3,806 research outputs found
A Hypergraph-Based Machine Learning Ensemble Network Intrusion Detection System
Network intrusion detection systems (NIDS) to detect malicious attacks
continues to meet challenges. NIDS are vulnerable to auto-generated port scan
infiltration attempts and NIDS are often developed offline, resulting in a time
lag to prevent the spread of infiltration to other parts of a network. To
address these challenges, we use hypergraphs to capture evolving patterns of
port scan attacks via the set of internet protocol addresses and destination
ports, thereby deriving a set of hypergraph-based metrics to train a robust and
resilient ensemble machine learning (ML) NIDS that effectively monitors and
detects port scanning activities and adversarial intrusions while evolving
intelligently in real-time. Through the combination of (1) intrusion examples,
(2) NIDS update rules, (3) attack threshold choices to trigger NIDS retraining
requests, and (4) production environment with no prior knowledge of the nature
of network traffic 40 scenarios were auto-generated to evaluate the ML ensemble
NIDS comprising three tree-based models. Results show that under the model
settings of an Update-ALL-NIDS rule (namely, retrain and update all the three
models upon the same NIDS retraining request) the proposed ML ensemble NIDS
produced the best results with nearly 100% detection performance throughout the
simulation, exhibiting robustness in the complex dynamics of the simulated
cyber-security scenario.Comment: 12 pages, 10 figure
Improving the Cybersecurity of Cyber-Physical Systems Through Behavioral Game Theory and Model Checking in Practice and in Education
This dissertation presents automated methods based on behavioral game theory and model checking to improve the cybersecurity of cyber-physical systems (CPSs) and advocates teaching certain foundational principles of these methods to cybersecurity students. First, it encodes behavioral game theory\u27s concept of level-k reasoning into an integer linear program that models a newly defined security Colonel Blotto game. This approach is designed to achieve an efficient allocation of scarce protection resources by anticipating attack allocations. A human subjects experiment based on a CPS infrastructure demonstrates its effectiveness. Next, it rigorously defines the term adversarial thinking, one of cybersecurity educations most important and elusive learning objectives, but for which no proper definition exists. It spells out what it means to think like a hacker by examining the characteristic thought processes of hackers through the lens of Sternberg\u27s triarchic theory of intelligence. Next, a classroom experiment demonstrates that teaching basic game theory concepts to cybersecurity students significantly improves their strategic reasoning abilities. Finally, this dissertation applies the SPIN model checker to an electric power protection system and demonstrates a straightforward and effective technique for rigorously characterizing the degree of fault tolerance of complex CPSs, a key step in improving their defensive posture
Using Monte Carlo Search With Data Aggregation to Improve Robot Soccer Policies
RoboCup soccer competitions are considered among the most challenging
multi-robot adversarial environments, due to their high dynamism and the
partial observability of the environment. In this paper we introduce a method
based on a combination of Monte Carlo search and data aggregation (MCSDA) to
adapt discrete-action soccer policies for a defender robot to the strategy of
the opponent team. By exploiting a simple representation of the domain, a
supervised learning algorithm is trained over an initial collection of data
consisting of several simulations of human expert policies. Monte Carlo policy
rollouts are then generated and aggregated to previous data to improve the
learned policy over multiple epochs and games. The proposed approach has been
extensively tested both on a soccer-dedicated simulator and on real robots.
Using this method, our learning robot soccer team achieves an improvement in
ball interceptions, as well as a reduction in the number of opponents' goals.
Together with a better performance, an overall more efficient positioning of
the whole team within the field is achieved
A Survey of Adversarial Machine Learning in Cyber Warfare
The changing nature of warfare has seen a paradigm shift from the conventional to asymmetric, contactless warfare such as information and cyber warfare. Excessive dependence on information and communication technologies, cloud infrastructures, big data analytics, data-mining and automation in decision making poses grave threats to business and economy in adversarial environments. Adversarial machine learning is a fast growing area of research which studies the design of Machine Learning algorithms that are robust in adversarial environments. This paper presents a comprehensive survey of this emerging area and the various techniques of adversary modelling. We explore the threat models for Machine Learning systems and describe the various techniques to attack and defend them. We present privacy issues in these models and describe a cyber-warfare test-bed to test the effectiveness of the various attack-defence strategies and conclude with some open problems in this area of research.
How Physicality Enables Trust: A New Era of Trust-Centered Cyberphysical Systems
Multi-agent cyberphysical systems enable new capabilities in efficiency,
resilience, and security. The unique characteristics of these systems prompt a
reevaluation of their security concepts, including their vulnerabilities, and
mechanisms to mitigate these vulnerabilities. This survey paper examines how
advancement in wireless networking, coupled with the sensing and computing in
cyberphysical systems, can foster novel security capabilities. This study
delves into three main themes related to securing multi-agent cyberphysical
systems. First, we discuss the threats that are particularly relevant to
multi-agent cyberphysical systems given the potential lack of trust between
agents. Second, we present prospects for sensing, contextual awareness, and
authentication, enabling the inference and measurement of ``inter-agent trust"
for these systems. Third, we elaborate on the application of quantifiable trust
notions to enable ``resilient coordination," where ``resilient" signifies
sustained functionality amid attacks on multiagent cyberphysical systems. We
refer to the capability of cyberphysical systems to self-organize, and
coordinate to achieve a task as autonomy. This survey unveils the cyberphysical
character of future interconnected systems as a pivotal catalyst for realizing
robust, trust-centered autonomy in tomorrow's world
- …