Fuzzy Chance-constrained Programming Based Security Information Optimization for Low Probability of Identification Enhancement in Radar Network Systems

In this paper, the problem of low probability of identification (LPID) improvement for radar network systems is investigated. Firstly, the security information is derived to evaluate the LPID performance for radar network. Then, without any prior knowledge of hostile intercept receiver, a novel fuzzy chance-constrained programming (FCCP) based security information optimization scheme is presented to achieve enhanced LPID performance in radar network systems, which focuses on minimizing the achievable mutual information (MI) at interceptor, while the attainable MI outage probability at radar network is enforced to be greater than a specified confidence level. Regarding to the complexity and uncertainty of electromagnetic environment in the modern battlefield, the trapezoidal fuzzy number is used to describe the threshold of achievable MI at radar network based on the credibility theory. Finally, the FCCP model is transformed to a crisp equivalent form with the property of trapezoidal fuzzy number. Numerical simulation results demonstrating the performance of the proposed strategy are provided

Cyber attack simulation and information fusion process refinement optimization models for cyber security

Cyber crime is an increasingly prominent threat to all aspects of society including businesses, government, banks, transportation, and individuals. The security of computer networks is dependent on the ability to recognize and defend against malicious cyber attacks. The goal of this thesis is to utilize operation research techniques to create tools that will significantly contribute to cyber security. A simulation framework and template is developed to efficiently represent computer networks and cyber security intrusion detection systems. The simulation is capable of generating complex cyber attacks based on the computer network configuration and the capabilities of the attacker. The simulation results in alert messages corresponding to attack actions and ordinary network behavior which are typically used by situational awareness tools or systems administrators to identify and take action against the attack. Through verification, validation, and an experimental performance evaluation, the simulation model is shown to be an effective tool to enable testing of situational awareness tools and for determining network vulnerabilities. In addition, this thesis extends the highly effective information fusion methods of situational awareness and threat assessment by introducing a method of adaptive process refinement for cyber security. The adaptive process refinement model utilizes integer programming optimization to improve the success of cyber attack detection, tracking, and identification. The process refinement model is designed to dynamically provide recommendations for optimal allocation of network detection resources subject to processing capacity, current attack activity, and network vulnerabilities. The cyber attack simulation methodology is utilized to create a set of attack scenarios on computer networks that are used conduct an experimental performance evaluation of the adaptive process refinement model to determine its capabilities and limitations. The simulation and process refinement methods provide operations research tools that will help to advance the field of cyber security

Funding model for port information system cyber security facilities with incomplete Hacker information available

Article describes the model developed for the module of port information system cyber security facilities funding decision making support system. The model is based on multistage game theory toolkit. The solution offered allows an opportunity for managers of information safety systems, particularly port information systems and technologies, to carry out preliminary assessment of financial strategies for development of effective cyber safety systems. The distinctive feature of the model is the assumption that the defending party does not have full information on the financing strategies of the attacking party and on the state of its financial resources used to break cyber security barriers of the port information system. The solution employs mathematical apparatus of bilinear turn-based multistage quality game with several terminal surfaces. A multiple-option simulation experiment was carried out to ensure validity of the model. The results of the experiment will also be described herein. Thus, in the article at the first time, decision of the game was shown for all cases of the correlation of game parameters for the protection side of the port information system (PIS) and hackers seeking to overcome the boundaries of cybersecurity. The solution found in the article will be useful for the created decision support system, in particular, for the situation when the attacker uses a mixed financial strategy of hacking the information system

Optimal IS Security Investment: Cyber Terrorism vs. Common Hacking

Proper investment in information systems security can protect national critical information systems. This research compares the optimal investment decision for organizations to protect themselves from common hackers and from cyber terrorists. A two-stage stochastic game model is proposed to model cyber terrorism activities as well as common hacking activities. The results of our specific simulation indicate that an optimal investment exists for games such as cyber crimes, and that the potential maximum loss to organizations from cyber terrorism is about fifty times more than from common hackers. This research can also be generalized to other practical fields such as financial fraud prevention. To the best of our knowledge, our approach is a novel approach that combines economic theory, deterrence theory, and IS security to explore the cyber terrorism problem

