A Stochastic Model of Active Cyber Defense Dynamics

The concept of active cyber defense has been proposed for years. However, there are no mathematical models for characterizing the effectiveness of active cyber defense. In this paper, we fill the void by proposing a novel Markov process model that is native to the interaction between cyber attack and active cyber defense. Unfortunately, the native Markov process model cannot be tackled by the techniques we are aware of. We therefore simplify, via mean-field approximation, the Markov process model as a Dynamic System model that is amenable to analysis. This allows us to derive a set of valuable analytical results that characterize the effectiveness of four types of active cyber defense dynamics. Simulations show that the analytical results are inherent to the native Markov process model, and therefore justify the validity of the Dynamic System model. We also discuss the side-effect of the mean-field approximation and its implications

HUNGARY’S CYBER DEFENSE READINESS FROM THE PERSPECTIVE OF INTERNATIONAL RECOMMENDATIONS

A country’s cyber defense structure is usually very complex and needs interagency cooperation. All countries have a different governance structure, but usually the ministries responsible for internal and external defense have an important role. This is confirmed by recommendations from various international organizations that show best practices for the creation of national cyber defense strategies. The goal of this study is to overview the structure of Hungarian cyber defense and its compliance with international recommendations

Wage Earners’ Priority in Bankruptcy: Application to Welfare Fund Payments

This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks – presence of: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant, however, presumably due to lack of address space layout randomization and canaries in the network architecture of the cyber defense exercise scenario.QC 20140908</p

Russia and Ransomware: Stop the Act, Not the Actor

The problem with defeating cyberattacks is that speed and number of threats outpace human-centered cyber defense. That is why a new approach to cyber defense is needed

Information Pooling Bias in Collaborative Cyber Forensics

abstract: Cyber threats are growing in number and sophistication making it important to continually study and improve all dimensions of cyber defense. Human teamwork in cyber defense analysis has been overlooked even though it has been identified as an important predictor of cyber defense performance. Also, to detect advanced forms of threats effective information sharing and collaboration between the cyber defense analysts becomes imperative. Therefore, through this dissertation work, I took a cognitive engineering approach to investigate and improve cyber defense teamwork. The approach involved investigating a plausible team-level bias called the information pooling bias in cyber defense analyst teams conducting the detection task that is part of forensics analysis through human-in-the-loop experimentation. The approach also involved developing agent-based models based on the experimental results to explore the cognitive underpinnings of this bias in human analysts. A prototype collaborative visualization tool was developed by considering the plausible cognitive limitations contributing to the bias to investigate whether a cognitive engineering-driven visualization tool can help mitigate the bias in comparison to off-the-shelf tools. It was found that participant teams conducting the collaborative detection tasks as part of forensics analysis, experience the information pooling bias affecting their performance. Results indicate that cognitive friendly visualizations can help mitigate the effect of this bias in cyber defense analysts. Agent-based modeling produced insights on internal cognitive processes that might be contributing to this bias which could be leveraged in building future visualizations. This work has multiple implications including the development of new knowledge about the science of cyber defense teamwork, a demonstration of the advantage of developing tools using a cognitive engineering approach, a demonstration of the advantage of using a hybrid cognitive engineering methodology to study teams in general and finally, a demonstration of the effect of effective teamwork on cyber defense performance.Dissertation/ThesisDoctoral Dissertation Applied Psychology 201

A Cost-Effective Cyber-Defense Strategy: Attack-Induced Region Minimization and Cybersecurity Margin Maximization

Recent years have witnessed increasing cyber-attack reports, e.g., the false data injection (FDI) cyber-attacks, which result in massive damage to power systems. This paper proposes a cost-effective two-stage cyber-defense strategy, which minimizes the FDI attack-induced region in the system planning stage, followed by the cybersecurity margin maximization in the system operation stage. First, this paper proposes a shaping cyber-defense strategy that achieves a balance between shaping the FDI attack-induced region and minimizing the cyber-defense meters. The proposed shaping cyber-defense strategy is formulated as a one-leader-multi-follower bi-level problem, which is converted into a single-level mixed-integer linear programming (MILP) problem with closed-form lower bounds of the big-M. Then, via optimal dispatch of operation points, this paper proposes a dispatching cyber-defense strategy, which achieves a trade-off between maximizing the cybersecurity margin and minimizing the additional operation cost. This leads to a balance between the safest-but-expensive operation point (i.e., Euclidean Chebyshev center) and the cheapest-but-dangerous operation point. Simulation results on a modified IEEE 14 bus system verify the effectiveness and cost-effectiveness of the proposed shape-and-dispatch cyber-defense strategy

Active Cyber Defense Dynamics Exhibiting Rich Phenomena

The Internet is a man-made complex system under constant attacks (e.g., Advanced Persistent Threats and malwares). It is therefore important to understand the phenomena that can be induced by the interaction between cyber attacks and cyber defenses. In this paper, we explore the rich phenomena that can be exhibited when the defender employs active defense to combat cyber attacks. To the best of our knowledge, this is the first study that shows that {\em active cyber defense dynamics} (or more generally, {\em cybersecurity dynamics}) can exhibit the bifurcation and chaos phenomena. This has profound implications for cyber security measurement and prediction: (i) it is infeasible (or even impossible) to accurately measure and predict cyber security under certain circumstances; (ii) the defender must manipulate the dynamics to avoid such {\em unmanageable situations} in real-life defense operations.Comment: Proceedings of 2015 Symposium on the Science of Security (HotSoS'15