Dynamic Multi-Arm Bandit Game Based Multi-Agents Spectrum Sharing Strategy Design

For a wireless avionics communication system, a Multi-arm bandit game is mathematically formulated, which includes channel states, strategies, and rewards. The simple case includes only two agents sharing the spectrum which is fully studied in terms of maximizing the cumulative reward over a finite time horizon. An Upper Confidence Bound (UCB) algorithm is used to achieve the optimal solutions for the stochastic Multi-Arm Bandit (MAB) problem. Also, the MAB problem can also be solved from the Markov game framework perspective. Meanwhile, Thompson Sampling (TS) is also used as benchmark to evaluate the proposed approach performance. Numerical results are also provided regarding minimizing the expectation of the regret and choosing the best parameter for the upper confidence bound

Security Aspects of Internet of Things aided Smart Grids: a Bibliometric Survey

The integration of sensors and communication technology in power systems, known as the smart grid, is an emerging topic in science and technology. One of the critical issues in the smart grid is its increased vulnerability to cyber threats. As such, various types of threats and defense mechanisms are proposed in literature. This paper offers a bibliometric survey of research papers focused on the security aspects of Internet of Things (IoT) aided smart grids. To the best of the authors' knowledge, this is the very first bibliometric survey paper in this specific field. A bibliometric analysis of all journal articles is performed and the findings are sorted by dates, authorship, and key concepts. Furthermore, this paper also summarizes the types of cyber threats facing the smart grid, the various security mechanisms proposed in literature, as well as the research gaps in the field of smart grid security.Comment: The paper is published in Elsevier's Internet of Things journal. 25 pages + 20 pages of reference

Survey of Attack Projection, Prediction, and Forecasting in Cyber Security

This paper provides a survey of prediction, and forecasting methods used in cyber security. Four main tasks are discussed first, attack projection and intention recognition, in which there is a need to predict the next move or the intentions of the attacker, intrusion prediction, in which there is a need to predict upcoming cyber attacks, and network security situation forecasting, in which we project cybersecurity situation in the whole network. Methods and approaches for addressing these tasks often share the theoretical background and are often complementary. In this survey, both methods based on discrete models, such as attack graphs, Bayesian networks, and Markov models, and continuous models, such as time series and grey models, are surveyed, compared, and contrasted. We further discuss machine learning and data mining approaches, that have gained a lot of attention recently and appears promising for such a constantly changing environment, which is cyber security. The survey also focuses on the practical usability of the methods and problems related to their evaluation

Establishing cyber situational awareness in industrial control systems

The cyber threat to industrial control systems is an acknowledged security issue, but a qualified dataset to quantify the risk remains largely unavailable. Senior executives of facilities that operate these systems face competing requirements for investment budgets, but without an understanding of the nature of the threat cyber security may not be a high priority. Operational managers and cyber incident responders at these facilities face a similarly complex situation. They must plan for the defence of critical systems, often unfamiliar to IT security professionals, from potentially capable, adaptable and covert antagonists who will actively attempt to evade detection. The scope of the challenge requires a coherent, enterprise-level awareness of the threat, such that organisations can assess their operational priorities, plan their defensive posture, and rehearse their responses prior to such an attack. This thesis proposes a novel combination of concepts found in risk assessment, intrusion detection, education, exercising, safety and process models, fused with experiential learning through serious games. It progressively builds a common set of shared mental models across an ICS operation to frame the nature of the adversary and establish enterprise situational awareness that permeates through all levels of teams involved in addressing the threat. This is underpinned by a set of coping strategies that identifies probable targets for advanced threat actors, proactively determining antagonistic courses of actions to derive an appropriate response strategy

Game Theory and Prescriptive Analytics for Naval Wargaming Battle Management Aids

NPS NRP Technical ReportThe Navy is taking advantage of advances in computational technologies and data analytic methods to automate and enhance tactical decisions and support warfighters in highly complex combat environments. Novel automated techniques offer opportunities to support the tactical warfighter through enhanced situational awareness, automated reasoning and problem-solving, and faster decision timelines. This study will investigate how game theory and prescriptive analytics methods can be used to develop real-time wargaming capabilities to support warfighters in their ability to explore and evaluate the possible consequences of different tactical COAs to improve tactical missions. This study will develop a conceptual design of a real-time tactical wargaming capability. This study will explore data analytic methods including game theory, prescriptive analytics, and artificial intelligence (AI) to evaluate their potential to support real-time wargaming.N2/N6 - Information WarfareThis research is supported by funding from the Naval Postgraduate School, Naval Research Program (PE 0605853N/2098). https://nps.edu/nrpChief of Naval Operations (CNO)Approved for public release. Distribution is unlimited.

