Qian Zhang,Ying Jiang,Peng Wu

DOI: https://doi.org/10.48550/arXiv.1512.01630

2016-06-15

Abstract:Game theory has been applied to investigate network security. But different security scenarios were often modeled via different types of games and analyzed in an ad-hoc manner. In this paper, we propose an algebraic approach for modeling and analyzing uniformly several types of network security games. This approach is based on a probabilistic extension of the value-passing Calculus of Communicating Systems (CCS) which is regarded as a Generative model for Probabilistic Value-passing CCS (PVCCSG for short). Our approach gives a uniform framework, called PVCCSG based security model, for the security scenarios modeled via perfect and complete or incomplete information games. We present then a uniform algorithm for computing the Nash equilibria strategies of a network security game on its PVCCSG based security model. The algorithm first generates a transition system for each of the PVCCSG based security models, then simplifies this transition system through graph-theoretic abstraction and bisimulation minimization. Then, a backward induction method, which is only applicable to finite tree models, can be used to compute all the Nash equilibria strategies of the (possibly infinite) security games. This algorithm is implemented and can also be tuned smoothly for computing its social optimal strategies. The effectiveness and efficiency of this approach are further demonstrated with four detailed case studies from the field of network security.

Cryptography and Security

Jiang Jiang,Yongxiang Xia,Sheng Xu,Hui-Liang Shen,Jiajing Wu

DOI: https://doi.org/10.1063/1.5139254

2020-01-01

Abstract:Cyber-physical systems (CPSs) are integrations of information technology and physical systems, which are more and more significant in society. As a typical example of CPSs, smart grids integrate many advanced devices and information technologies to form a safer and more efficient power system. However, interconnection with the cyber network makes the system more complex, so that the robustness assessment of CPSs becomes more difficult. This paper proposes a new CPS model from a complex network perspective. We try to consider the real dynamics of cyber and physical parts and the asymmetric interdependency between them. Simulation results show that coupling with the communication network makes better robustness of power system. But since the influences between the power and communication networks are asymmetric, the system parameters play an important role to determine the robustness of the whole system.

Meng-zhou Gao,Dong-qin Feng

DOI: https://doi.org/10.1631/fitee.1700334

IF: 2.526

2018-01-01

Frontiers of Information Technology & Electronic Engineering

Abstract:Security issues in networked control systems (NCSs) have received increasing attention in recent years. However, security protection often requires extra energy consumption, computational overhead, and time delays, which could adversely affect the real-time and energy-limited system. In this paper, random cryptographic protection is implemented. It is less expensive with respect to computational overhead, time, and energy consumption, compared with persistent cryptographic protection. Under the consideration of weak attackers who have little system knowledge, ungenerous attacking capability and the desire for stealthiness and random zero-measurement attacks are introduced as the malicious modification of measurements into zero signals. NCS is modeled as a stochastic system with two correlated Bernoulli distributed stochastic variables for implementation of random cryptographic protection and occurrence of random zero-measurement attacks; the stochastic stability can be analyzed using a linear matrix inequality (LMI) approach. The proposed stochastic stability analysis can help determine the proper probability of running random cryptographic protection against random zero-measurement attacks with a certain probability. Finally, a simulation example is presented based on a vertical take-off and landing (VTOL) system. The results show the effectiveness, robustness, and application of the proposed method, and are helpful in choosing the proper protection mechanism taking into account the time delay and in determining the system sampling period to increase the resistance against such attacks.

QIN Junning,HAN Jiajia,ZHOU Sheng,WU Chunming,CHEN Shuangxi,ZHAO Ruoyan,ZHANG Jiangyu

DOI: https://doi.org/10.11959/j.issn.1000-0801.2020143

2020-01-01

Abstract:The unbalanced development status of network security was introduced.The main hazards and the mechanism model of penetration testing were described,and the inherent shortcomings of many existing traditional defense methods were analyzed.However,new method of the mimic defense model makes the attack information obtained invalid by dynamically selecting the executive set and adaptively changing the system composition.The same attack mode is difficult to be maintained or reproduced.Based on the attack chain model,the traditional defensetechnology and mimic defense technology were analyzed and compared,and it was demonstrated that it had a protective role in multiple stages of the attack chain.Finally,the effectiveness and superiority of the mimic defense was verified by experiments,and the model was summarized and prospected.

