5,111 research outputs found
A Stochastic Model of Active Cyber Defense Dynamics
The concept of active cyber defense has been proposed for years. However,
there are no mathematical models for characterizing the effectiveness of active
cyber defense. In this paper, we fill the void by proposing a novel Markov
process model that is native to the interaction between cyber attack and active
cyber defense. Unfortunately, the native Markov process model cannot be tackled
by the techniques we are aware of. We therefore simplify, via mean-field
approximation, the Markov process model as a Dynamic System model that is
amenable to analysis. This allows us to derive a set of valuable analytical
results that characterize the effectiveness of four types of active cyber
defense dynamics. Simulations show that the analytical results are inherent to
the native Markov process model, and therefore justify the validity of the
Dynamic System model. We also discuss the side-effect of the mean-field
approximation and its implications
HUNGARY’S CYBER DEFENSE READINESS FROM THE PERSPECTIVE OF INTERNATIONAL RECOMMENDATIONS
A country’s cyber defense structure is usually very complex and needs interagency cooperation. All countries have a different governance structure, but usually the ministries responsible for internal and external defense have an important role. This is confirmed by recommendations from various international organizations that show best practices for the creation of national cyber defense strategies. The goal of this study is to overview the structure of Hungarian cyber defense and its compliance with international recommendations
Wage Earners’ Priority in Bankruptcy: Application to Welfare Fund Payments
This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks – presence of: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant, however, presumably due to lack of address space layout randomization and canaries in the network architecture of the cyber defense exercise scenario.QC 20140908</p
Russia and Ransomware: Stop the Act, Not the Actor
The problem with defeating cyberattacks is that speed and number of threats outpace human-centered cyber defense. That is why a new approach to cyber defense is needed
Information Pooling Bias in Collaborative Cyber Forensics
abstract: Cyber threats are growing in number and sophistication making it important to continually study and improve all dimensions of cyber defense. Human teamwork in cyber defense analysis has been overlooked even though it has been identified as an important predictor of cyber defense performance. Also, to detect advanced forms of threats effective information sharing and collaboration between the cyber defense analysts becomes imperative. Therefore, through this dissertation work, I took a cognitive engineering approach to investigate and improve cyber defense teamwork. The approach involved investigating a plausible team-level bias called the information pooling bias in cyber defense analyst teams conducting the detection task that is part of forensics analysis through human-in-the-loop experimentation. The approach also involved developing agent-based models based on the experimental results to explore the cognitive underpinnings of this bias in human analysts. A prototype collaborative visualization tool was developed by considering the plausible cognitive limitations contributing to the bias to investigate whether a cognitive engineering-driven visualization tool can help mitigate the bias in comparison to off-the-shelf tools. It was found that participant teams conducting the collaborative detection tasks as part of forensics analysis, experience the information pooling bias affecting their performance. Results indicate that cognitive friendly visualizations can help mitigate the effect of this bias in cyber defense analysts. Agent-based modeling produced insights on internal cognitive processes that might be contributing to this bias which could be leveraged in building future visualizations. This work has multiple implications including the development of new knowledge about the science of cyber defense teamwork, a demonstration of the advantage of developing tools using a cognitive engineering approach, a demonstration of the advantage of using a hybrid cognitive engineering methodology to study teams in general and finally, a demonstration of the effect of effective teamwork on cyber defense performance.Dissertation/ThesisDoctoral Dissertation Applied Psychology 201
A Cost-Effective Cyber-Defense Strategy: Attack-Induced Region Minimization and Cybersecurity Margin Maximization
Recent years have witnessed increasing cyber-attack reports, e.g., the false
data injection (FDI) cyber-attacks, which result in massive damage to power
systems. This paper proposes a cost-effective two-stage cyber-defense strategy,
which minimizes the FDI attack-induced region in the system planning stage,
followed by the cybersecurity margin maximization in the system operation
stage. First, this paper proposes a shaping cyber-defense strategy that
achieves a balance between shaping the FDI attack-induced region and minimizing
the cyber-defense meters. The proposed shaping cyber-defense strategy is
formulated as a one-leader-multi-follower bi-level problem, which is converted
into a single-level mixed-integer linear programming (MILP) problem with
closed-form lower bounds of the big-M. Then, via optimal dispatch of operation
points, this paper proposes a dispatching cyber-defense strategy, which
achieves a trade-off between maximizing the cybersecurity margin and minimizing
the additional operation cost. This leads to a balance between the
safest-but-expensive operation point (i.e., Euclidean Chebyshev center) and the
cheapest-but-dangerous operation point. Simulation results on a modified IEEE
14 bus system verify the effectiveness and cost-effectiveness of the proposed
shape-and-dispatch cyber-defense strategy
Active Cyber Defense Dynamics Exhibiting Rich Phenomena
The Internet is a man-made complex system under constant attacks (e.g.,
Advanced Persistent Threats and malwares). It is therefore important to
understand the phenomena that can be induced by the interaction between cyber
attacks and cyber defenses. In this paper, we explore the rich phenomena that
can be exhibited when the defender employs active defense to combat cyber
attacks. To the best of our knowledge, this is the first study that shows that
{\em active cyber defense dynamics} (or more generally, {\em cybersecurity
dynamics}) can exhibit the bifurcation and chaos phenomena. This has profound
implications for cyber security measurement and prediction: (i) it is
infeasible (or even impossible) to accurately measure and predict cyber
security under certain circumstances; (ii) the defender must manipulate the
dynamics to avoid such {\em unmanageable situations} in real-life defense
operations.Comment: Proceedings of 2015 Symposium on the Science of Security (HotSoS'15
- …