Shouhuai Xu

DOI: https://doi.org/10.48550/arXiv.1502.05100

2015-02-18

Abstract:We explore the emerging field of {\em Cybersecurity Dynamics}, a candidate foundation for the Science of Cybersecurity.

Cryptography and Security

Xu Shouhuai,Yung Moti,Wang Jingguo

DOI: https://doi.org/10.1007/s10796-021-10134-8

2021-01-01

Information Systems Frontiers

Abstract:Cyber security (or cybersecurity) has become a fundamental issue which deeply affects citizen's lives (including their privacy), the public's economic prosperity, and national security.The high frequency of media reports on highprofile cyber attacks, which cause substantial and, at times, catastrophic damages, highlights that cyberspace is a very fragile and vulnerable ecosystem, and that our understanding of cybersecurity and our capability of defending cyberspace are far from adequate.This is true despite the numerous advancements and breakthroughs in some fields of cybersecurity.One outstanding example is cryptography, which has been built on a firm foundation in Computational Complexity Theory, starting with a number of breakthroughs, e.g.Diffie and Hellman (1976), Rivest et al. (1978), Goldwasser and Micali (1982), and Yao (1982).However, there are many cyber attacks that go beyond the standard cryptographic threats models, such as attacks which can compromise cryptographic private keys by directly stealing memory pages (e.g., Harrison and Xu (2007)), or indirectly exploiting side-channel attacks (e.g., Kocher (1996)).The state-of-the-art is that we are far from being capable of adequately dealing with such attacks in

Ren Zheng,Wenlian Lu,Shouhuai Xu

DOI: https://doi.org/10.1109/tnet.2019.2912847

2019-01-01

IEEE/ACM Transactions on Networking

Abstract:The recently proposed cybersecurity dynamics approach aims to understand cybersecurity from a holistic perspective by modeling the evolution of the global cybersecurity state. These models describe the interactions between the various kinds of cyber attacks and the various kinds of cyber defenses that take place in complex networks. In this paper, we study a particular kind of cybersecurity dynamics caused by the interactions between two classes of attacks (called push-based attacks and pull-based attacks) and two classes of defenses (called preventive and reactive defenses). The dynamics was previously shown to be globally stable in a special regime of the parameter universe of a model with node-independent and edge-independent parameters, but little is known beyond this regime. In this paper, we prove that the dynamics is globally stable in the entire parameter universe of a more general model with node-dependent and edge-dependent parameters. This means that the dynamics always converges to a unique equilibrium. We also prove that the dynamics converges exponentially to the equilibrium except for a particular parameter regime, in which the dynamics converges polynomially. Since it is often difficult to compute the equilibrium, we propose bounds of the equilibrium and numerically show that these bounds are tighter than those proposed in the literature.

Daojing He,Sammy Chan,Yan Zhang,Chunming Wu,Bing Wang

DOI: https://doi.org/10.1109/mis.2013.105

IF: 6.744

2014-01-01

IEEE Intelligent Systems

Abstract:Attack-defense models play an important role in the design of cybersecurity systems. Here, the authors review some traditional and prevailing attack-defense models along with their weaknesses. Then, they survey some recently proposed paradigm shifts to these models based on which more effective security strategies can be designed. Further, they provide some suggestions on how to adopt the new models, and present challenges that need to be addressed in this field.

Hua-shan CHEN,Lan PI,Feng LIU,Dong-dai LIN

DOI: https://doi.org/10.3969/j.issn.1671-1122.2015.03.001

2015-01-01

Abstract:With the rapid development of information technology, internet is playing an increasingly important role across the world. A trustworthy cyberspace has been closely related to national interests and has become a focus of national security and social stability. However, the past security research often focused on the solutions to speciifc threats, which sometimes was termed engineering. But we don’t have a clear understanding of many fundamental problems and universal laws of cybersecurity, that is, cybersecurity research lacks a ifrm scientiifc foundation and theoretical support. In contrast to the past engineering approach, in the recent two years, we have seen a growing push within the research community of information security to promote the study of cybersecurity as a science. This paper introduces the background of developing a science of cybersecurity, depicts the scientiifc connotation of cybersecurity and discusses ifve hard problems in the science of cybersecurity. Finally, the perspective of cybersecurity research is also proposed in this paper.

