16,660 research outputs found
Multi-Layer Cyber-Physical Security and Resilience for Smart Grid
The smart grid is a large-scale complex system that integrates communication
technologies with the physical layer operation of the energy systems. Security
and resilience mechanisms by design are important to provide guarantee
operations for the system. This chapter provides a layered perspective of the
smart grid security and discusses game and decision theory as a tool to model
the interactions among system components and the interaction between attackers
and the system. We discuss game-theoretic applications and challenges in the
design of cross-layer robust and resilient controller, secure network routing
protocol at the data communication and networking layers, and the challenges of
the information security at the management layer of the grid. The chapter will
discuss the future directions of using game-theoretic tools in addressing
multi-layer security issues in the smart grid.Comment: 16 page
Dynamic Multi-Arm Bandit Game Based Multi-Agents Spectrum Sharing Strategy Design
For a wireless avionics communication system, a Multi-arm bandit game is
mathematically formulated, which includes channel states, strategies, and
rewards. The simple case includes only two agents sharing the spectrum which is
fully studied in terms of maximizing the cumulative reward over a finite time
horizon. An Upper Confidence Bound (UCB) algorithm is used to achieve the
optimal solutions for the stochastic Multi-Arm Bandit (MAB) problem. Also, the
MAB problem can also be solved from the Markov game framework perspective.
Meanwhile, Thompson Sampling (TS) is also used as benchmark to evaluate the
proposed approach performance. Numerical results are also provided regarding
minimizing the expectation of the regret and choosing the best parameter for
the upper confidence bound
Evaluating Resilience of Cyber-Physical-Social Systems
Nowadays, protecting the network is not the only security concern. Still, in cyber security,
websites and servers are becoming more popular as targets due to the ease with which
they can be accessed when compared to communication networks. Another threat in
cyber physical social systems with human interactions is that they can be attacked and
manipulated not only by technical hacking through networks, but also by manipulating
people and stealing users’ credentials. Therefore, systems should be evaluated beyond cy-
ber security, which means measuring their resilience as a piece of evidence that a system
works properly under cyber-attacks or incidents. In that way, cyber resilience is increas-
ingly discussed and described as the capacity of a system to maintain state awareness for
detecting cyber-attacks. All the tasks for making a system resilient should proactively
maintain a safe level of operational normalcy through rapid system reconfiguration to
detect attacks that would impact system performance. In this work, we broadly studied
a new paradigm of cyber physical social systems and defined a uniform definition of it.
To overcome the complexity of evaluating cyber resilience, especially in these inhomo-
geneous systems, we proposed a framework including applying Attack Tree refinements
and Hierarchical Timed Coloured Petri Nets to model intruder and defender behaviors
and evaluate the impact of each action on the behavior and performance of the system.Hoje em dia, proteger a rede não é a única preocupação de segurança. Ainda assim, na
segurança cibernética, sites e servidores estão se tornando mais populares como alvos
devido à facilidade com que podem ser acessados quando comparados às redes de comu-
nicação. Outra ameaça em sistemas sociais ciberfisicos com interações humanas é que eles
podem ser atacados e manipulados não apenas por hackers técnicos através de redes, mas
também pela manipulação de pessoas e roubo de credenciais de utilizadores. Portanto, os
sistemas devem ser avaliados para além da segurança cibernética, o que significa medir
sua resiliência como uma evidência de que um sistema funciona adequadamente sob
ataques ou incidentes cibernéticos. Dessa forma, a resiliência cibernética é cada vez mais
discutida e descrita como a capacidade de um sistema manter a consciência do estado para
detectar ataques cibernéticos. Todas as tarefas para tornar um sistema resiliente devem
manter proativamente um nível seguro de normalidade operacional por meio da reconfi-
guração rápida do sistema para detectar ataques que afetariam o desempenho do sistema.
Neste trabalho, um novo paradigma de sistemas sociais ciberfisicos é amplamente estu-
dado e uma definição uniforme é proposta. Para superar a complexidade de avaliar a
resiliência cibernética, especialmente nesses sistemas não homogéneos, é proposta uma
estrutura que inclui a aplicação de refinamentos de Árvores de Ataque e Redes de Petri
Coloridas Temporizadas Hierárquicas para modelar comportamentos de invasores e de-
fensores e avaliar o impacto de cada ação no comportamento e desempenho do sistema
Real-time fusion and projection of network intrusion activity
Intrusion Detection Systems (IDS) warn of suspicious or malicious network activity and are a fundamental, yet passive, defense-in-depth layer for modern networks. Prior research has applied information fusion techniques to correlate the alerts of multiple IDSs and group those belonging to the same multi-stage attack into attack tracks. Projecting the next likely step in these tracks potentially enhances an analyst’s situational awareness; however, the reliance on attack plans, complicated algorithms, or expert knowledge of the respective network is prohibitive and prone to obsolescence with the continual deployment of new technology and evolution of hacker tradecraft. This thesis presents a real-time continually learning system capable of projecting attack tracks that does not require a priori knowledge about network architecture or rely on static attack templates. Prediction correctness over time and other metrics are used to assess the system’s performance. The system demonstrates the successful real-time adaptation of the model, including enhancements such as the prediction that a never before observed event is about to occur. The intrusion projection system is framed as part of a larger information fusion and impact assessment architecture for cyber security
Kinetic and Cyber
We compare and contrast situation awareness in cyber warfare and in
conventional, kinetic warfare. Situation awareness (SA) has a far longer
history of study and applications in such areas as control of complex
enterprises and in conventional warfare, than in cyber warfare. Far more is
known about the SA in conventional military conflicts, or adversarial
engagements, than in cyber ones. By exploring what is known about SA in
conventional, also commonly referred to as kinetic, battles, we may gain
insights and research directions relevant to cyber conflicts. We discuss the
nature of SA in conventional (often called kinetic) conflict, review what is
known about this kinetic SA (KSA), and then offer a comparison with what is
currently understood regarding the cyber SA (CSA). We find that challenges and
opportunities of KSA and CSA are similar or at least parallel in several
important ways. With respect to similarities, in both kinetic and cyber worlds,
SA strongly impacts the outcome of the mission. Also similarly, cognitive
biases are found in both KSA and CSA. As an example of differences, KSA often
relies on commonly accepted, widely used organizing representation - map of the
physical terrain of the battlefield. No such common representation has emerged
in CSA, yet.Comment: A version of this paper appeared as a book chapter in Cyber Defense
and Situational Awareness, Springer, 2014. Prepared by US Government
employees in their official duties; approved for public release, distribution
unlimited. Cyber Defense and Situational Awareness. Springer International
Publishing, 2014. 29-4
- …