A Stochastic Model of Active Cyber Defense Dynamics

The concept of active cyber defense has been proposed for years. However, there are no mathematical models for characterizing the effectiveness of active cyber defense. In this paper, we fill the void by proposing a novel Markov process model that is native to the interaction between cyber attack and active cyber defense. Unfortunately, the native Markov process model cannot be tackled by the techniques we are aware of. We therefore simplify, via mean-field approximation, the Markov process model as a Dynamic System model that is amenable to analysis. This allows us to derive a set of valuable analytical results that characterize the effectiveness of four types of active cyber defense dynamics. Simulations show that the analytical results are inherent to the native Markov process model, and therefore justify the validity of the Dynamic System model. We also discuss the side-effect of the mean-field approximation and its implications

Active Cyber Defense Dynamics Exhibiting Rich Phenomena

The Internet is a man-made complex system under constant attacks (e.g., Advanced Persistent Threats and malwares). It is therefore important to understand the phenomena that can be induced by the interaction between cyber attacks and cyber defenses. In this paper, we explore the rich phenomena that can be exhibited when the defender employs active defense to combat cyber attacks. To the best of our knowledge, this is the first study that shows that {\em active cyber defense dynamics} (or more generally, {\em cybersecurity dynamics}) can exhibit the bifurcation and chaos phenomena. This has profound implications for cyber security measurement and prediction: (i) it is infeasible (or even impossible) to accurately measure and predict cyber security under certain circumstances; (ii) the defender must manipulate the dynamics to avoid such {\em unmanageable situations} in real-life defense operations.Comment: Proceedings of 2015 Symposium on the Science of Security (HotSoS'15

Characterizing the Power of Moving Target Defense via Cyber Epidemic Dynamics

Moving Target Defense (MTD) can enhance the resilience of cyber systems against attacks. Although there have been many MTD techniques, there is no systematic understanding and {\em quantitative} characterization of the power of MTD. In this paper, we propose to use a cyber epidemic dynamics approach to characterize the power of MTD. We define and investigate two complementary measures that are applicable when the defender aims to deploy MTD to achieve a certain security goal. One measure emphasizes the maximum portion of time during which the system can afford to stay in an undesired configuration (or posture), without considering the cost of deploying MTD. The other measure emphasizes the minimum cost of deploying MTD, while accommodating that the system has to stay in an undesired configuration (or posture) for a given portion of time. Our analytic studies lead to algorithms for optimally deploying MTD.Comment: 12 pages; 4 figures; Hotsos 14, 201

Adaptive Epidemic Dynamics in Networks: Thresholds and Control

Theoretical modeling of computer virus/worm epidemic dynamics is an important problem that has attracted many studies. However, most existing models are adapted from biological epidemic ones. Although biological epidemic models can certainly be adapted to capture some computer virus spreading scenarios (especially when the so-called homogeneity assumption holds), the problem of computer virus spreading is not well understood because it has many important perspectives that are not necessarily accommodated in the biological epidemic models. In this paper we initiate the study of such a perspective, namely that of adaptive defense against epidemic spreading in arbitrary networks. More specifically, we investigate a non-homogeneous Susceptible-Infectious-Susceptible (SIS) model where the model parameters may vary with respect to time. In particular, we focus on two scenarios we call semi-adaptive defense and fully-adaptive} defense, which accommodate implicit and explicit dependency relationships between the model parameters, respectively. In the semi-adaptive defense scenario, the model's input parameters are given; the defense is semi-adaptive because the adjustment is implicitly dependent upon the outcome of virus spreading. For this scenario, we present a set of sufficient conditions (some are more general or succinct than others) under which the virus spreading will die out; such sufficient conditions are also known as epidemic thresholds in the literature. In the fully-adaptive defense scenario, some input parameters are not known (i.e., the aforementioned sufficient conditions are not applicable) but the defender can observe the outcome of virus spreading. For this scenario, we present adaptive control strategies under which the virus spreading will die out or will be contained to a desired level.Comment: 20 pages, 8 figures. This paper was submitted in March 2009, revised in August 2009, and accepted in December 2009. However, the paper was not officially published until 2014 due to non-technical reason

