13,230 research outputs found
A Characterization of Cybersecurity Posture from Network Telescope Data
Data-driven understanding of cybersecurity posture is an important problem
that has not been adequately explored. In this paper, we analyze some real data
collected by CAIDA's network telescope during the month of March 2013. We
propose to formalize the concept of cybersecurity posture from the perspectives
of three kinds of time series: the number of victims (i.e., telescope IP
addresses that are attacked), the number of attackers that are observed by the
telescope, and the number of attacks that are observed by the telescope.
Characterizing cybersecurity posture therefore becomes investigating the
phenomena and statistical properties exhibited by these time series, and
explaining their cybersecurity meanings. For example, we propose the concept of
{\em sweep-time}, and show that sweep-time should be modeled by stochastic
process, rather than random variable. We report that the number of attackers
(and attacks) from a certain country dominates the total number of attackers
(and attacks) that are observed by the telescope. We also show that
substantially smaller network telescopes might not be as useful as a large
telescope
Adaptive Epidemic Dynamics in Networks: Thresholds and Control
Theoretical modeling of computer virus/worm epidemic dynamics is an important
problem that has attracted many studies. However, most existing models are
adapted from biological epidemic ones. Although biological epidemic models can
certainly be adapted to capture some computer virus spreading scenarios
(especially when the so-called homogeneity assumption holds), the problem of
computer virus spreading is not well understood because it has many important
perspectives that are not necessarily accommodated in the biological epidemic
models. In this paper we initiate the study of such a perspective, namely that
of adaptive defense against epidemic spreading in arbitrary networks. More
specifically, we investigate a non-homogeneous
Susceptible-Infectious-Susceptible (SIS) model where the model parameters may
vary with respect to time. In particular, we focus on two scenarios we call
semi-adaptive defense and fully-adaptive} defense, which accommodate implicit
and explicit dependency relationships between the model parameters,
respectively. In the semi-adaptive defense scenario, the model's input
parameters are given; the defense is semi-adaptive because the adjustment is
implicitly dependent upon the outcome of virus spreading. For this scenario, we
present a set of sufficient conditions (some are more general or succinct than
others) under which the virus spreading will die out; such sufficient
conditions are also known as epidemic thresholds in the literature. In the
fully-adaptive defense scenario, some input parameters are not known (i.e., the
aforementioned sufficient conditions are not applicable) but the defender can
observe the outcome of virus spreading. For this scenario, we present adaptive
control strategies under which the virus spreading will die out or will be
contained to a desired level.Comment: 20 pages, 8 figures. This paper was submitted in March 2009, revised
in August 2009, and accepted in December 2009. However, the paper was not
officially published until 2014 due to non-technical reason
An Evasion and Counter-Evasion Study in Malicious Websites Detection
Malicious websites are a major cyber attack vector, and effective detection
of them is an important cyber defense task. The main defense paradigm in this
regard is that the defender uses some kind of machine learning algorithms to
train a detection model, which is then used to classify websites in question.
Unlike other settings, the following issue is inherent to the problem of
malicious websites detection: the attacker essentially has access to the same
data that the defender uses to train its detection models. This 'symmetry' can
be exploited by the attacker, at least in principle, to evade the defender's
detection models. In this paper, we present a framework for characterizing the
evasion and counter-evasion interactions between the attacker and the defender,
where the attacker attempts to evade the defender's detection models by taking
advantage of this symmetry. Within this framework, we show that an adaptive
attacker can make malicious websites evade powerful detection models, but
proactive training can be an effective counter-evasion defense mechanism. The
framework is geared toward the popular detection model of decision tree, but
can be adapted to accommodate other classifiers
Differential Geometrical Formulation of Gauge Theory of Gravity
Differential geometric formulation of quantum gauge theory of gravity is
studied in this paper. The quantum gauge theory of gravity which is proposed in
the references hep-th/0109145 and hep-th/0112062 is formulated completely in
the framework of traditional quantum field theory. In order to study the
relationship between quantum gauge theory of gravity and traditional quantum
gravity which is formulated in curved space, it is important to find the
differential geometric formulation of quantum gauge theory of gravity. We first
give out the correspondence between quantum gauge theory of gravity and
differential geometry. Then we give out differential geometric formulation of
quantum gauge theory of gravity.Comment: 10 pages, no figur
- …