Yu Zheng,Zheng Li,Xiaolong Xu,Qingzhan Zhao

DOI: https://doi.org/10.1016/j.dcan.2021.07.006

IF: 6.348

2021-07-01

Digital Communications and Networks

Abstract:Driven by the rapid development of the Internet of Things, cloud computing and other emerging technologies, the connotation of cyber space is constantly expanding and becoming the fifth dimension of human activities. However, security problems in cyber space are becoming serious, and traditional defense measures (e.g., firewall, intrusion detection systems and security audit) often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with higher and higher degree of coordination and intelligence. By constructing and implementing the diverse strategy of dynamic transformation, the configuration characteristics of systems are constantly changing and the probability of vulnerability exposure is increasing. Therefore, the difficulty and cost of attack are increasing, which provides new ideas for reversing the asymmetric situation of defense and attack in cyber space. Nonetheless, there are few related works that systematically introduce dynamic defense mechanisms for cyber security. The related concepts and development strategies of dynamic defense are rarely analyzed and summarized. To bridge this gap, we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security. Specifically, we firstly introduce basic concepts and define dynamic defense in cyber security. Next, we review the architectures, enabling techniques and methods for moving target defense and mimic defense. This is followed with taxonomically summarizing the implementation and evaluation of dynamic defense. Finally, we discuss some open challenges and opportunities on dynamic defense in cyber security.

Shahid Alam

2024-03-03

Abstract:The digital transformation has created a new digital space known as cyberspace. This new cyberspace has improved the workings of businesses, organizations, governments, society as a whole, and day to day life of an individual. With these improvements come new challenges, and one of the main challenges is security. The security of the new cyberspace is called cybersecurity. Cyberspace has created new technologies and environments such as cloud computing, smart devices, IoTs, and several others. To keep pace with these advancements in cyber technologies there is a need to expand research and develop new cybersecurity methods and tools to secure these domains and environments. This book is an effort to introduce the reader to the field of cybersecurity, highlight current issues and challenges, and provide future directions to mitigate or resolve them. The main specializations of cybersecurity covered in this book are software security, hardware security, the evolution of malware, biometrics, cyber intelligence, and cyber forensics. We must learn from the past, evolve our present and improve the future. Based on this objective, the book covers the past, present, and future of these main specializations of cybersecurity. The book also examines the upcoming areas of research in cyber intelligence, such as hybrid augmented and explainable artificial intelligence (AI). Human and AI collaboration can significantly increase the performance of a cybersecurity system. Interpreting and explaining machine learning models, i.e., explainable AI is an emerging field of study and has a lot of potentials to improve the role of AI in cybersecurity.

Cryptography and Security

Quanyan Zhu

2024-04-05

Abstract:Cyber resilience is a complementary concept to cybersecurity, focusing on the preparation, response, and recovery from cyber threats that are challenging to prevent. Organizations increasingly face such threats in an evolving cyber threat landscape. Understanding and establishing foundations for cyber resilience provide a quantitative and systematic approach to cyber risk assessment, mitigation policy evaluation, and risk-informed defense design. A systems-scientific view toward cyber risks provides holistic and system-level solutions. This chapter starts with a systemic view toward cyber risks and presents the confluence of game theory, control theory, and learning theories, which are three major pillars for the design of cyber resilience mechanisms to counteract increasingly sophisticated and evolving threats in our networks and organizations. Game and control theoretic methods provide a set of modeling frameworks to capture the strategic and dynamic interactions between defenders and attackers. Control and learning frameworks together provide a feedback-driven mechanism that enables autonomous and adaptive responses to threats. Game and learning frameworks offer a data-driven approach to proactively reason about adversarial behaviors and resilient strategies. The confluence of the three lays the theoretical foundations for the analysis and design of cyber resilience. This chapter presents various theoretical paradigms, including dynamic asymmetric games, moving horizon control, conjectural learning, and meta-learning, as recent advances at the intersection. This chapter concludes with future directions and discussions of the role of neurosymbolic learning and the synergy between foundation models and game models in cyber resilience.