Search for neutrino emission from the Cygnus Bubble based on LHAASO γ\gamma-ray observations

The Cygnus region, which contains massive molecular and atomic clouds and young stars, is a promising Galactic neutrino source candidate. Cosmic rays transport in the region can produce neutrinos and $\gamma$-rays. Recently, the Large High Altitude Air Shower Observatory (LHAASO) detected an ultrahigh-energy $\gamma$-ray bubble (Cygnus Bubble) in this region. Using publicly available track events detected by the IceCube Neutrino Observatory in 7 years of full detector operation, we conduct searches for correlated neutrino signals from the Cygnus Bubble with neutrino emission templates based on LHAASO $\gamma$-ray observations. No significant signals were found for any employed templates. With the 7 TeV $\gamma$-ray flux template, we set a flux upper limit of 90% confidence level (C.L.) for the neutrino emission from the Cygnus Bubble to be $5.7\times10^{-13}\, \mathrm{TeV}^{-1}\mathrm{cm}^{-2}\mathrm{s}^{-1}$ at 5 TeV

Searching for neutrino emissions from multi-frequency sources

Pinpointing the neutrino sources is crucial to unveil the mystery of high-energy cosmic rays. The search for neutrino-source candidates from coincident neutrino-photon signatures and electromagnetic objects with peculiar flaring behaviors have the potential to increase our chances of finding neutrino emitters. In this paper, we first study the temporal correlations of astrophysical flares with neutrinos, considering a few hundreds of multi-frequency sources from ALMA, WISE, Swift, and Fermi in the containment regions of IceCube high-energy alerts. Furthermore, the spatial correlations between blazars and neutrinos are investigated using the subset of 10-year IceCube track-like neutrinos with around 250 thousand events. In the second test, we account for 2700 blazars with different types of flaring phases in addition to sole position. No significant neutrino emissions were found from our analyses. Our results indicate an interesting trend showing the infrared flaring stages of WISE blazars might be correlated with arrival times of the neutrino alerts. Possible overflow of neutrinos associated with two of our blazar sub-samples are also illustrated. One is characterized by a significant flaring lag in infrared with respect to gamma-rays, like seen for TXS0506+056, and the other is characterized by highly simultaneous infrared and gamma-ray flares. These phenomena suggest the need to improve current multi-frequency light-curve catalogs to pair with the advent of more sensitive neutrino observatories.Comment: 30 pages, 18 figure

Metabolomic changes in Cryptocaryon irritans from Larimichthys crocea after exposure to copper plate

Cryptocaryon irritans is a highly detrimental parasite in mariculture, causing significant economic losses to the aquaculture industry of Larimichthys crocea. In recent years, copper and copper alloy materials have been used to kill parasites. In this study, the effect of copper plates on the tomont period of C. irritans was explored. The findings indicated that copper plates effectively eradicated tomonts, resulting in a hatching rate of 0. The metabolomic analysis revealed that a total of 2,663 differentially expressed metabolites (1,032 up-regulated and 1,631 down-regulated) were screened in the positive ion mode, and 2,199 differentially expressed metabolites (840 up-regulated and 1,359 down-regulated) were screened in the negative ion mode. L-arginine and L-aspartic acid could be used as potential biomarkers. Copper plate treatment affected 25 metabolic pathways in the tomont, most notably influencing histidine metabolism, retinol metabolism, the biosynthesis of phenylalanine, tyrosine, and tryptophan, as well as arginine and proline metabolism. It was shown that high concentrations of copper ions caused a certain degree of disruption to the metabolome of tomonts in C. irritans, thereby impacting their metabolic processes. Consequently, this disturbance ultimately leads to the rapid demise of tomonts upon exposure to copper plates. The metabolomic changes observed in this study elucidate the lethal impact of copper on C. irritans tomonts, providing valuable reference data for the prevention and control of C. irritans in aquaculture