Xiaohu Li,Timothy Paul Parker,Shouhuai Xu

DOI: https://doi.org/10.1109/tdsc.2008.75

2011-01-01

Abstract:Traditional security analyses are often geared toward cryptographic primitives or protocols. Although such analyses are necessary, they cannot address a defender's need for insight into which aspects of a networked system having a significant impact on its security, and how to tune its configurations or parameters so as to improve security. This question is known to be notoriously difficult to answer, and the state of the art is that we know little about it. Toward ultimately addressing this question, this paper presents a stochastic model for quantifying security of networked systems. The resulting model captures two aspects of a networked system:1) the strength of deployed security mechanisms such as intrusion detection systems and 2) the underlying vulnerability graph, which reflects how attacks may proceed. The resulting model brings the following insights: 1) How should a defender “tune” system configurations (e.g., network topology) so as to improve security? 2) How should a defender “tune” system parameters (e.g., by upgrading which security mechanisms) so as to improve security? 3) Under what conditions is the steady-state number of compromised entities of interest below a given threshold with a high probability? Simulation studies are conducted to confirm the analytic results, and to show the tightness of the bounds of certain important metric that cannot be resolved analytically.

Gaofeng Da,Maochao Xu,Shouhuai Xu

DOI: https://doi.org/10.1145/2600176.2600184

2016-01-01

Abstract:Modeling and analyzing security of networked systems is an important problem in the emerging Science of Security and has been under active investigation. In this paper, we propose a new approach towards tackling the problem. Our approach is inspired by the shock model and random environment techniques in the Theory of Reliability, while accommodating security ingredients. To the best of our knowledge, our model is the first that can accommodate a certain degree of adaptiveness of attacks , which substantially weakens the often-made independence and exponential attack inter-arrival time assumptions. The approach leads to a stochastic process model with two security metrics, and we attain some analytic results in terms of the security metrics.

Li Baojie,Lu Yuxin,Zeng Xiaoming,Chen Yufei,Zeng Xiangfeng,He Weisheng

DOI: https://doi.org/10.2991/jimec-17.2017.13

2017-01-01

Abstract:Recent years, an explosion of cyber-attack accidents once more sound the alarm on the significance of cyber-security issue. For the sake of establishing robust panoramic defense architecture in modern Cyber-Physical Power System (CPPS), an effective and quantitative vulnerability assessment of CPPS is in desperate demand. Consequently, based on the detailed induction and analysis of general framework of cyber-attack, a quantitative assessment method is proposed in the paper from the aspects of both attackers and defenders. In the first place, the probability of selecting access point from the attacker's view is quantized through the scoring of the three properties of information security, the penetration difficulty and the impact of vulnerability. Then, the impact assessment of defender and attacker strategies is discussed via the analysis of both positive and negative aspects. Afterwards, by means of the solving the linear programming issue, the optimal determination of strategy-selection is realized via Nash Equilibrium of Mixed Strategy(NEMS) algorithm. The reasonability of the proposed assessment framework together with future research work are demonstrated at the end of paper.

