Daojing He,Sammy Chan,Yan Zhang,Chunming Wu,Bing Wang

DOI: https://doi.org/10.1109/mis.2013.105

IF: 6.744

2014-01-01

IEEE Intelligent Systems

Abstract:Attack-defense models play an important role in the design of cybersecurity systems. Here, the authors review some traditional and prevailing attack-defense models along with their weaknesses. Then, they survey some recently proposed paradigm shifts to these models based on which more effective security strategies can be designed. Further, they provide some suggestions on how to adopt the new models, and present challenges that need to be addressed in this field.

Yinan Wang,Wei Li,Gangfeng Yan,Sumian Song

DOI: https://doi.org/10.1109/icit.2017.7915433

2017-01-01

Abstract:This paper proposes an unified framework for electrical cyber physical systems (ECPSs) and studies the mechanism of cyber attacks and cyber security. Communication networks are designed by characteristics of power grids. This model is universal to both transmission and distribution grids. The fragility of ECPSs under cyber attacks (DoS attacks and false data injection attacks) is analyzed in three scenarios based on different types and attackers' acknowledgments of the ECPSs. It has been proved that attacks happen at information uploading routers or control strategy downloading routers will influence the system differently. The effectiveness of relay protection policies and cyber security policies are verified by experimental results.

Zheyuan Sun,Maochao Xu,Kristin M. Schweitzer,Raymond M. Bateman,Alexander Kott,Shouhuai Xu

DOI: https://doi.org/10.1007/978-3-031-45933-7_4

2023-01-01

Abstract:Cyber attacks are a major and routine threat to the modern society. This highlights the importance of forecasting (i.e., predicting) cyber attacks, just like weather forecasting in the real world. In this paper, we present a study on characterizing, modeling and forecasting the number of cyber attacks at an aggregate level by leveraging a high-quality, publicly-available dataset of cyber attacks against enterprise networks; the dataset is of high quality because more than 99% of the attacks were examined and confirmed by human analysts. We find that the attacks exhibit high volatilities and burstiness. These properties guide us to design statistical models to accurately forecast cyber attacksand draw useful insights.

Jiangxing Wu

DOI: https://doi.org/10.1007/978-3-030-29844-9_3

2020-01-01

Abstract:From the perspective of technology, the current cyberspace defense methods fall into three categories: the first category focuses on the protection of information by strengthening the system with such technologies as firewall, encryption and decryption, data authentication, and access control. They offer basic protection for normal network access, legitimate user identification and rights management, and the security of confidential data. The second category includes mainly intrusion detection and other technologies, such as vulnerability detection, data authentication, traffic analysis, and log auditing. They aim to perceive attacks in real time and initiate immediate defenses according to the known features of an attack. This category relies on dynamic monitoring and alarm system enabled by feature scanning, pattern matching, data comprehensive analysis, and other methods to block or eliminate threats. The third category is network spoofing, represented by honeypot and honeynet. Their basic approach is, before any attack is performed, to actively construct special preset monitoring and sensing environments, serving as “traps,” to lure potential attackers to enter for the purpose of carrying out analysis of possible attack moves and gathering information necessary for cracking down on, tracing back, or countering the attacks.

杜彦辉,马锐,刘玉树

DOI: https://doi.org/10.3969/j.issn.1004-0579.2004.04.003

2004-01-01

Abstract:The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and characteristics, an object-oriented formalized description is presented, which contains a three-level framework and offers full specifications of all kinds of DDoS modes and their features and the relations between one another. Its greatest merit lies in that it contributes to analyzing, checking and judging DDoS. Now this formalized description has been used in a special IDS and it works very effectively.(

Yu Zheng,Zheng Li,Xiaolong Xu,Qingzhan Zhao

DOI: https://doi.org/10.1016/j.dcan.2021.07.006

IF: 6.348

2021-07-01

Digital Communications and Networks

Abstract:Driven by the rapid development of the Internet of Things, cloud computing and other emerging technologies, the connotation of cyber space is constantly expanding and becoming the fifth dimension of human activities. However, security problems in cyber space are becoming serious, and traditional defense measures (e.g., firewall, intrusion detection systems and security audit) often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with higher and higher degree of coordination and intelligence. By constructing and implementing the diverse strategy of dynamic transformation, the configuration characteristics of systems are constantly changing and the probability of vulnerability exposure is increasing. Therefore, the difficulty and cost of attack are increasing, which provides new ideas for reversing the asymmetric situation of defense and attack in cyber space. Nonetheless, there are few related works that systematically introduce dynamic defense mechanisms for cyber security. The related concepts and development strategies of dynamic defense are rarely analyzed and summarized. To bridge this gap, we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security. Specifically, we firstly introduce basic concepts and define dynamic defense in cyber security. Next, we review the architectures, enabling techniques and methods for moving target defense and mimic defense. This is followed with taxonomically summarizing the implementation and evaluation of dynamic defense. Finally, we discuss some open challenges and opportunities on dynamic defense in cyber security.

