59 research outputs found
A Stochastic Model of Active Cyber Defense Dynamics
The concept of active cyber defense has been proposed for years. However,
there are no mathematical models for characterizing the effectiveness of active
cyber defense. In this paper, we fill the void by proposing a novel Markov
process model that is native to the interaction between cyber attack and active
cyber defense. Unfortunately, the native Markov process model cannot be tackled
by the techniques we are aware of. We therefore simplify, via mean-field
approximation, the Markov process model as a Dynamic System model that is
amenable to analysis. This allows us to derive a set of valuable analytical
results that characterize the effectiveness of four types of active cyber
defense dynamics. Simulations show that the analytical results are inherent to
the native Markov process model, and therefore justify the validity of the
Dynamic System model. We also discuss the side-effect of the mean-field
approximation and its implications
Active Cyber Defense Dynamics Exhibiting Rich Phenomena
The Internet is a man-made complex system under constant attacks (e.g.,
Advanced Persistent Threats and malwares). It is therefore important to
understand the phenomena that can be induced by the interaction between cyber
attacks and cyber defenses. In this paper, we explore the rich phenomena that
can be exhibited when the defender employs active defense to combat cyber
attacks. To the best of our knowledge, this is the first study that shows that
{\em active cyber defense dynamics} (or more generally, {\em cybersecurity
dynamics}) can exhibit the bifurcation and chaos phenomena. This has profound
implications for cyber security measurement and prediction: (i) it is
infeasible (or even impossible) to accurately measure and predict cyber
security under certain circumstances; (ii) the defender must manipulate the
dynamics to avoid such {\em unmanageable situations} in real-life defense
operations.Comment: Proceedings of 2015 Symposium on the Science of Security (HotSoS'15
Characterizing the Power of Moving Target Defense via Cyber Epidemic Dynamics
Moving Target Defense (MTD) can enhance the resilience of cyber systems
against attacks. Although there have been many MTD techniques, there is no
systematic understanding and {\em quantitative} characterization of the power
of MTD. In this paper, we propose to use a cyber epidemic dynamics approach to
characterize the power of MTD. We define and investigate two complementary
measures that are applicable when the defender aims to deploy MTD to achieve a
certain security goal. One measure emphasizes the maximum portion of time
during which the system can afford to stay in an undesired configuration (or
posture), without considering the cost of deploying MTD. The other measure
emphasizes the minimum cost of deploying MTD, while accommodating that the
system has to stay in an undesired configuration (or posture) for a given
portion of time. Our analytic studies lead to algorithms for optimally
deploying MTD.Comment: 12 pages; 4 figures; Hotsos 14, 201
Adaptive Epidemic Dynamics in Networks: Thresholds and Control
Theoretical modeling of computer virus/worm epidemic dynamics is an important
problem that has attracted many studies. However, most existing models are
adapted from biological epidemic ones. Although biological epidemic models can
certainly be adapted to capture some computer virus spreading scenarios
(especially when the so-called homogeneity assumption holds), the problem of
computer virus spreading is not well understood because it has many important
perspectives that are not necessarily accommodated in the biological epidemic
models. In this paper we initiate the study of such a perspective, namely that
of adaptive defense against epidemic spreading in arbitrary networks. More
specifically, we investigate a non-homogeneous
Susceptible-Infectious-Susceptible (SIS) model where the model parameters may
vary with respect to time. In particular, we focus on two scenarios we call
semi-adaptive defense and fully-adaptive} defense, which accommodate implicit
and explicit dependency relationships between the model parameters,
respectively. In the semi-adaptive defense scenario, the model's input
parameters are given; the defense is semi-adaptive because the adjustment is
implicitly dependent upon the outcome of virus spreading. For this scenario, we
present a set of sufficient conditions (some are more general or succinct than
others) under which the virus spreading will die out; such sufficient
conditions are also known as epidemic thresholds in the literature. In the
fully-adaptive defense scenario, some input parameters are not known (i.e., the
