12,947 research outputs found
Evaluating Resilience of Electricity Distribution Networks via A Modification of Generalized Benders Decomposition Method
This paper presents a computational approach to evaluate the resilience of
electricity Distribution Networks (DNs) to cyber-physical failures. In our
model, we consider an attacker who targets multiple DN components to maximize
the loss of the DN operator. We consider two types of operator response: (i)
Coordinated emergency response; (ii) Uncoordinated autonomous disconnects,
which may lead to cascading failures. To evaluate resilience under response
(i), we solve a Bilevel Mixed-Integer Second-Order Cone Program which is
computationally challenging due to mixed-integer variables in the inner problem
and non-convex constraints. Our solution approach is based on the Generalized
Benders Decomposition method, which achieves a reasonable tradeoff between
computational time and solution accuracy. Our approach involves modifying the
Benders cut based on structural insights on power flow over radial DNs. We
evaluate DN resilience under response (ii) by sequentially computing autonomous
component disconnects due to operating bound violations resulting from the
initial attack and the potential cascading failures. Our approach helps
estimate the gain in resilience under response (i), relative to (ii)
Malware in the Future? Forecasting of Analyst Detection of Cyber Events
There have been extensive efforts in government, academia, and industry to
anticipate, forecast, and mitigate cyber attacks. A common approach is
time-series forecasting of cyber attacks based on data from network telescopes,
honeypots, and automated intrusion detection/prevention systems. This research
has uncovered key insights such as systematicity in cyber attacks. Here, we
propose an alternate perspective of this problem by performing forecasting of
attacks that are analyst-detected and -verified occurrences of malware. We call
these instances of malware cyber event data. Specifically, our dataset was
analyst-detected incidents from a large operational Computer Security Service
Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on
automated systems. Our data set consists of weekly counts of cyber events over
approximately seven years. Since all cyber events were validated by analysts,
our dataset is unlikely to have false positives which are often endemic in
other sources of data. Further, the higher-quality data could be used for a
number for resource allocation, estimation of security resources, and the
development of effective risk-management strategies. We used a Bayesian State
Space Model for forecasting and found that events one week ahead could be
predicted. To quantify bursts, we used a Markov model. Our findings of
systematicity in analyst-detected cyber attacks are consistent with previous
work using other sources. The advanced information provided by a forecast may
help with threat awareness by providing a probable value and range for future
cyber events one week ahead. Other potential applications for cyber event
forecasting include proactive allocation of resources and capabilities for
cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs.
Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa
- …