369 research outputs found
Mecanismos dinâmicos de segurança para redes softwarizadas e virtualizadas
The relationship between attackers and defenders has traditionally been
asymmetric, with attackers having time as an upper hand to devise an exploit
that compromises the defender. The push towards the Cloudification of
the world makes matters more challenging, as it lowers the cost of an attack,
with a de facto standardization on a set of protocols. The discovery of a vulnerability
now has a broader impact on various verticals (business use cases),
while previously, some were in a segregated protocol stack requiring independent
vulnerability research. Furthermore, defining a perimeter within a cloudified
system is non-trivial, whereas before, the dedicated equipment already
created a perimeter. This proposal takes the newer technologies of network
softwarization and virtualization, both Cloud-enablers, to create new dynamic
security mechanisms that address this asymmetric relationship using novel
Moving Target Defense (MTD) approaches. The effective use of the exploration
space, combined with the reconfiguration capabilities of frameworks like
Network Function Virtualization (NFV) and Management and Orchestration
(MANO), should allow for adjusting defense levels dynamically to achieve the
required security as defined by the currently acceptable risk. The optimization
tasks and integration tasks of this thesis explore these concepts. Furthermore,
the proposed novel mechanisms were evaluated in real-world use cases, such
as 5G networks or other Network Slicing enabled infrastructures.A relação entre atacantes e defensores tem sido tradicionalmente assimétrica,
com os atacantes a terem o tempo como vantagem para conceberem
uma exploração que comprometa o defensor. O impulso para a Cloudificação
do mundo torna a situação mais desafiante, pois reduz o custo de um
ataque, com uma padronização de facto sobre um conjunto de protocolos.
A descoberta de uma vulnerabilidade tem agora um impacto mais amplo em
várias verticais (casos de uso empresarial), enquanto anteriormente, alguns
estavam numa pilha de protocolos segregados que exigiam uma investigação
independente das suas vulnerabilidades. Além disso, a definição de um
perímetro dentro de um sistema Cloud não é trivial, enquanto antes, o equipamento
dedicado já criava um perímetro. Esta proposta toma as mais recentes
tecnologias de softwarização e virtualização da rede, ambas facilitadoras da
Cloud, para criar novos mecanismos dinâmicos de segurança que incidem sobre
esta relação assimétrica utilizando novas abordagens de Moving Target
Defense (MTD). A utilização eficaz do espaço de exploração, combinada com
as capacidades de reconfiguração de frameworks como Network Function
Virtualization (NFV) e Management and Orchestration (MANO), deverá permitir
ajustar dinamicamente os níveis de defesa para alcançar a segurança
necessária, tal como definida pelo risco actualmente aceitável. As tarefas de
optimização e de integração desta tese exploram estes conceitos. Além disso,
os novos mecanismos propostos foram avaliados em casos de utilização no
mundo real, tais como redes 5G ou outras infraestruturas de Network Slicing.Programa Doutoral em Engenharia Informátic
Strategic Learning for Active, Adaptive, and Autonomous Cyber Defense
The increasing instances of advanced attacks call for a new defense paradigm
that is active, autonomous, and adaptive, named as the \texttt{`3A'} defense
paradigm. This chapter introduces three defense schemes that actively interact
with attackers to increase the attack cost and gather threat information, i.e.,
defensive deception for detection and counter-deception, feedback-driven Moving
Target Defense (MTD), and adaptive honeypot engagement. Due to the cyber
deception, external noise, and the absent knowledge of the other players'
behaviors and goals, these schemes possess three progressive levels of
information restrictions, i.e., from the parameter uncertainty, the payoff
uncertainty, to the environmental uncertainty. To estimate the unknown and
reduce uncertainty, we adopt three different strategic learning schemes that
fit the associated information restrictions. All three learning schemes share
the same feedback structure of sensation, estimation, and actions so that the
most rewarding policies get reinforced and converge to the optimal ones in
autonomous and adaptive fashions. This work aims to shed lights on proactive
defense strategies, lay a solid foundation for strategic learning under
incomplete information, and quantify the tradeoff between the security and
costs.Comment: arXiv admin note: text overlap with arXiv:1906.1218
Risk Management Framework 2.0
The quantification of risk has received a great deal of attention in recently published literature, and there is an opportunity for the DoD to take advantage of what information is currently available to fundamentally improve on current risk assessment and management processes. The critical elements absent in the current process are the objective assessment of likelihood as part of the whole risk scenario and a visual representation or acknowledgement of uncertainty. A proposed framework would incorporate selected elements of multiple theories and axiomatic approaches in order to: (1) simultaneously examine multiple objectives of the organization, (2) limit bias and subjectivity during the assessment process by converting subjective risk contributors into quantitative values using tools that measure the attack surface and adversarial effort, (3) present likelihood and impact as real-time objective variables that reflect the state of the organization and are grounded on sound mathematical and scientific principles, (4) aggregate and function organization-wide (strategic, operational, and tactical) with maximum transparency, (5) achieve greater representation of the real scenario and strive to model future scenarios, (6) adapt to the preferred granularity, dimensions, and discovery of the decision maker, and (7) improve the decision maker’s ability to select the most optimal alternative by reducing the decision to rational logic. The proposed solution is what I term Risk Management Framework 2.0 , and the expected results of this modernized framework are reduced complexity, improved optimization, and more effective management of risk within the organization. This study introduces a Decision Support System (DSS) concept to aid implementation, maximize transparency and cross-level communication, and keep members operating within the bounds of the proposed framework