Systems and Control,Cryptography and Security,Computer Science and Game Theory

Ren Zheng,Wenlian Lu,Shouhuai Xu

DOI: https://doi.org/10.1145/2746194.2746196

2015-01-01

Abstract:The Internet is a man-made complex system under constant attacks (e.g., Advanced Persistent Threats and malwares). It is therefore important to understand the phenomena that can be induced by the interaction between cyber attacks and cyber defenses. In this paper, we explore the rich phenomena that can be exhibited when the defender employs active defense to combat cyber attacks. To the best of our knowledge, this is the first study that shows that active cyber defense dynamics (or more generally, cybersecurity dynamics) can exhibit the bifurcation and chaos phenomena. This has profound implications for cyber security measurement and prediction: (i) it is infeasible (or even impossible) to accurately measure and predict cyber security under certain circumstances; (ii) the defender must manipulate the dynamics to avoid such unmanageable situations in real-life defense operations.

Alexander Kott

DOI: https://doi.org/10.48550/arXiv.1512.00407

2015-11-29

Cryptography and Security

Abstract:Terms like "Science of Cyber" or "Cyber Science" have been appearing in literature with growing frequency, and influential organizations initiated research initiatives toward developing such a science even though it is not clearly defined. We propose to define the domain of the science of cyber security by noting the most salient artifact within cyber security -- malicious software -- and defining the domain as comprised of phenomena that involve malicious software (as well as legitimate software and protocols used maliciously) used to compel a computing device or a network of computing devices to perform actions desired by the perpetrator of malicious software (the attacker) and generally contrary to the intent (the policy) of the legitimate owner or operator (the defender) of the computing device(s). We further define the science of cyber security as the study of relations -- preferably expressed as theoretically-grounded models -- between attributes, structures and dynamics of: violations of cyber security policy; the network of computing devices under attack; the defenders' tools and techniques; and the attackers' tools and techniques where malicious software plays the central role. We offer a simple formalism of these key objects within cyber science and systematically derive a classification of primary problem classes within cyber science.

Dingyu Yan

DOI: https://doi.org/10.48550/arXiv.2001.05734

2020-01-16

Cryptography and Security

Abstract:Solving cybersecurity issues requires a holistic understanding of components, factors, structures and their interactions in cyberspace, but conventional modeling approaches view the field of cybersecurity by their boundaries so that we are still not clear to cybersecurity and its changes. In this paper, we attempt to discuss the application of systems thinking approaches to cybersecurity modeling. This paper reviews the systems thinking approaches and provides the systems theories and methods for tackling cybersecurity challenges, regarding relevant fields, associated impact factors and their interactions. Moreover, an illustrative example of systems thinking frameworks for cybersecurity modeling is developed to help broaden the mind in methodology, theory, technology and practice. This article concludes that systems thinking can be considered as one of the powerful tools of cybersecurity modeling to find, characterize, understand, evaluate and predict cybersecurity.

Michael D. Norman,Matthew T. K. Koehler,Matthew T.K. Koehler

DOI: https://doi.org/10.48550/arXiv.1706.08598

2017-06-19

Physics and Society

Abstract:In a world of ever-increasing systems interdependence, effective cybersecurity policy design seems to be one of the most critically understudied elements of our national security strategy. Enterprise cyber technologies are often implemented without much regard to the interactions that occur between humans and the new technology. Furthermore, the interactions that occur between individuals can often have an impact on the newly employed technology as well. Without a rigorous, evidence-based approach to ground an employment strategy and elucidate the emergent organizational needs that will come with the fielding of new cyber capabilities, one is left to speculate on the impact that novel technologies will have on the aggregate functioning of the enterprise. In this paper, we will explore a scenario in which a hypothetical government agency applies a complexity science perspective, supported by agent-based modeling, to more fully understand the impacts of strategic policy decisions. We present a model to explore the socio-technical dynamics of these systems, discuss lessons using this platform, and suggest further research and development.

Brandon Collins,Shouhuai Xu,Philip N. Brown

2024-01-25

Abstract:The discipline of game theory was introduced in the context of economics, and has been applied to study cyber attacker and defender behaviors. While adaptions have been made to accommodate features in the cyber domain, these studies are inherently limited by the root of game theory in economic systems where players (i.e., agents) may be selfish but not malicious. In this SoK, we systematize the major cybersecurity problems that have been studied with the game-theoretic approach, the assumptions that have been made, the models and solution concepts that have been proposed. The systematization leads to a characterization of the technical gaps that must be addressed in order to make game-theoretic cybersecurity models truly useful. We explore bridges to address them.