Jun Cheng,Ju H. Park,Zheng-Guang Wu,Huaicheng Yan

DOI: https://doi.org/10.1109/tnse.2021.3121414

IF: 6.6

2021-01-01

IEEE Transactions on Network Science and Engineering

Abstract:In this study, the ultimate boundedness controlfor a type of networked singularly perturbed systems (SPSs) with communication constraints and deception attacks is explored. To improve the observer performance, the measurement outputs are quantized with the aid of a logarithmic quantizer. Meanwhile, the Markovian communication protocol (MCP) is forwarded to schedule the transmission sequence of the quantized signals. Unlike the conventional MCP, a novel nonhomogeneous MCP is proposed to further alleviate the communication bandwidth usage, whose transition probabilities are time-varying. By virtue of the hidden Markov model, the mismatches between the transmission mode over nonhomogeneous MCP and its detected ones are revealed, and an asynchronous observer-based controller is formed. Then, by establishing a novel singular-perturbation-parameter-based polytope Lyapunov-Krasovskii functional, the ultimate boundedness of the augmented networked SPS with randomly occurring deception attacks is elicited, and the local minimization of the controlled output is guaranteed. Finally, the effectiveness and applicability of the propounded control strategy are validated by two simulation examples.

Maochao Xu,Shouhuai Xu

DOI: https://doi.org/10.48550/arXiv.1603.08304

2016-03-28

Abstract:Quantitative security analysis of networked computer systems is one of the decades-long open problems in computer security. Recently, a promising approach was proposed in \cite{XuTDSC11}, which however made some strong assumptions including the exponential distribution of, and the independence between, the relevant random variables. In this paper, we substantially weaken these assumptions while offering, in addition to the same types of analytical results as in \cite{XuTDSC11}, methods for obtaining the desired security quantities in practice. Moreover, we investigate the problem from a higher-level abstraction, which also leads to both analytical results and practical methods for obtaining the desired security quantities. These would represent a significant step toward ultimately solving the problem of quantitative security analysis of networked computer systems.

Cryptography and Security

Gaofeng Da,Maochao Xu,Peng Zhao

DOI: https://doi.org/10.1109/tr.2019.2911106

IF: 5.883

2019-01-01

IEEE Transactions on Reliability

Abstract:Modeling cyber-attacks is a very attractive area of research because of its practical importance. However, most of the related research in the literature does not consider the simultaneous (or coordinated) attacks, which, in fact, is an important attack instrument in practice. This is mainly because of the complicated evolution of cyber-attacks over networks. In this paper, we propose a novel model, which can accommodate different types of simultaneous attacks with possible heterogeneous compromise probabilities. Our results show that simultaneous attacks have a significant effect on the reliability/dynamics of network systems. In particular, we present a sufficient condition for the epidemics dying out over the network, and upper bounds for the time to extinction. We also provide upper bounds for compromise probabilities of network systems when the evolution enters the quasi-equilibrium state. The effects of strength of simultaneous attacks and heterogeneity among successful attack probabilities on epidemic spreading are studied as well. The theoretical results are further validated by the simulation evidence.

Suguo Du,Xiaolong Li,Junbo Du,Haojin Zhu

DOI: https://doi.org/10.1007/s12083-012-0127-9

IF: 3.488

2012-01-01

Peer-to-Peer Networking and Applications

Abstract:Recently, there is an increasing interest in Security and Privacy issues in Vehicular ad hoc networks (or VANETs). However, the existing security solutions mainly focus on the preventive solutions while lack a comprehensive security analysis. The existing risk analysis solutions may not work well to evaluate the security threats in vehicular networks since they fail to consider the attack and defense costs and gains, and thus cannot appropriately model the mutual interaction between the attacker and defender. In this study, we consider both of the rational attacker and defender who decide whether to launch an attack or adopt a countermeasure based on its adversary's strategy to maximize its own attack and defense benefits. To achieve this goal, we firstly adopt the attack-defense tree to model the attacker's potential attack strategies and the defender's corresponding countermeasures. To take the attack and defense costs into consideration, we introduce Return On Attack and Return on Investment to represent the potential gain from launching an attack or adopting a countermeasure in vehicular networks. We further investigate the potential strategies of the defender and the attacker by modeling it as an attack-defense game. We then give a detailed analysis on its Nash Equilibrium. The rationality of the proposed game-theoretical model is well illustrated and demonstrated by extensive analysis in a detailed case study.

