Security and Science of Agility

McDaniel, Patrick; Jaeger, Trent; Porta, Thomas F. La; Papernot, Nicolas; Walls, Robert J.; Kott, Alexander; Marvel, Lisa M.; Swami, Ananthram; Mohapatra, Prasant; Krishnamurthy, Srikanth V.; Neamtiu, Iulian

doi:10.1145/2663474.2663476

Cited by 32 publications

(24 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It has been investigated in multiple domains [16], [17], [18], [19], [20], [21], [22]. In an enterprise system, agility is defined as the ability to deal with sudden changes in an environment (e.g., the latency of response to sudden or unexpected changes [1], [16], [17], [18], [22]). In the systems engineering domain, agility measures a system's capability of the reactive or proactive response to sudden environmental changes [23].…”

Section: Background and Related Work A Concept Of Agility And Agilmentioning

confidence: 99%

“…In the cybersecurity domain, agility often refers to reasoned changes to a system or environment in response to functional or security needs, but has not been paid due attention until very recently [15], [1], [2], [3], [4], [5]. While it would be intuitive to understand agility as how fast (e.g., response ability [23]) and how effective a system can adapt its configuration to unexpected attacks against it (e.g., considering the cost incurred by the degraded system performance or the cost incurred by response actions [1], [24]), the concept of agility is, like other metrics, elusive to formalize. Indeed, there is no rigorous or quantitative definition of agility in the cybersecurity domain and existing attempts to model agility have not been able to produce concrete measurements [2], [25], [26].…”

Section: Background and Related Work A Concept Of Agility And Agilmentioning

confidence: 99%

“…, D t17 . These 18 generations are made for 1,294 days, meaning that the time horizon for the defender is [t 0 , t 17 ] = [1,1294]. These Snort versions are tested on Virtual Machines (VMs) using the Ubuntu 14 operating system after making few changes on the default settings in the snort.conf file to best fit for this experiment.…”

Section: Case Studymentioning

confidence: 99%

“…9 plots the measured evolution metrics for the Honeypot dataset. Recall that the defender's time horizon is [t 0 , t 17 ] = [1,1294] and the attacker's time horizon is [t 0 , t 17 ] = [80,1108]. This means that there are missing attack generations in the defender's time horizon, for which some metrics cannot be measured.…”

Section: Case Studymentioning

confidence: 99%

See 3 more Smart Citations

Metrics Towards Measuring Cyber Agility

Mireles

Ficke

Cho

et al. 2019

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

In cyberspace, evolutionary strategies are commonly used by both attackers and defenders. For example, an attacker's strategy often changes over the course of time, as new vulnerabilities are discovered and/or mitigated. Similarly, a defender's strategy changes over time. These changes may or may not be in direct response to a change in the opponent's strategy. In any case, it is important to have a set of quantitative metrics to characterize and understand the effectiveness of attackers' and defenders' evolutionary strategies, which reflect their cyber agility. Despite its clear importance, few systematic metrics have been developed to quantify the cyber agility of attackers and defenders. In this paper, we propose the first metric framework for measuring cyber agility in terms of the effectiveness of the dynamic evolution of cyber attacks and defenses. The proposed framework is generic and applicable to transform any relevant, quantitative, and/or conventional static security metrics (e.g., false positives and false negatives) into dynamic metrics to capture dynamics of system behaviors. In order to validate the usefulness of the proposed framework, we conduct case studies on measuring the evolution of cyber attacks and defenses using two real-world datasets. We discuss the limitations of the current work and identify future research directions.

show abstract

Section: Background and Related Work A Concept Of Agility And Agilmentioning

confidence: 99%

Section: Background and Related Work A Concept Of Agility And Agilmentioning

confidence: 99%

Section: Case Studymentioning

confidence: 99%

Section: Case Studymentioning

confidence: 99%

See 2 more Smart Citations

Metrics Towards Measuring Cyber Agility

Mireles

Ficke

Cho

et al. 2019

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

show abstract

“…Similar strategies also support system agility. This "[to engage] in any reasoned modification to a system or environment in response to a functional, performance, or security need" using MTD [73]. System agility is expected to be responsive to W5+ like questions (see Sect.…”

Section: Moving Target Defensementioning

confidence: 99%

Cyberspace Security Using Adversarial Learning and Conformal Prediction

Wechsler¹

2015

IIM

View full text Add to dashboard Cite

This paper advances new directions for cyber security using adversarial learning and conformal prediction in order to enhance network and computing services defenses against adaptive, malicious, persistent, and tactical offensive threats. Conformal prediction is the principled and unified adaptive and learning framework used to design, develop, and deploy a multi-faceted self-managing defensive shield to detect, disrupt, and deny intrusive attacks, hostile and malicious behavior, and subterfuge. Conformal prediction leverages apparent relationships between immunity and intrusion detection using non-conformity measures characteristic of affinity, a typicality, and surprise, to recognize patterns and messages as friend or foe and to respond to them accordingly. The solutions proffered throughout are built around active learning, meta-reasoning, randomness, distributed semantics and stratification, and most important and above all around adaptive Oracles. The motivation for using conformal prediction and its immediate off-spring, those of semi-supervised learning and transduction, comes from them first and foremost supporting discriminative and non-parametric methods characteristic of principled demarcation using cohorts and sensitivity analysis to hedge on the prediction outcomes including negative selection, on one side, and providing credibility and confidence indices that assist meta-reasoning and information fusion.

show abstract

Moving Target Defense Games for Cyber Security: Theory and Applications

Eldosouky

Sengupta

2021

Game Theory and Machine Learning for Cyber Security

View full text Add to dashboard Cite

Security and Science of Agility

Cited by 32 publications

References 17 publications

Metrics Towards Measuring Cyber Agility

Metrics Towards Measuring Cyber Agility

Cyberspace Security Using Adversarial Learning and Conformal Prediction

Moving Target Defense Games for Cyber Security: Theory and Applications

Contact Info

Product

Resources

About