Simulation for Cyber Risk Management – Where are we, and Where do we Want to Go?

Shetty, Sachin; Ray, Indrajit; Ceilk, Nurcin; Mesham, Michael; Bastian, Nathaniel D.; Zhu, Quanyan

doi:10.1109/wsc40007.2019.9004688

Cited by 3 publications

(7 citation statements)

References 53 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We can conclude that acquiring any form of reliable access (either read or write) to the training data used to train (or re-train) the ML-model is not very realistic [31,54,84]. Some power on the training data is obtainable only if the NIDS and corresponding training set are entirely managed by the target organization.…”

Section: Training Datamentioning

confidence: 99%

“…The detection model represents the core component of the ML-NIDS, which is deployed on machines whose access requires high administrative privileges, and which can be contacted only by few selected devices [46]. Hence, it is unrealistic to assume that an infected host can allow the attacker to access the ML-NIDS containing its detection model [84,102].…”

Section: Detection Modelmentioning

confidence: 99%

“…It is used as a black-box, where the network traffic generated by the organization is inspected by the model, whose results are then provided to the organization, usually in the form of alerts. An organization may be able to add some rules, for example to denote the most relevant server machines, but the internal configuration and the parameters of the ML model are unknown and not observable [22,84].…”

Section: Monitored Networkmentioning

confidence: 99%

“…This system is one of the most protected elements of the entire network. Cybersecurity threat models exclude that an attacker can access the NIDS because, in a similar instance, the entire defensive infrastructure can be considered compromised: any cybersecurity measure can be easily bypassed if the attacker acquires direct or physical access to the defensive system [84]. In Figure 2 we report the typical workflow of a ML-NIDS.…”

Section: Introductionmentioning

confidence: 99%

“…An organization may adopt and maintain a ML-NIDS on premises, for example by leveraging open-source software [80]. Alternatively, it may rely on third-party products [16,22,83,84].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems

et al. 2022

View full text Add to dashboard Cite

The incremental diffusion of machine learning algorithms in supporting cybersecurity is creating novel defensive opportunities but also new types of risks. Multiple researches have shown that machine learning methods are vulnerable to adversarial attacks that create tiny perturbations aimed at decreasing the effectiveness of detecting threats. We observe that existing literature assumes threat models that are inappropriate for realistic cybersecurity scenarios because they consider opponents with complete knowledge about the cyber detector or that can freely interact with the target systems. By focusing on Network Intrusion Detection Systems based on machine learning methods, we identify and model the real capabilities and circumstances that are necessary for an attacker to carry out a feasible and successful adversarial attack. We then apply our model to several adversarial attacks proposed in literature and highlight the limits and merits that can result in actual adversarial attacks. The contributions of this paper can help hardening defensive systems by letting cyber defenders address the most critical and real issues, and can benefit researchers by allowing them to devise novel forms of adversarial attacks based on realistic threat models.

show abstract

Section: Training Datamentioning

confidence: 99%

Section: Detection Modelmentioning

confidence: 99%

Section: Monitored Networkmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

“…An organization may adopt and maintain a ML-NIDS on premises, for example by leveraging open-source software [80]. Alternatively, it may rely on third-party products [16,22,83,84].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems

et al. 2022

View full text Add to dashboard Cite

show abstract

A Simulation-Based Participatory Modelling Framework For Stakeholder Involvement In Urban Logistics

Singh

Wiktorsson

Hauge

et al. 2021

2021 Winter Simulation Conference (WSC)

View full text Add to dashboard Cite

Adversarial Machine Learning Attacks against Intrusion Detection Systems: A Survey on Strategies and Defense

Alotaibi

Rassam

2023

Future Internet

View full text Add to dashboard Cite

Concerns about cybersecurity and attack methods have risen in the information age. Many techniques are used to detect or deter attacks, such as intrusion detection systems (IDSs), that help achieve security goals, such as detecting malicious attacks before they enter the system and classifying them as malicious activities. However, the IDS approaches have shortcomings in misclassifying novel attacks or adapting to emerging environments, affecting their accuracy and increasing false alarms. To solve this problem, researchers have recommended using machine learning approaches as engines for IDSs to increase their efficacy. Machine-learning techniques are supposed to automatically detect the main distinctions between normal and malicious data, even novel attacks, with high accuracy. However, carefully designed adversarial input perturbations during the training or testing phases can significantly affect their predictions and classifications. Adversarial machine learning (AML) poses many cybersecurity threats in numerous sectors that use machine-learning-based classification systems, such as deceiving IDS to misclassify network packets. Thus, this paper presents a survey of adversarial machine-learning strategies and defenses. It starts by highlighting various types of adversarial attacks that can affect the IDS and then presents the defense strategies to decrease or eliminate the influence of these attacks. Finally, the gaps in the existing literature and future research directions are presented.

show abstract

Simulation for Cyber Risk Management – Where are we, and Where do we Want to Go?

Cited by 3 publications

References 53 publications

Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems

Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems

A Simulation-Based Participatory Modelling Framework For Stakeholder Involvement In Urban Logistics

Adversarial Machine Learning Attacks against Intrusion Detection Systems: A Survey on Strategies and Defense

Contact Info

Product

Resources

About