Ying Chen,Junho Hong,Chen-Ching Liu

DOI: https://doi.org/10.1109/tsg.2016.2614603

IF: 10.275

2018-01-01

IEEE Transactions on Smart Grid

Abstract:Cyber intrusions to substations are critical issues to a power grid, which must be defended and mitigated. Essentially, to better understand a cyber intrusion, reconnaissance activities should be modeled. Then, strategies of cyber attacker and defender can be studied, which help to identify substations vulnerable to cyber-attacks. In this paper, a successful intrusion is regarded as a probabilistic event related to reconnaissance activities. Its probability can be approximated by the Poisson distribution of the number of vulnerabilities discovered by the attacker. Furthermore, models of intrusion and defense in competition for control of the substations are proposed using Markov decision process (MDP). Key characteristics of target substation, attacker and defender are considered for determining probabilistic state transitions related to intrusion and defense actions. Thus, by solving the MDP models, the optimal strategies (action policies) of both the attacker and defender can be obtained. With these optimal strategies, the cyber security status of a substation can be evaluated within varied time frames. The case study validates the proposed models and method, including time-based strategies of the attacker and defender.

Shuqin Huang,Yongzhi Cao,Hanpin Wang,Wanling Qu

DOI: https://doi.org/10.1016/j.tcs.2012.03.002

IF: 1.002

2012-01-01

Theoretical Computer Science

Abstract:Value-passing CCS, a full version of Milner's CCS, is a process algebra in which actions consist of sending and receiving values through noiseless communication channels. The full calculus is a succinct yet expressive language for the specification and verification of reactive systems. Taking into account the reality of channel noise in reactive systems, in this paper we introduce an extension of value-passing CCS, called value-passing CCS with noisy channels (VCCS"N), in which noise is described by a probability distribution over the values. After presenting the reduction operational semantics and labelled operational semantics of VCCS"N, we develop the theory of behavioural equivalence by introducing barbed equivalence, barbed congruence, bisimilarity, and full bisimilarity. In particular, we show that barbed equivalence and barbed congruence coincide with bisimilarity and full bisimilarity, respectively. Based upon the labelled operational semantics of VCCS"N, we establish a probabilistic modal logic for expressing system properties and show its connection with the notion of bisimilarity. Finally, we use VCCS"N to model a communication protocol for ensuring the reliable transmission of data across an error-prone channel.

LIN Chuang,WANG Yang,LI Quan-Lin

DOI: https://doi.org/10.3321/j.issn:0254-4164.2005.12.001

2005-01-01

Chinese Journal of Computers

Abstract:Network systems are becoming more complex and larger, and specifically network attacks and security destroy is also increasingly prevalent and multiple. Network security is being confronted with many significant challenges. Network security is one of the most important scientific issues in the world and has been an important factor which effects on social improvement and national develop strategy. In this paper, we provide a complete overview on stochastic models and evaluation techniques for network security. The authors indicate the present status and evolvement in the area of network security. The authors provide several effective and efficient methods for modeling and analysis of network security, and also analyze network survivability. Finally, the authors give some concluding remarks on new and challenging directions for future and potential research of network security.

Xiaohu Li,Linxiong Li

DOI: https://doi.org/10.1109/tr.2012.2206273

IF: 5.883

2012-01-01

IEEE Transactions on Reliability

Abstract:A stochastic model is introduced to investigate the security of network systems based on their vulnerability graph abstractions. Instead of doing traditional security analysis, this paper employs the increasing convex order to study the underlying vulnerability graph. The results of this paper can provide an insight on designing a more secure system, as well as an insight on enhancing the security of an existing system.

Qiong Li,Yaxing Wang,Haokun Mao,Jiameng Yao,Qi Han

DOI: https://doi.org/10.1364/oe.387697

2019-01-01

Abstract:Due to the intrinsic point-to-point feature of quantum key distribution system, it is inevitable to study and develop the Quantum Secure Communication Network (QSCN) technology to provide security communication service for a large-scale of nodes over a large spatial area. Considering the quality assurance and expense control, building an effective analytical model of QSCN becomes a critical task. In this paper, the first analytical model of QSCN is proposed, which is called flow-based QSCN (F-QSCN) analytical model. In addition, based on the F-QSCN analytical model, the research on QSCN topology evaluation is conducted by proposing a unique QSCN performance indicator, named Information-Theoretic Secure communication bound, and the corresponding linear programming based calculation algorithm. Plentiful experimental results based on the topologies of SECOQC network and Tokyo network validate the effectivity of the proposed analytical model and the performance indicator.