Computer Science and Game Theory,Cryptography and Security

Michael D. Adams,Seth D. Hitefield,Bruce Hoy,Michael C. Fowler,T. Charles Clancy

DOI: https://doi.org/10.48550/arXiv.1311.0257

2013-11-01

Cryptography and Security

Abstract:A significant limitation of current cyber security research and techniques is its reactive and applied nature. This leads to a continuous 'cyber cycle' of attackers scanning networks, developing exploits and attacking systems, with defenders detecting attacks, analyzing exploits and patching systems. This reactive nature leaves sensitive systems highly vulnerable to attack due to un-patched systems and undetected exploits. Some current research attempts to address this major limitation by introducing systems that implement moving target defense. However, these ideas are typically based on the intuition that a moving target defense will make it much harder for attackers to find and scan vulnerable systems, and not on theoretical mathematical foundations. The continuing lack of fundamental science and principles for developing more secure systems has drawn increased interest into establishing a 'science of cyber security'. This paper introduces the concept of using cybernetics, an interdisciplinary approach of control theory, systems theory, information theory and game theory applied to regulatory systems, as a foundational approach for developing cyber security principles. It explores potential applications of cybernetics to cyber security from a defensive perspective, while suggesting the potential use for offensive applications. Additionally, this paper introduces the fundamental principles for building non-stationary systems, which is a more general solution than moving target defenses. Lastly, the paper discusses related works concerning the limitations of moving target defense and one implementation based on non-stationary principles.

William Yeoh,Shan Wang,Ales Popovic,Noman H. Chowdhury

DOI: https://doi.org/10.1016/j.cose.2022.102724

IF: 5.105

2022-01-01

Computers & Security

Abstract:Extant studies suggest that cybersecurity is critical and among the IT spending priorities of organizations. In response, the literature draws attention to the cybersecurity critical success factors (CSFs) that enable organizations to focus their scarce resources accordingly. Following a systematic literature review method, we analyze and synthesize extant CSF studies on cybersecurity implementation and management for organizations. Then, drawing on the synthesized CSFs and blending them with IT capability theory, we present an overarching cybersecurity CSF framework building upon 79 cybersecurity elements grouped into 11 CSFs under five dimensions of cybersecurity capability: organizational, infrastructural, strategic, process, and external. In addition, the descriptive analysis of the search results reveals the importance of the various factors and capabilities, the trend of the cybersecurity capability dimensions, the frequency and types of research methods, and the contextual impact of the factors. This research makes an important contribution to the literature on cybersecurity management. The CSF framework serves as the foundation for future researchers interested in measuring organizational cybersecurity success. In addition, practitioners can employ the synthesized CSFs and associated elements to guide their cybersecurity management.

Blake C. Stacey,Yaneer Bar-Yam

DOI: https://doi.org/10.48550/arXiv.1303.2682

2013-03-11

Cryptography and Security

Abstract:Cybersecurity attacks are a major and increasing burden to economic and social systems globally. Here we analyze the principles of security in different domains and demonstrate an architectural flaw in current cybersecurity. Cybersecurity is inherently weak because it is missing the ability to defend the overall system instead of individual computers. The current architecture enables all nodes in the computer network to communicate transparently with one another, so security would require protecting every computer in the network from all possible attacks. In contrast, other systems depend on system-wide protections. In providing conventional security, police patrol neighborhoods and the military secures borders, rather than defending each individual household. Likewise, in biology, the immune system provides security against viruses and bacteria using primarily action at the skin, membranes, and blood, rather than requiring each cell to defend itself. We propose applying these same principles to address the cybersecurity challenge. This will require: (a) Enabling pervasive distribution of self-propagating securityware and creating a developer community for such securityware, and (b) Modifying the protocols of internet routers to accommodate adaptive security software that would regulate internet traffic. The analysis of the immune system architecture provides many other principles that should be applied to cybersecurity. Among these principles is a careful interplay of detection and action that includes evolutionary improvement. However, achieving significant security gains by applying these principles depends strongly on remedying the underlying architectural limitations.