Peer-to-Peer Secure Multi-Party Numerical Computation Facing Malicious Adversaries

We propose an efficient framework for enabling secure multi-party numerical computations in a Peer-to-Peer network. This problem arises in a range of applications such as collaborative filtering, distributed computation of trust and reputation, monitoring and other tasks, where the computing nodes is expected to preserve the privacy of their inputs while performing a joint computation of a certain function. Although there is a rich literature in the field of distributed systems security concerning secure multi-party computation, in practice it is hard to deploy those methods in very large scale Peer-to-Peer networks. In this work, we try to bridge the gap between theoretical algorithms in the security domain, and a practical Peer-to-Peer deployment. We consider two security models. The first is the semi-honest model where peers correctly follow the protocol, but try to reveal private information. We provide three possible schemes for secure multi-party numerical computation for this model and identify a single light-weight scheme which outperforms the others. Using extensive simulation results over real Internet topologies, we demonstrate that our scheme is scalable to very large networks, with up to millions of nodes. The second model we consider is the malicious peers model, where peers can behave arbitrarily, deliberately trying to affect the results of the computation as well as compromising the privacy of other peers. For this model we provide a fourth scheme to defend the execution of the computation against the malicious peers. The proposed scheme has a higher complexity relative to the semi-honest model. Overall, we provide the Peer-to-Peer network designer a set of tools to choose from, based on the desired level of security.Comment: Submitted to Peer-to-Peer Networking and Applications Journal (PPNA) 200

On a Generic Security Game Model

To protect the systems exposed to the Internet against attacks, a security system with the capability to engage with the attacker is needed. There have been attempts to model the engagement/interactions between users, both benign and malicious, and network administrators as games. Building on such works, we present a game model which is generic enough to capture various modes of such interactions. The model facilitates stochastic games with imperfect information. The information is imperfect due to erroneous sensors leading to incorrect perception of the current state by the players. To model this error in perception distributed over other multiple states, we use Euclidean distances between the outputs of the sensors. We build a 5-state game to represent the interaction of the administrator with the user. The states correspond to 1) the user being out of the system in the Internet, and after logging in to the system; 2) having low privileges; 3) having high privileges; 4) when he successfully attacks and 5) gets trapped in a honeypot by the administrator. Each state has its own action set. We present the game with a distinct perceived action set corresponding to each distinct information set of these states. The model facilitates stochastic games with imperfect information. The imperfect information is due to erroneous sensors leading to incorrect perception of the current state by the players. To model this error in perception distributed over the states, we use Euclidean distances between outputs of the sensors. A numerical simulation of an example game is presented to show the evaluation of rewards to the players and the preferred strategies. We also present the conditions for formulating the strategies when dealing with more than one attacker and making collaborations.Comment: 31 page

Development of a Security-Focused Multi-Channel Communication Protocol and Associated Quality of Secure Service (QoSS) Metrics

The threat of eavesdropping, and the challenge of recognizing and correcting for corrupted or suppressed information in communication systems is a consistent challenge. Effectively managing protection mechanisms requires an ability to accurately gauge the likelihood or severity of a threat, and adapt the security features available in a system to mitigate the threat. This research focuses on the design and development of a security-focused communication protocol at the session-layer based on a re-prioritized communication architecture model and associated metrics. From a probabilistic model that considers data leakage and data corruption as surrogates for breaches of confidentiality and integrity, a set of metrics allows the direct and repeatable quantification of the security available in single- or multi-channel networks. The quantification of security is based directly upon the probabilities that adversarial listeners and malicious disruptors are able to gain access to or change the original message. Fragmenting data across multiple channels demonstrates potential improvements to confidentiality, while duplication improves the integrity of the data against disruptions. Finally, the model and metrics are exercised in simulation. The ultimate goal is to minimize the information available to adversaries