The Role of Deep Learning in Advancing Proactive Cybersecurity Measures for Smart Grid Networks: A Survey
As smart grids (SG) increasingly rely on advanced technologies like sensors
and communication systems for efficient energy generation, distribution, and
consumption, they become enticing targets for sophisticated cyberattacks. These
evolving threats demand robust security measures to maintain the stability and
resilience of modern energy systems. While extensive research has been
conducted, a comprehensive exploration of proactive cyber defense strategies
utilizing Deep Learning (DL) in {SG} remains scarce in the literature. This
survey bridges this gap, studying the latest DL techniques for proactive cyber
defense. The survey begins with an overview of related works and our distinct
contributions, followed by an examination of SG infrastructure. Next, we
classify various cyber defense techniques into reactive and proactive
categories. A significant focus is placed on DL-enabled proactive defenses,
where we provide a comprehensive taxonomy of DL approaches, highlighting their
roles and relevance in the proactive security of SG. Subsequently, we analyze
the most significant DL-based methods currently in use. Further, we explore
Moving Target Defense, a proactive defense strategy, and its interactions with
DL methodologies. We then provide an overview of benchmark datasets used in
this domain to substantiate the discourse.{ This is followed by a critical
discussion on their practical implications and broader impact on cybersecurity
in Smart Grids.} The survey finally lists the challenges associated with
deploying DL-based security systems within SG, followed by an outlook on future
developments in this key field.Comment: To appear in the IEEE internet of Things journa
Enhancing Cyber-Resiliency of DER-based SmartGrid: A Survey
The rapid development of information and communications technology has
enabled the use of digital-controlled and software-driven distributed energy
resources (DERs) to improve the flexibility and efficiency of power supply, and
support grid operations. However, this evolution also exposes
geographically-dispersed DERs to cyber threats, including hardware and software
vulnerabilities, communication issues, and personnel errors, etc. Therefore,
enhancing the cyber-resiliency of DER-based smart grid - the ability to survive
successful cyber intrusions - is becoming increasingly vital and has garnered
significant attention from both industry and academia. In this survey, we aim
to provide a systematical and comprehensive review regarding the
cyber-resiliency enhancement (CRE) of DER-based smart grid. Firstly, an
integrated threat modeling method is tailored for the hierarchical DER-based
smart grid with special emphasis on vulnerability identification and impact
analysis. Then, the defense-in-depth strategies encompassing prevention,
detection, mitigation, and recovery are comprehensively surveyed,
systematically classified, and rigorously compared. A CRE framework is
subsequently proposed to incorporate the five key resiliency enablers. Finally,
challenges and future directions are discussed in details. The overall aim of
this survey is to demonstrate the development trend of CRE methods and motivate
further efforts to improve the cyber-resiliency of DER-based smart grid.Comment: Submitted to IEEE Transactions on Smart Grid for Publication
Consideratio
A theory for understanding and quantifying moving target defense
Doctor of PhilosophyComputing and Information SciencesScott A. DeLoachThe static nature of cyber systems gives attackers a valuable and asymmetric advantage - time. To eliminate this asymmetric advantage, a new approach, called Moving Target Defense (MTD) has emerged as a potential solution. MTD system seeks to proactively change system configurations to invalidate the knowledge learned by the attacker and force them to spend more effort locating and re-locating vulnerabilities. While it sounds promising, the approach is so new that there is no standard definition of what an MTD is, what is
meant by diversification and randomization, or what metrics to define the effectiveness of such systems. Moreover, the changing nature of MTD violates two basic assumptions about the conventional attack surface notion. One is that the attack surface remains unchanged during an attack and the second is that it is always reachable. Therefore, a new attack surface definition is needed.
To address these issues, I propose that a theoretical framework for MTD be defined. The framework should clarify the most basic questions such as what an MTD system is and its properties such as adaptation, diversification and randomization. The framework should reveal what is meant by gaining and losing knowledge, and what are different attack types. To reason over the interactions between attacker and MTD system, the framework should define key concepts such as attack surface, adaptation surface and engagement
surface. Based on that, this framework should allow MTD system designers to decide how to use existing configuration choices and functionality diversification to increase security. It should allow them to analyze the effectiveness of adapting various combinations of different configuration aspects to thwart different types of attacks. To support analysis, the frame-
work should include an analytical model that can be used by designers to determine how different parameter settings will impact system security
- …