A new approach to modeling and analyzing security of networked systems

Da, Gaofeng; Xu, Maochao; Xu, Shouhuai

doi:10.1145/2600176.2600184

Cited by 24 publications

(24 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We compute equilibrium infection probability i * v numerically by solving Eqs. (5) for v ∈ V via the BB package in the R system. We compute the upper and lower bounds, namely i * − and i * + v , according to Proposition 1.…”

Section: Approximating Equilibrium Infection Probabilities In Er and mentioning

confidence: 99%

Cyber Epidemic Models with Dependences

Xu¹,

Da²,

Xu³

2014

Internet Mathematics

Self Cite

View full text Add to dashboard Cite

Studying models of cyber epidemics over arbitrary complex networks can deepen our understanding of cyber security from a whole-system perspective. In this paper, we initiate the investigation of cyber epidemic models that accommodate the dependences between the cyber attack events. Due to the notorious difficulty in dealing with such dependences, essentially all existing cyber epidemic models have assumed them away. Specifically, we introduce the idea of Copulas into cyber epidemic models for accommodating the dependences between the cyber attack events. We investigate the epidemic equilibrium thresholds as well as the bounds for both equilibrium and nonequilibrium infection probabilities. We further characterize the side-effects of assuming away the due dependences between the cyber attack events, by showing that the results thereof are unnecessarily restrictive or even incorrect.

show abstract

Section: Approximating Equilibrium Infection Probabilities In Er and mentioning

confidence: 99%

Cyber Epidemic Models with Dependences

Xu¹,

Da²,

Xu³

2014

Internet Mathematics

Self Cite

View full text Add to dashboard Cite

show abstract

“…This framework builds on a large body of literature across Computer Science, Mathematics and Statistical Physics (cf. [7,4,33,37,38,17,39,29,6,3,28,23,11,12] and the references therein), which can be further traced back to the century-old studies on biological epidemic models [19,13,8].…”

Section: Related Workmentioning

confidence: 96%

“…where In is the identity matrix of size n. Note that M as defined in Eq. (3) is the coefficient matrix of linear system (4). The stability of equilibrium B * = σ is determined by the eigenvalues of matrix M .…”

Section: Existence and Stability Of Equilibriamentioning

confidence: 99%

“…It is therefore important to understand and characterize the phenomena that can be exhibited at the global level of a cyber system, ranging from an enterprise network to the entire cyberspace. The emerging framework of Cybersecurity Dynamics [34,35,7,4] offers a systematic approach for understanding, characterizing, and quantifying the phenomena as well as cyber security in general.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Active cyber defense dynamics exhibiting rich phenomena

Ren

Xu³

2015

Proceedings of the 2015 Symposium and Bootcamp on the Science of Security

Self Cite

View full text Add to dashboard Cite

The Internet is a man-made complex system under constant attacks (e.g., Advanced Persistent Threats and malwares). It is therefore important to understand the phenomena that can be induced by the interaction between cyber attacks and cyber defenses. In this paper, we explore the rich phenomena that can be exhibited when the defender employs active defense to combat cyber attacks. To the best of our knowledge, this is the first study that shows that active cyber defense dynamics (or more generally, cybersecurity dynamics) can exhibit the bifurcation and chaos phenomena. This has profound implications for cyber security measurement and prediction: (i) it is infeasible (or even impossible) to accurately measure and predict cyber security under certain circumstances; (ii) the defender must manipulate the dynamics to avoid such unmanageable situations in real-life defense operations.

show abstract

“…For example, the effectiveness of antimalware tools (e.g., the false positive rate or false negative rate) is often measured based on malware samples collected during a period of time (e.g., one year), while ignoring their instantaneous evolution over time. Taking one step further from static metrics, time-dependent security metrics have been studied to characterize and quantify system states at different times, such as the proportion of compromised computers in a network [6], [7], [8], [9], [10], [11], [33], [34], [35], [36], [37], [38], [39], [40], [41], [42].…”

Section: B Dynamic Security Metrics Vs Agility Metricsmentioning

confidence: 99%

Metrics Towards Measuring Cyber Agility

Mireles

Ficke

Cho

et al. 2019

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

In cyberspace, evolutionary strategies are commonly used by both attackers and defenders. For example, an attacker's strategy often changes over the course of time, as new vulnerabilities are discovered and/or mitigated. Similarly, a defender's strategy changes over time. These changes may or may not be in direct response to a change in the opponent's strategy. In any case, it is important to have a set of quantitative metrics to characterize and understand the effectiveness of attackers' and defenders' evolutionary strategies, which reflect their cyber agility. Despite its clear importance, few systematic metrics have been developed to quantify the cyber agility of attackers and defenders. In this paper, we propose the first metric framework for measuring cyber agility in terms of the effectiveness of the dynamic evolution of cyber attacks and defenses. The proposed framework is generic and applicable to transform any relevant, quantitative, and/or conventional static security metrics (e.g., false positives and false negatives) into dynamic metrics to capture dynamics of system behaviors. In order to validate the usefulness of the proposed framework, we conduct case studies on measuring the evolution of cyber attacks and defenses using two real-world datasets. We discuss the limitations of the current work and identify future research directions.

show abstract

A new approach to modeling and analyzing security of networked systems

Cited by 24 publications

References 33 publications

Cyber Epidemic Models with Dependences

Cyber Epidemic Models with Dependences

Active cyber defense dynamics exhibiting rich phenomena

Metrics Towards Measuring Cyber Agility

Contact Info

Product

Resources

About