aforementioned sufficient conditions are not applicable) but the defender can
observe the outcome of virus spreading. For this scenario, we present adaptive
control strategies under which the virus spreading will die out or will be
contained to a desired level.Comment: 20 pages, 8 figures. This paper was submitted in March 2009, revised
in August 2009, and accepted in December 2009. However, the paper was not
officially published until 2014 due to non-technical reason
Search for neutrino emission from the Cygnus Bubble based on LHAASO -ray observations
The Cygnus region, which contains massive molecular and atomic clouds and
young stars, is a promising Galactic neutrino source candidate. Cosmic rays
transport in the region can produce neutrinos and -rays. Recently, the
Large High Altitude Air Shower Observatory (LHAASO) detected an
ultrahigh-energy -ray bubble (Cygnus Bubble) in this region. Using
publicly available track events detected by the IceCube Neutrino Observatory in
7 years of full detector operation, we conduct searches for correlated neutrino
signals from the Cygnus Bubble with neutrino emission templates based on LHAASO
-ray observations. No significant signals were found for any employed
templates. With the 7 TeV -ray flux template, we set a flux upper limit
of 90% confidence level (C.L.) for the neutrino emission from the Cygnus Bubble
to be at
5 TeV
Searching for neutrino emissions from multi-frequency sources
Pinpointing the neutrino sources is crucial to unveil the mystery of
high-energy cosmic rays. The search for neutrino-source candidates from
coincident neutrino-photon signatures and electromagnetic objects with peculiar
flaring behaviors have the potential to increase our chances of finding
neutrino emitters. In this paper, we first study the temporal correlations of
astrophysical flares with neutrinos, considering a few hundreds of
multi-frequency sources from ALMA, WISE, Swift, and Fermi in the containment
regions of IceCube high-energy alerts. Furthermore, the spatial correlations
between blazars and neutrinos are investigated using the subset of 10-year
IceCube track-like neutrinos with around 250 thousand events. In the second
test, we account for 2700 blazars with different types of flaring phases in
addition to sole position. No significant neutrino emissions were found from
our analyses. Our results indicate an interesting trend showing the infrared
flaring stages of WISE blazars might be correlated with arrival times of the
neutrino alerts. Possible overflow of neutrinos associated with two of our
blazar sub-samples are also illustrated. One is characterized by a significant
flaring lag in infrared with respect to gamma-rays, like seen for TXS0506+056,
and the other is characterized by highly simultaneous infrared and gamma-ray
flares. These phenomena suggest the need to improve current multi-frequency
light-curve catalogs to pair with the advent of more sensitive neutrino
observatories.Comment: 30 pages, 18 figure
Metabolomic changes in Cryptocaryon irritans from Larimichthys crocea after exposure to copper plate
Cryptocaryon irritans is a highly detrimental parasite in mariculture, causing significant economic losses to the aquaculture industry of Larimichthys crocea. In recent years, copper and copper alloy materials have been used to kill parasites. In this study, the effect of copper plates on the tomont period of C. irritans was explored. The findings indicated that copper plates effectively eradicated tomonts, resulting in a hatching rate of 0. The metabolomic analysis revealed that a total of 2,663 differentially expressed metabolites (1,032 up-regulated and 1,631 down-regulated) were screened in the positive ion mode, and 2,199 differentially expressed metabolites (840 up-regulated and 1,359 down-regulated) were screened in the negative ion mode. L-arginine and L-aspartic acid could be used as potential biomarkers. Copper plate treatment affected 25 metabolic pathways in the tomont, most notably influencing histidine metabolism, retinol metabolism, the biosynthesis of phenylalanine, tyrosine, and tryptophan, as well as arginine and proline metabolism. It was shown that high concentrations of copper ions caused a certain degree of disruption to the metabolome of tomonts in C. irritans, thereby impacting their metabolic processes. Consequently, this disturbance ultimately leads to the rapid demise of tomonts upon exposure to copper plates. The metabolomic changes observed in this study elucidate the lethal impact of copper on C. irritans tomonts, providing valuable reference data for the prevention and control of C. irritans in aquaculture
- …