cyber event and the follow-up report); real-time enterprise data (such as host logs, security application alerts and help desk tickets that cover the period of a cyber event; and ground truth data (which would be suitable for training purposes) within different industries?

IARPA’s request for information, which was published on March 4 and requires responses by April 2, asks a series of questions, including:

  • Which existing structured databases report on cyber-attacks?
  • What real-time data is most relevant to characterize a cyber-attack?
  • Are there good test cases (from specific industries or organizations) for which data are available?
  • What organizations provide “base rates” for cyber events within different industries?
  • Is there a large organization (with more than 5,000 users) that would work with a sponsored research program to provide data that could be used as a real-world test case?

IARPA invites submissions from interested parties, which should consist of a one-page cover letter, a half-page executive summary and a description of the technical challenges of no more than five pages.

Further information is available from Dewey Murdick, of IARPA, at dni-iarpa-rfi-14-06@iarpa.gov.