19,877 research outputs found
A Stochastic Model of Active Cyber Defense Dynamics
The concept of active cyber defense has been proposed for years. However,
there are no mathematical models for characterizing the effectiveness of active
cyber defense. In this paper, we fill the void by proposing a novel Markov
process model that is native to the interaction between cyber attack and active
cyber defense. Unfortunately, the native Markov process model cannot be tackled
by the techniques we are aware of. We therefore simplify, via mean-field
approximation, the Markov process model as a Dynamic System model that is
amenable to analysis. This allows us to derive a set of valuable analytical
results that characterize the effectiveness of four types of active cyber
defense dynamics. Simulations show that the analytical results are inherent to
the native Markov process model, and therefore justify the validity of the
Dynamic System model. We also discuss the side-effect of the mean-field
approximation and its implications
Active Cyber Defense Dynamics Exhibiting Rich Phenomena
The Internet is a man-made complex system under constant attacks (e.g.,
Advanced Persistent Threats and malwares). It is therefore important to
understand the phenomena that can be induced by the interaction between cyber
attacks and cyber defenses. In this paper, we explore the rich phenomena that
can be exhibited when the defender employs active defense to combat cyber
attacks. To the best of our knowledge, this is the first study that shows that
{\em active cyber defense dynamics} (or more generally, {\em cybersecurity
dynamics}) can exhibit the bifurcation and chaos phenomena. This has profound
implications for cyber security measurement and prediction: (i) it is
infeasible (or even impossible) to accurately measure and predict cyber
security under certain circumstances; (ii) the defender must manipulate the
dynamics to avoid such {\em unmanageable situations} in real-life defense
operations.Comment: Proceedings of 2015 Symposium on the Science of Security (HotSoS'15
How robust are distributed systems
A distributed system is made up of large numbers of components operating asynchronously from one another and hence with imcomplete and inaccurate views of one another's state. Load fluctuations are common as new tasks arrive and active tasks terminate. Jointly, these aspects make it nearly impossible to arrive at detailed predictions for a system's behavior. It is important to the successful use of distributed systems in situations in which humans cannot provide the sorts of predictable realtime responsiveness of a computer, that the system be robust. The technology of today can too easily be affected by worn programs or by seemingly trivial mechanisms that, for example, can trigger stock market disasters. Inventors of a technology have an obligation to overcome flaws that can exact a human cost. A set of principles for guiding solutions to distributed computing problems is presented
A pH Dependant Switch in DHP Oxidation Mechanism
Dehaloperoxidase (DHP) is a multifunctional enzyme found in Amphitrite ornata, a sediment-dwelling marine worm. This enzyme possess the structure of a traditional hemoglobin enzyme and serves as the primary oxygen carrier in A. ornata; however, it also possesses peroxidase and peroxygenase capabilities. These secondary oxidative functions provide a remarkable ability for A. ornata to resist the effects of toxic metabolites secreted by other organisms that cohabit its benthic ecosystem. This study will analyze the novel catalytic switching between peroxygenase and peroxidase oxidation mechanisms employed by DHP in response to pH changes
An Evolutionary Approach for Learning Attack Specifications in Network Graphs
This paper presents an evolutionary algorithm that learns attack scenarios, called attack specifications, from a network graph. This learning process aims to find attack specifications that minimise cost and maximise the value that an attacker gets from a successful attack. The attack specifications that the algorithm learns are represented using an approach based on Hoare's CSP (Communicating Sequential Processes). This new approach is able to represent several elements found in attacks, for example synchronisation. These attack specifications can be used by network administrators to find vulnerable scenarios, composed from the basic constructs Sequence, Parallel and Choice, that lead to valuable assets in the network
- …