APPLICATION OF GAME THEORY FOR ACTIVE CYBER DEFENSE AGAINST ADVANCED PERSISTENT THREATS

Advanced persistent threats (APTs) are determined, adaptive, and stealthy threat actors in cyber space. They are often hosted in, or sponsored by, adversary nation-states. As such, they are challenging opponents for both the U.S. military and the cyber-defense industry. Current defenses against APTs are largely reactive. This thesis used machine learning and game theory to test simulations of proactive defenses against APTs. We first applied machine learning to two benchmark APT datasets to classify APT network traffic by attack phase. This data was then used in a game model with reinforcement learning to learn the best tactics for both the APT attacker and the defender. The game model included security and resource levels, necessary conditions on actions, results of actions, success probabilities, and realistic costs and benefits for actions. The game model was run thousands of times with semi-random choices with reinforcement learning through a program created by NPS Professor Neil Rowe. Results showed that our methods could model active cyber defense strategies for defenders against both historical and hypothetical APT campaigns. Our game model is an extensible planning tool to recommend actions for defenders for active cyber defense planning against APTs.Approved for public release. Distribution is unlimited.Captain, United States Marine CorpsCaptain, United States Marine CorpsDISA, Arlington, VA, 2220

基于区块链的网络安全技术综述

随着移动互联网与物联网技术的发展,网络空间承载了海量数据,必须保证其安全性和隐私性。基于区块链的网络安全机制具有去中心化、不可篡改、可追溯、高可信和高可用的特性,有利于提升网络安全性。探讨了区块链在网络安全方面的应用方案,分析了基于区块链的网络安全机制的主要技术特点和方法以及未来研究方向。首先探讨了数据管理体系应用区块链进行数据管理的方法,利用区块链不可篡改的特性提高数据的真实性和可靠性。其次分析了物联网应用区块链进行设备管理的方案,通过区块链记录和执行设备控制指令,强化物联网设备权限和通信管理。最后研究了域名系统应用区块链的部署方案,利用区块链的去中心化结构抵抗针对中心节点的分布式拒绝服务攻击。国家自然科学基金资助项目(No.61671396);;东南大学移动通信国家重点实验室开放基金资助项目(No.2018D08);;佛山市科技创新项目(No.2015IT100095)~

Cumulative Prospect Theory Based Dynamic Pricing for Shared Mobility on Demand Services

Cumulative Prospect Theory (CPT) is a modeling tool widely used in behavioral economics and cognitive psychology that captures subjective decision making of individuals under risk or uncertainty. In this paper, we propose a dynamic pricing strategy for Shared Mobility on Demand Services (SMoDSs) using a passenger behavioral model based on CPT. This dynamic pricing strategy together with dynamic routing via a constrained optimization algorithm that we have developed earlier, provide a complete solution customized for SMoDS of multi-passenger transportation. The basic principles of CPT and the derivation of the passenger behavioral model in the SMoDS context are described in detail. The implications of CPT on dynamic pricing of the SMoDS are delineated using computational experiments involving passenger preferences. These implications include interpretation of the classic fourfold pattern of risk attitudes, strong risk aversion over mixed prospects, and behavioral preferences of self reference. Overall, it is argued that the use of the CPT framework corresponds to a crucial building block in designing socio-technical systems by allowing quantification of subjective decision making under risk or uncertainty that is perceived to be otherwise qualitative.Comment: 17 pages, 6 figures, and has been accepted for publication at the 58th Annual Conference on Decision and Control, 201

Cyber Insurance for Cyber Resilience

Cyber insurance is a complementary mechanism to further reduce the financial impact on the systems after their effort in defending against cyber attacks and implementing resilience mechanism to maintain the system-level operator even though the attacker is already in the system. This chapter presents a review of the quantitative cyber insurance design framework that takes into account the incentives as well as the perceptual aspects of multiple parties. The design framework builds on the correlation between state-of-the-art attacker vectors and defense mechanisms. In particular, we propose the notion of residual risks to characterize the goal of cyber insurance design. By elaborating the insurer's observations necessary for the modeling of the cyber insurance contract, we make comparison between the design strategies of the insurer under scenarios with different monitoring rules. These distinct but practical scenarios give rise to the concept of the intensity of the moral hazard issue. Using the modern techniques in quantifying the risk preferences of individuals, we link the economic impacts of perception manipulation with moral hazard. With the joint design of cyber insurance design and risk perceptions, cyber resilience can be enhanced under mild assumptions on the monitoring of insurees' actions. Finally, we discuss possible extensions on the cyber insurance design framework to more sophisticated settings and the regulations to strengthen the cyber insurance markets

The Role of Deep Learning in Advancing Proactive Cybersecurity Measures for Smart Grid Networks: A Survey

As smart grids (SG) increasingly rely on advanced technologies like sensors and communication systems for efficient energy generation, distribution, and consumption, they become enticing targets for sophisticated cyberattacks. These evolving threats demand robust security measures to maintain the stability and resilience of modern energy systems. While extensive research has been conducted, a comprehensive exploration of proactive cyber defense strategies utilizing Deep Learning (DL) in {SG} remains scarce in the literature. This survey bridges this gap, studying the latest DL techniques for proactive cyber defense. The survey begins with an overview of related works and our distinct contributions, followed by an examination of SG infrastructure. Next, we classify various cyber defense techniques into reactive and proactive categories. A significant focus is placed on DL-enabled proactive defenses, where we provide a comprehensive taxonomy of DL approaches, highlighting their roles and relevance in the proactive security of SG. Subsequently, we analyze the most significant DL-based methods currently in use. Further, we explore Moving Target Defense, a proactive defense strategy, and its interactions with DL methodologies. We then provide an overview of benchmark datasets used in this domain to substantiate the discourse.{ This is followed by a critical discussion on their practical implications and broader impact on cybersecurity in Smart Grids.} The survey finally lists the challenges associated with deploying DL-based security systems within SG, followed by an outlook on future developments in this key field.Comment: To appear in the IEEE internet of Things journa

Cyber-storms come from clouds:Security of cloud computing in the IoT era

The Internet of Things (IoT) is rapidly changing our society to a world where every “thing” is connected to the Internet, making computing pervasive like never before. This tsunami of connectivity and data collection relies more and more on the Cloud, where data analytics and intelligence actually reside. Cloud computing has indeed revolutionized the way computational resources and services can be used and accessed, implementing the concept of utility computing whose advantages are undeniable for every business. However, despite the benefits in terms of flexibility, economic savings, and support of new services, its widespread adoption is hindered by the security issues arising with its usage. From a security perspective, the technological revolution introduced by IoT and Cloud computing can represent a disaster, as each object might become inherently remotely hackable and, as a consequence, controllable by malicious actors. While the literature mostly focuses on the security of IoT and Cloud computing as separate entities, in this article we provide an up-to-date and well-structured survey of the security issues of cloud computing in the IoT era. We give a clear picture of where security issues occur and what their potential impact is. As a result, we claim that it is not enough to secure IoT devices, as cyber-storms come from Clouds