Cyber attack simulation and information fusion process refinement optimization models for cyber security

Cyber crime is an increasingly prominent threat to all aspects of society including businesses, government, banks, transportation, and individuals. The security of computer networks is dependent on the ability to recognize and defend against malicious cyber attacks. The goal of this thesis is to utilize operation research techniques to create tools that will significantly contribute to cyber security. A simulation framework and template is developed to efficiently represent computer networks and cyber security intrusion detection systems. The simulation is capable of generating complex cyber attacks based on the computer network configuration and the capabilities of the attacker. The simulation results in alert messages corresponding to attack actions and ordinary network behavior which are typically used by situational awareness tools or systems administrators to identify and take action against the attack. Through verification, validation, and an experimental performance evaluation, the simulation model is shown to be an effective tool to enable testing of situational awareness tools and for determining network vulnerabilities. In addition, this thesis extends the highly effective information fusion methods of situational awareness and threat assessment by introducing a method of adaptive process refinement for cyber security. The adaptive process refinement model utilizes integer programming optimization to improve the success of cyber attack detection, tracking, and identification. The process refinement model is designed to dynamically provide recommendations for optimal allocation of network detection resources subject to processing capacity, current attack activity, and network vulnerabilities. The cyber attack simulation methodology is utilized to create a set of attack scenarios on computer networks that are used conduct an experimental performance evaluation of the adaptive process refinement model to determine its capabilities and limitations. The simulation and process refinement methods provide operations research tools that will help to advance the field of cyber security

Modelo conceitual para o gerenciamento de riscos à segurança de instalações portuárias: uma abordagem construtivista

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Engenharia de Produção, Florianópolis, 2015.A atenção para com a proteção de infraestruturas críticas transformou-se em uma preocupação para a consecução de objetivos estratégicos de países e organizações. Com o reconhecimento de normas como o ISPS Code o governo brasileiro passou a exigir das instalações portuárias brasileiras a obrigatoriedade de estruturação de medidas protetivas para o atendimento de demandas pactuadas com entidades internacionais, dentre as quais, o desenvolvimento de planos de análise de riscos à segurança como condição preponderante para a gestão da segurança de instalações portuárias. Neste contexto, a presente pesquisa propõe um modelo para a análise de riscos à segurança de instalações portuárias, aperfeiçoando o entendimento de seus gestores a partir de uma perspectiva multicritério. Para a consecução deste objetivo a presente pesquisa elaborou o mapeamento deste tema; utilizou os pressupostos da metodologia MCDA-C para construiu o modelo conceitual proposto para a análise de riscos à segurança de instalações portuárias; e testou a proposta através de um estudo de caso realizado junto ao Terminal Portuário Santa Catarina. Os resultados apurados ao término da pesquisa evidenciaram contribuições científicas associadas a dois contextos específicos: (i) ao contexto da avaliação de desempenho com a identificação de lacunas de conhecimento e suas consequentes oportunidades de aprimoramento; (ii) ao contexto da norma de gestão de riscos ISO 31.000:2009 com a proposição de processo estruturado para operacionalizar a etapa de análise de riscos a partir da do emprego de MCDA-C, bem como, com o desenvolvimento de uma aplicação informatizada preconizada para este fim.Abstract : The attention to the protection of critical infrastructure became a concern for the achievement of strategic objectives of countries and organizations. With the recognition of standards such as the ISPS Code the Brazilian government began requiring the Brazilian port facilities the requirement for structuring protective measures to meet the agreed demands with international entities, among which, the development of security risk analysis plans as a major condition for managing the security of port facilities. In this context, this research proposes a model for risk analysis to security of port facilities, improving the understanding of its managers from a multi-criteria approach. To achieve this objective, the present study has developed the mapping of this issue; used the premises of the MCDA-C methodology to build our framework for risk analysis to security of port facilities; and tested the proposal through a case study conducted by the Port Terminal Santa Catarina. The results calculated at the end of the survey showed scientific contributions associated with two specific contexts: (i) the performance evaluation context with the identification of knowledge gaps and their consequent opportunities for improvement; (ii) the context of risk management standard ISO 31000: 2009 with the process of proposition structured to operationalize the risk analysis step from the use of MCDA-C as well as with the development of a recommended computerized application to this end