83,131 research outputs found
A Formal Approach to Cyber-Physical Attacks
We apply formal methods to lay and streamline theoretical foundations to
reason about Cyber-Physical Systems (CPSs) and cyber-physical attacks. We focus
on %a formal treatment of both integrity and DoS attacks to sensors and
actuators of CPSs, and on the timing aspects of these attacks. Our
contributions are threefold: (1) we define a hybrid process calculus to model
both CPSs and cyber-physical attacks; (2) we define a threat model of
cyber-physical attacks and provide the means to assess attack
tolerance/vulnerability with respect to a given attack; (3) we formalise how to
estimate the impact of a successful attack on a CPS and investigate possible
quantifications of the success chances of an attack. We illustrate definitions
and results by means of a non-trivial engineering application
Active Cyber Defense Dynamics Exhibiting Rich Phenomena
The Internet is a man-made complex system under constant attacks (e.g.,
Advanced Persistent Threats and malwares). It is therefore important to
understand the phenomena that can be induced by the interaction between cyber
attacks and cyber defenses. In this paper, we explore the rich phenomena that
can be exhibited when the defender employs active defense to combat cyber
attacks. To the best of our knowledge, this is the first study that shows that
{\em active cyber defense dynamics} (or more generally, {\em cybersecurity
dynamics}) can exhibit the bifurcation and chaos phenomena. This has profound
implications for cyber security measurement and prediction: (i) it is
infeasible (or even impossible) to accurately measure and predict cyber
security under certain circumstances; (ii) the defender must manipulate the
dynamics to avoid such {\em unmanageable situations} in real-life defense
operations.Comment: Proceedings of 2015 Symposium on the Science of Security (HotSoS'15
Malware in the Future? Forecasting of Analyst Detection of Cyber Events
There have been extensive efforts in government, academia, and industry to
anticipate, forecast, and mitigate cyber attacks. A common approach is
time-series forecasting of cyber attacks based on data from network telescopes,
honeypots, and automated intrusion detection/prevention systems. This research
has uncovered key insights such as systematicity in cyber attacks. Here, we
propose an alternate perspective of this problem by performing forecasting of
attacks that are analyst-detected and -verified occurrences of malware. We call
these instances of malware cyber event data. Specifically, our dataset was
analyst-detected incidents from a large operational Computer Security Service
Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on
automated systems. Our data set consists of weekly counts of cyber events over
approximately seven years. Since all cyber events were validated by analysts,
our dataset is unlikely to have false positives which are often endemic in
other sources of data. Further, the higher-quality data could be used for a
number for resource allocation, estimation of security resources, and the
development of effective risk-management strategies. We used a Bayesian State
Space Model for forecasting and found that events one week ahead could be
predicted. To quantify bursts, we used a Markov model. Our findings of
systematicity in analyst-detected cyber attacks are consistent with previous
work using other sources. The advanced information provided by a forecast may
help with threat awareness by providing a probable value and range for future
cyber events one week ahead. Other potential applications for cyber event
forecasting include proactive allocation of resources and capabilities for
cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs.
Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa
On Cyber Risk Management of Blockchain Networks: A Game Theoretic Approach
Open-access blockchains based on proof-of-work protocols have gained
tremendous popularity for their capabilities of providing decentralized
tamper-proof ledgers and platforms for data-driven autonomous organization.
Nevertheless, the proof-of-work based consensus protocols are vulnerable to
cyber-attacks such as double-spending. In this paper, we propose a novel
approach of cyber risk management for blockchain-based service. In particular,
we adopt the cyber-insurance as an economic tool for neutralizing cyber risks
due to attacks in blockchain networks. We consider a blockchain service market,
which is composed of the infrastructure provider, the blockchain provider, the
cyber-insurer, and the users. The blockchain provider purchases from the
infrastructure provider, e.g., a cloud, the computing resources to maintain the
blockchain consensus, and then offers blockchain services to the users. The
blockchain provider strategizes its investment in the infrastructure and the
service price charged to the users, in order to improve the security of the
blockchain and thus optimize its profit. Meanwhile, the blockchain provider
also purchases a cyber-insurance from the cyber-insurer to protect itself from
the potential damage due to the attacks. In return, the cyber-insurer adjusts
the insurance premium according to the perceived risk level of the blockchain
service. Based on the assumption of rationality for the market entities, we
model the interaction among the blockchain provider, the users, and the
cyber-insurer as a two-level Stackelberg game. Namely, the blockchain provider
and the cyber-insurer lead to set their pricing/investment strategies, and then
the users follow to determine their demand of the blockchain service.
Specifically, we consider the scenario of double-spending attacks and provide a
series of analytical results about the Stackelberg equilibrium in the market
game
Cyber Threat Intelligence : Challenges and Opportunities
The ever increasing number of cyber attacks requires the cyber security and
forensic specialists to detect, analyze and defend against the cyber threats in
almost realtime. In practice, timely dealing with such a large number of
attacks is not possible without deeply perusing the attack features and taking
corresponding intelligent defensive actions, this in essence defines cyber
threat intelligence notion. However, such an intelligence would not be possible
without the aid of artificial intelligence, machine learning and advanced data
mining techniques to collect, analyse, and interpret cyber attack evidences. In
this introductory chapter we first discuss the notion of cyber threat
intelligence and its main challenges and opportunities, and then briefly
introduce the chapters of the book which either address the identified
challenges or present opportunistic solutions to provide threat intelligence.Comment: 5 Page
- …