Xu Shouhuai,Yung Moti,Wang Jingguo

DOI: https://doi.org/10.1007/s10796-021-10134-8

2021-01-01

Information Systems Frontiers

Abstract:Cyber security (or cybersecurity) has become a fundamental issue which deeply affects citizen's lives (including their privacy), the public's economic prosperity, and national security.The high frequency of media reports on highprofile cyber attacks, which cause substantial and, at times, catastrophic damages, highlights that cyberspace is a very fragile and vulnerable ecosystem, and that our understanding of cybersecurity and our capability of defending cyberspace are far from adequate.This is true despite the numerous advancements and breakthroughs in some fields of cybersecurity.One outstanding example is cryptography, which has been built on a firm foundation in Computational Complexity Theory, starting with a number of breakthroughs, e.g.Diffie and Hellman (1976), Rivest et al. (1978), Goldwasser and Micali (1982), and Yao (1982).However, there are many cyber attacks that go beyond the standard cryptographic threats models, such as attacks which can compromise cryptographic private keys by directly stealing memory pages (e.g., Harrison and Xu (2007)), or indirectly exploiting side-channel attacks (e.g., Kocher (1996)).The state-of-the-art is that we are far from being capable of adequately dealing with such attacks in

YAN Fen,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1002-137X.2006.10.023

2006-01-01

Computer Science

Abstract:To deal with the increasingly serious problem of attack, after researched on many attack and existing attack analyzing methods, a systematical method to analyzing and describing attack is put forward in this paper. This method can not only effectively analyze and describe the essence characteristics of attack, but also can analyze attack process, thus it has extensive applicability. Then, how to tailor the method and the corresponding tailoring rule are talked in order to enhancing the method’s applicability. The validity and applicability of this schema are validated via many attack examples.

Sung -Do Chi,Jong Sou Park,Ki -Chan Jung,Jang -Se Lee

DOI: https://doi.org/10.1007/3-540-47719-5_26

2001-01-01

Abstract:The major objective of this paper is to develop the network security modeling and cyber attack simulation that is able to classify threats, specify attack mechanisms, verify protection mechanisms, and evaluate consequences. To do this, we have employed the advanced modeling and simulation concepts such as System Entity Structure / Model Base framework, DEVS (Discrete Event System Specification) formalism, and experimental frame concept underlying the object-oriented S/W environment. Our approach is to show the difference from others in that (i) it supports a hierarchical and modular modeling environment, (ii) it generates the command-level behavior of cyber attack scenario, (iii) it provides an efficient model building environment based on the experimental frame concept, and (iv) it supports the vulnerability analysis of given node on the network. Simulation test performed on sample network system will illustrate our techniques.

DENG Zhihong,LAO Songyang,BAI Liang,YANG Zheng

DOI: https://doi.org/10.11887/j.cn.201401032

2014-01-01

Abstract:The research is focused on the modeling technology of cyber war system.A new idea is proposed for cyber war simulation,based on which an integrated logical evolving network model of cyber war system is proposed.The model regards all of the entities which belong to different forces as components of a whole system,and represents them with verticals of the network,all kinds of interactive behaviors between distinct entities which include the cooperative behaviors,parallel behaviors and confrontational behaviors are represented with edges of the network uniformly.An entity description model based on ontology and a behavior description model based on OO-LAMBDA language are built to describe the verticals and the edges respectively.Finally,a simulation experiment is conducted by using a scenario of a real operation,the results of the experiment validate that our methods are validity and advantage.