Operational Decision Making under Uncertainty: Inferential, Sequential, and Adversarial Approaches

Modern security threats are characterized by a stochastic, dynamic, partially observable, and ambiguous operational environment. This dissertation addresses such complex security threats using operations research techniques for decision making under uncertainty in operations planning, analysis, and assessment. First, this research develops a new method for robust queue inference with partially observable, stochastic arrival and departure times, motivated by cybersecurity and terrorism applications. In the dynamic setting, this work develops a new variant of Markov decision processes and an algorithm for robust information collection in dynamic, partially observable and ambiguous environments, with an application to a cybersecurity detection problem. In the adversarial setting, this work presents a new application of counterfactual regret minimization and robust optimization to a multi-domain cyber and air defense problem in a partially observable environment

Tabletop Exercise For Cybersecurity Educational Training; Theoretical Grounding And Development

Haridus- ja treeningaspektid on riiklike küberturvalisuse strateegiate vitaalsed komponendid, et kujundada, tugevdada ning proovile panna otsustajate valmisolekut nii aktuaalsete kui võimalike tulevaste küberväljakutsete ees. Küberkaitses ja -julgeolekus on otsuste langetamisel üliolulised kriisijuhtimisoskused, et suuta adekvaatselt vastata juhtumitele, mil era- või avalik heaolu ja turvalisus on ohustatud. Selle magistritöö eesmärk on välja pakkuda küberjulgeoleku strateegiate hariduslike komponentide võimalike ning teadaolevate nõrkuste parandamine, arutledes teadlikkuse väljaõpete mudeleid märkimisväärse mõjuga osavõtjatele, fookusega strateegilise otsustamisvõimega personalil, mis võiks osaleda küberjuhtumis. Töö toetab simulatsioonil põhinevate stsenaariumite kasutamist ning keskendub mudelõppuste kujundamisele. Käesolev töö näitab, kuidas mudelõpe võib olla tõhus viis küberjuhtumites strateegiliste otsuste langetamisel teadlikkuse, mõistmise ja ettevalmistuse kujundamiseks, parandamiseks ning proovilepanemiseks. Lõputöö tugineb ditsiplinaarsel ja kontseptuaalsel õpinguteooriate integratsioonil mängustamisel põhinevate ajenditega ning juhtimisteooriatega. Stsenaariumil põhinev treening pakub turvalist ja paindlikku keskkonda, kus osavõtja on pandud kriitilisse situatsiooni, säilitades realistlikku ülevaate küberkriisi tunnustest ning võimalikest ohtudest. Simulatsioon väljendab võimalikke väljakutseid, nõudes kriisijuhtimisoskusi ning kohast reaktsiooni. Mudelõppused võimaldavad andragoogilise kasu ja hariduslike eesmärkide realiseerimist innovatiivsel ja kaasaval meetodil. Selle treeningmudeli tulemused mõõdetakse kasutades Bloomi õppe-kasvatustöö eesmärkide liigituse kontrollitud taksonoomiat, arvesse võttes kogemusõppe ja paiknevustunnetuse elemente. VOOT-tsükkel pakub läbimõeldud otsustusprotsessi, mis samuti sobib antud ettepaneku dünaamikasse. Lisaks panustab töö originaalse modulaarse juhendiga, mida treenijad ning õppejõud saavad kasutada mudelõppe teostamiseks küberjulgeolekus. Riikliku ja rahvusvahelise tasandi mudelõppuste kogemus ja osavõtt sai empiirilist tuge teoreetilisele integratsioonile ning teadustas modulaarse juhendi arengut. Töö on kvalitatiivne. Lõputöö panustab asjakohasesse akadeemilisse dialoogi selle teoreetiliste alustega. Samuti praktiliselt, kuna pakub vahendeid simulatsioonipõhise mudelõppe läbiviimiseks.Education and training aspects are vital components of national cybersecurity strategies, to shape, enhance and test the decision maker’s level of preparedness before current and future challenges that can arise from a cyber incident. Decision-making processes in cyber defense and security require crucial crisis management competences capable of generating a comprehensive response where safety, well-being and other public and private assets could be put at stake. The purpose of this thesis is to suggest the improvement of potential and perceived weaknesses on the educational components of cyber security strategies, discussing awareness-training models with significant impact on the participants, focusing on strategic decision-making level personnel that could partake of cyber related incidents. The work supports the use of simulation-based scenarios, and concentrates on the design of Tabletop exercises. This thesis shows when a tabletop exercise could be an effective mechanism to shape, enhance and test the awareness, understanding and preparation for strategic decision makers in cyber related incidents. The thesis draws from a disciplinary integration of learning, human computer interaction, and management theories. A scenario-based training provides a safe and flexible environment where the participant is placed into a critical situation while maintaining a realistic insight into the characteristics of cyber crisis and the threats and attacks that may take place. The simulation represents possible challenges, demanding crisis management capacity and an appropriate response. Tabletop exercises permits that andragogical benefits and educational purposes be realized through an innovative and engaging method. Considering elements from experiential learning and situated cognition the learning outcomes of this training model will be measured, using Bloom’s revised taxonomy of educational objectives. The OODA Loop will suggest a thoughtful decision making process that also fits well the dynamic of the current proposal. Additionally, the thesis will contribute with an original modular guide that trainers and educators can use for the implementation of a Tabletop exercise on cyber security. National and international level tabletop exercises experience and participation provided empirical support to the theoretical contribution on theory integration, and informed the modular guide development. The work is qualitative and therefore seeks to observe, interpret and understand, by using documental analysis, and observation methods. The work contributes to the relevant academic dialog on its theoretical grounds and also in practical terms, by providing with tools readily applicable to the creation of simulation based tabletop exercises