9,335 research outputs found
TRIDEnT: Building Decentralized Incentives for Collaborative Security
Sophisticated mass attacks, especially when exploiting zero-day
vulnerabilities, have the potential to cause destructive damage to
organizations and critical infrastructure. To timely detect and contain such
attacks, collaboration among the defenders is critical. By correlating
real-time detection information (alerts) from multiple sources (collaborative
intrusion detection), defenders can detect attacks and take the appropriate
defensive measures in time. However, although the technical tools to facilitate
collaboration exist, real-world adoption of such collaborative security
mechanisms is still underwhelming. This is largely due to a lack of trust and
participation incentives for companies and organizations. This paper proposes
TRIDEnT, a novel collaborative platform that aims to enable and incentivize
parties to exchange network alert data, thus increasing their overall detection
capabilities. TRIDEnT allows parties that may be in a competitive relationship,
to selectively advertise, sell and acquire security alerts in the form of
(near) real-time peer-to-peer streams. To validate the basic principles behind
TRIDEnT, we present an intuitive game-theoretic model of alert sharing, that is
of independent interest, and show that collaboration is bound to take place
infinitely often. Furthermore, to demonstrate the feasibility of our approach,
we instantiate our design in a decentralized manner using Ethereum smart
contracts and provide a fully functional prototype.Comment: 28 page
Recommended from our members
The THREAT-ARREST Cyber-Security Training Platform
Cyber security is always a main concern for critical infrastructures and nation-wide safety and sustainability. Thus, advanced cyber ranges and security training is becoming imperative for the involved organizations. This paper presets a cyber security training platform, called THREAT-ARREST. The various platform modules can analyze an organization’s system, identify the most critical threats, and tailor a training program to its personnel needs. Then, different training programmes are created based on the trainee types (i.e. administrator, simple operator, etc.), providing several teaching procedures and accomplishing diverse learning goals. One of the main novelties of THREAT-ARREST is the modelling of these programmes along with the runtime monitoring, management, and evaluation operations. The platform is generic. Nevertheless, its applicability in a smart energy case study is detailed
A Tractable Fault Detection and Isolation Approach for Nonlinear Systems with Probabilistic Performance
This article presents a novel perspective along with a scalable methodology
to design a fault detection and isolation (FDI) filter for high dimensional
nonlinear systems. Previous approaches on FDI problems are either confined to
linear systems or they are only applicable to low dimensional dynamics with
specific structures. In contrast, shifting attention from the system dynamics
to the disturbance inputs, we propose a relaxed design perspective to train a
linear residual generator given some statistical information about the
disturbance patterns. That is, we propose an optimization-based approach to
robustify the filter with respect to finitely many signatures of the
nonlinearity. We then invoke recent results in randomized optimization to
provide theoretical guarantees for the performance of the proposed filer.
Finally, motivated by a cyber-physical attack emanating from the
vulnerabilities introduced by the interaction between IT infrastructure and
power system, we deploy the developed theoretical results to detect such an
intrusion before the functionality of the power system is disrupted
Generalized inattentional blindness from a Global Workspace perspective
We apply Baars' Global Workspace model of consciousness to inattentional blindness, using the groupoid network method of Stewart et al. to explore modular structures defined by information measures associated with cognitive process. Internal cross-talk breaks the fundamental groupoid symmetry, and, if sufficiently strong, creates, in a highly punctuated manner, a linked, shifting, giant component which instantiates the global workspace of consciousness. Embedding, exterior, information sources act as an external field which breaks the groupoid symmetry in a somewhat different manner, definng the slowly-acting contexts of Baars' theory and providing topological constraints on the manifestations of consciousness. This analysis significantly extends recent mathematical treatments of the global workspace, and identifies a shifting, topologically-determined syntactical and grammatical 'bottleneck' as a tunable rate distortion manifold which constrains what sensory or other signals can be brought to conscious attention, typically in a punctuated manner. Sensations outside the limits of that filter's syntactic 'bandpass' have lower probability of detection, regardless of their structure, accounting for generalized forms of inattentional blindness
- …