Yulu Qi,Jincheng Zhong,Rong Jiang,Yan Jia,Aiping Li,Li Huang,Weihong Han

DOI: https://doi.org/10.1109/dsc.2019.00083

2019-01-01

Abstract:Cyber-attacks occur frequently within the Internet, and the forms of occurrence are ever-changing. In simple terms, attacks are divided into single-step attacks and APT attacks. For the two types of attack, this paper is based on the corresponding attack analysis model: diamond model and kill-chain model, respectively analyze single-step attacks and APT attacks. First, the commonality of each type of attack is obtained by analyzing the above models, and then, according to the commonality, list the characteristics of each stage of the known attack on the network. Therefore, the cyber-security status knowledge base is obtained. This knowledge base is part of the cyber-security knowledge graph. Thence, the first and most important thing that must be done is to build cyber-security knowledge graph. By emulating the attacks and collecting data on the simulation platform, the collected data is subjected to pre-processing such as fusion and de-redundancy, the security status features of different hosts at each moment are obtained. Match these network security status features with the cyber-security knowledge graph, correlate the security status of different hosts, and obtain the security status of the entire network. At the same time, utilize the trigger mechanism of the finite-state machine, and the fault tolerance mechanism is added in the matching process to ensure the accuracy of the analysis results and reduce false positives and false positives.

Xiaohu Li,Shouhuai Xu

2007-01-01

Abstract:Traditional security analyses are often geared towards cryptographic primitives or protocols. Although such analyses are absolutely necessary, they cannot address a defender’s need for insight into which aspects of a networked system have a significant impact on its security, and how to tune its configurations or parameters so as to improve security, against coordinated internal and external attacks. Such insights may only be offered by appropriate theoretic security models, which have long been sought but not much progress has been made. This paper reports our first step towards modeling coordinated internal and external attacks against networked systems.

CHEN Chun-xia,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.07.040

2005-01-01

Abstract:It needs to further investigate t echnology of network attack to protect the network security. Attack models can help in describing and analyzing the course of attack structurely and effectively, further more, they can help in sharing the security knowledge and improving the efficiency of attack detectio n and security prediction. This article analyzes and compares several attack mod els in common use at present,and then prospects the future directions of attack model research in the end.

Ying Wan,Jinde Cao

DOI: https://doi.org/10.3390/s23084013

2023-04-15

Abstract:Complex cyber-physical networks combine the prominent features of complex networks and cyber-physical systems (CPSs), and the interconnections between the cyber layer and physical layer usually pose significant impacts on its normal operation. Many vital infrastructures, such as electrical power grids, can be effectively modeled as complex cyber-physical networks. Given the growing importance of complex cyber-physical networks, the issue of their cybersecurity has become a significant concern in both industry and academic fields. This survey is focused on some recent developments and methodologies for secure control of complex cyber-physical networks. Besides the single type of cyberattack, hybrid cyberattacks are also surveyed. The examination encompasses both cyber-only hybrid attacks and coordinated cyber-physical attacks that leverage the strengths of both physical and cyber attacks. Then, special focus will be paid to proactive secure control. Reviewing existing defense strategies from topology and control perspectives aims to proactively enhance security. The topological design allows the defender to resist potential attacks in advance, while the reconstruction process can aid in reasonable and practical recovery from unavoidable attacks. In addition, the defense can adopt active switching-based control and moving target defense strategies to reduce stealthiness, increase the cost of attacks, and limit the attack impacts. Finally, conclusions are drawn and some potential research topics are suggested.

Ariel Futoransky,Luciano Notarfrancesco,Gerardo Richarte,Carlos Sarraute

DOI: https://doi.org/10.48550/arXiv.1006.1916

2010-06-10

Abstract:In this work we start walking the path to a new perspective for viewing cyberwarfare scenarios, by introducing conceptual tools (a formal model) to evaluate the costs of an attack, to describe the theater of operations, targets, missions, actions, plans and assets involved in cyberwarfare attacks. We also describe two applications of this model: autonomous planning leading to automated penetration tests, and attack simulations, allowing a system administrator to evaluate the vulnerabilities of his network.

Cryptography and Security,Artificial Intelligence

Ruggero Lanotte,Massimo Merro,Riccardo Muradore,Luca Viganò

DOI: https://doi.org/10.48550/arXiv.1611.01377

2017-04-22

Abstract:We apply formal methods to lay and streamline theoretical foundations to reason about Cyber-Physical Systems (CPSs) and cyber-physical attacks. We focus on %a formal treatment of both integrity and DoS attacks to sensors and actuators of CPSs, and on the timing aspects of these attacks. Our contributions are threefold: (1) we define a hybrid process calculus to model both CPSs and cyber-physical attacks; (2) we define a threat model of cyber-physical attacks and provide the means to assess attack tolerance/vulnerability with respect to a given attack; (3) we formalise how to estimate the impact of a successful attack on a CPS and investigate possible quantifications of the success chances of an attack. We illustrate definitions and results by means of a non-trivial engineering application.