Xiaohu Li,T. Paul Parker,Shouhuai Xu

DOI: https://doi.org/10.1109/aina.2007.138

2007-01-01

Abstract:Traditional security analyses are often geared towards cryptographic primitives or protocols. Although such analyses are absolutely necessary, they do not provide much insight for answering an equally important question: what is the security assurance of a physically or logically networked system when we consider it as a whole? This question is known to be notoriously difficult, and the state-of-the-art is that we know very little about it. In this paper, we make a step towards resolving it with a new modeling approach.

Weihong Yang,Yang Qin,Yuanyuan Yang

DOI: https://doi.org/10.1109/INFCOMW.2018.8406860

2018-01-01

Abstract:Content Centric Networking (CCN) is a novel network architecture that attempts to overcome the limitations of today's network. Security is supported fundamentally by CCN. In this paper, the spreading of malicious flows is modelled via a modified N-intertwined epidemic model. We consider three types of malicious flows: Interest flooding attack flow, content poisoning flow, and rumor. To the best of our knowledge, this paper is a first attempt to apply epidemic model to flow analysis in CCN. We introduce a forwarding matrix to the original epidemic model, which can characterize the forwarding strategy chosen by nodes. Based on modified epidemic model, we derive the upper bound for the number of nodes that affected by malicious flows, and conclude that forwarding strategy can affect the spreading of malicious flows. Matlab-based study and packet-level simulation are performed to verify our model, and the results show that spreading of malicious flows is related to forwarding strategy, and our epidemic model can better characterize malicious flows than original model.

Boyu Gao,Libao Shi

DOI: https://doi.org/10.1109/access.2020.2973030

IF: 3.9

2020-01-01

IEEE Access

Abstract:The rapid development of advanced information and communication technology has made modern power systems evolve into more complicated cyber-physical power systems (CPPSs) with mutual coupling characteristics between cyber systems and power systems, and at the same time, the CPPSs have to confront some newly emerged risks owing to cyber system unreliability or cyberattacks. In this paper, regarding the cyber and physical attacks in a CPPS, the operation risks and vulnerabilities of transmission lines are discussed in detail by building relevant game-theoretic models. Under two possible cyberattack scenarios, namely time delay of system recovery and distributed denial of service, a three-stage defender-attacker-defender tri-level mathematical programming model is proposed based on dynamic game theory of complete information. In particular, the objective functions and corresponding constraint conditions in each level are analyzed and constructed elaborately. For the solution of this proposed tri-level programming model, a solution method based on an improved particle swarm optimization approach combined with sequential quadratic programming technique is applied during analysis. Finally, the proposed model is validated through two case studies, and some preliminary concluding remarks are summarized.

Zenan Wu,Liqin Tian,Yi Zhang,Yan Wang,Yuquan Du

DOI: https://doi.org/10.1155/2021/4005877

IF: 1.968

2021-11-13

Security and Communication Networks

Abstract:At present, most network security analysis theory assumes that the players are completely rational. However, this is not consistent with the actual situation. In this paper, based on the effectiveness constraints on both sides with network attack and defense, with the help of stochastic Petri net and evolutionary game theory, the Petri net model of network attack and defense stochastic evolutionary game is reconstructed, the specific definition of the model is given, and the modeling method is given through the network connection relationship and attack and defense strategy set. Using this model, a quantitative analysis of network attack events is carried out to solve a series of indicators related to system security, namely, attack success rate, average attack time, and average system repair time. Finally, the proposed model and analysis method are applied to a classic network attack and defense process for experimental analysis, and the results verify the rationality and accuracy of the model and analysis method.

computer science, information systems,telecommunications