Cryptography and Security

Christian Czosseck,Karlis Podins

DOI: https://doi.org/10.4018/ijcwt.2012010102

2012-01-01

International Journal of Cyber Warfare and Terrorism

Abstract:Throughout history, mankind has developed and employed novel weapons and countermeasures. Both offensive and defensive weapon systems are limited by the laws of nature. Consequently, military concepts and doctrines were designed by implicitly taking into account those limitations. The digital age has introduced a new class of weaponry that poses an initial challenge to the common understanding of conflict and warfare due to their different characteristics: cyber weapons. This article explores the crucial differences between the conventional weapon and cyber weapon domains, starting a debate as to what extent classical concepts and doctrines are applicable to cyberspace and cyber conflict. The authors propose a definition of cyber weapons being an instrument consisting primarily of data and knowledge, presenting them in the form of prepared and executed computer codes on or a sequence of user interactions with a vulnerable system. The authors describe a vulnerability-based model for cyber weapons and for cyber defence. This model is then applied to describe the relationship between cyber-capable actors (e.g. States). The proposed model clarifies important implications for cyber coalition-building and disarmament. Furthermore, it presents a general solution for the problem of the destruction of cyber weapons, i.e., in the context of cyber arms control.

Alexander Kott

DOI: https://doi.org/10.48550/arXiv.1512.00407

2015-11-29

Cryptography and Security

Abstract:Terms like "Science of Cyber" or "Cyber Science" have been appearing in literature with growing frequency, and influential organizations initiated research initiatives toward developing such a science even though it is not clearly defined. We propose to define the domain of the science of cyber security by noting the most salient artifact within cyber security -- malicious software -- and defining the domain as comprised of phenomena that involve malicious software (as well as legitimate software and protocols used maliciously) used to compel a computing device or a network of computing devices to perform actions desired by the perpetrator of malicious software (the attacker) and generally contrary to the intent (the policy) of the legitimate owner or operator (the defender) of the computing device(s). We further define the science of cyber security as the study of relations -- preferably expressed as theoretically-grounded models -- between attributes, structures and dynamics of: violations of cyber security policy; the network of computing devices under attack; the defenders' tools and techniques; and the attackers' tools and techniques where malicious software plays the central role. We offer a simple formalism of these key objects within cyber science and systematically derive a classification of primary problem classes within cyber science.

hasan cam,pierre mouallem,yilin mo,bruno sinopoli,benjamin nkrumah

DOI: https://doi.org/10.1109/CogSIMA.2014.6816560

2014-01-01

Abstract:A distributed cyber control system comprises various types of assets, including sensors, intrusion detection systems, scanners, controllers, and actuators. The modeling and analysis of these components usually require multi-disciplinary approaches. This paper presents a modeling and dynamic analysis of a distributed cyber control system for situational awareness by taking advantage of control theory and time Petri net. Linear time-invariant systems are used to model the target system, attacks, assets influences, and an anomaly-based intrusion detection system. Time Petri nets are used to model the impact and timing relationships of attacks, vulnerability, and recovery at every node. To characterize those distributed control systems that are perfectly attackable, algebraic and topological attackability conditions are derived. Numerical evaluation is performed to determine the impact of attacks on distributed control system.

Rosana Montañez Rodriguez,Adham Atyabi,Shouhuai

DOI: https://doi.org/10.48550/arXiv.2203.04813

2022-03-09

Cryptography and Security

Abstract:Social engineering attacks are phenomena that are equally applicable to both the physical world and cyberspace. These attacks in the physical world have been studied for a much longer time than their counterpart in cyberspace. This motivates us to investigate how social engineering attacks in the physical world and cyberspace relate to each other, including their common characteristics and unique features. For this purpose, we propose a methodology to unify social engineering attacks and defenses in the physical world and cyberspace into a single framework, including: (i) a systematic model based on psychological principles for describing these attacks; (ii) a systematization of these attacks; and (iii) a systematization of defenses against them. Our study leads to several insights, which shed light on future research directions towards adequately defending against social engineering attacks in cyberspace.