Shah Khalid Khan,Nirajan Shiwakoti,Peter Stasinopoulos,Yilun Chen,Matthew Warren

DOI: https://doi.org/10.1016/j.tranpol.2024.11.019

IF: 6.173

2024-01-01

Transport Policy

Abstract:Connected and Automated Vehicles (CAVs) cybersecurity is an inherently complex, multi-dimensional issue that goes beyond isolated hardware or software vulnerabilities, extending to human threats, network vulnerabilities, and broader system-level risks. Currently, no formal, comprehensive tool exists that integrates these diverse dimensions into a unified framework for CAV cybersecurity assessment. This study addresses this challenge by developing a System Dynamics (SD) model for strategic cybersecurity assessment that considers technological challenges, human threats, and public cybersecurity awareness during the CAV rollout. Specifically, the model incorporates a novel SD-based Stock-and-Flow Model (SFM) that maps six key parameters influencing cyberattacks at the system level. These parameters include CAV communication safety, user adoption rates, log file management, hacker capabilities, understanding of hacker motivations (criminology theory maturity), and public awareness of CAV cybersecurity.The SFM's structure and behaviour were rigorously tested and then used to analyse five plausible scenarios: i) Baseline (Technological Focus Only), ii) Understanding Hacker Motivations, iii) CAV User and OEM Education, iv) CAV Penetration Rate Increase, and v) CAV Penetration Rate Increase with Human Behavior Analysis. Four metrics are used to benchmark CAV cybersecurity: communication safety, probability of hacking attempts, probability of successful defence, and number of CAV adopters. The results indicate that while baseline technological advancements strengthen communication framework robustness, they may also create new vulnerabilities that hackers could exploit. Conversely, a deeper understanding of hacker motivations (Criminology Theory Maturity) effectively reduces hacking attempts. It fosters a more secure environment for early CAV adopters. Additionally, educating CAV users and OEM increases the probability of defending against cyberattacks. While CAV penetration increases the likelihood of hack defence due to a corresponding rise in attempts, there is a noticeable decrease in hacking attempts with CAV penetration when analysing human behaviour. These findings, when translated into policy instruments, can pave the way for a more optimised and resilient cyber-safe ITS.

S. Rasoul Etesami,Tamer Başar

DOI: https://doi.org/10.1007/s13235-018-00291-y

2019-01-01

Dynamic Games and Applications

Abstract:Due to complex dependencies between multiple layers and components of emerging cyber-physical systems, security and vulnerability of such systems have become a major challenge in recent years. In this regard, game theory, a powerful tool for modeling strategic interactions between multiple decision makers with conflicting objectives, offers a natural paradigm to address the security-related issues arising in these systems. While there exists substantial amount of work in modeling and analyzing security problems using game-theoretic techniques, most of the existing literature in this area focuses on static game models, ignoring the dynamic nature of interactions between the main players (defenders vs. attackers). In this paper, we focus only on dynamic game analysis of cyber-physical security problems and provide a general overview of the existing results and recent advances based on application domains. We also discuss several limitations of the existing models and identify several hitherto unaddressed directions for future research.

mathematics, interdisciplinary applications

Yujuan Han,Wenlian Lu,Shouhuai Xu

DOI: https://doi.org/10.1109/tnse.2021.3098443

IF: 6.6

2021-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Cybersecurity dynamics is a mathematical approach to modeling and analyzing cyber attacker-defender interactions in networks. In this paper, we advance the state-of-the-art in characterizing one kind of cybersecurity dynamics, known as preventive and reactive cyber defense dynamics, which is a family of highly nonlinear dynamical system models. We prove that this family of dynamics in its general form with time-dependent parameters is globally attractive when the time-dependent parameters are ergodic, and is (almost) periodic when the time-dependent parameters have the stronger properties of being (almost) periodic. Our results supersede the state-of-the-art ones, including the recent result that the same family of dynamics in the special case of time-independent parameters is globally convergent. This paper represents a significant advance in the network science approach to theoretical cybersecurity modeling because it makes the so-far weakest assumptions when compared with the literature results.

Clive Blackwell,Hong Zhu

DOI: https://doi.org/10.1007/978-3-319-04447-7_21

2014-01-01

Abstract:As patterns in cyberspace, cyberpatterns shed light on research on the development of cyber systems from a new angle. They can help us move from an improvised craft to an engineering discipline because they help to transfer knowledge about proven solutions in an understandable and reusable format. They allow innovative applications in cloud, cyber-physical and mobile systems, and novel methods of use with data patterns for observation and analysis of ‘big data’ problems. The ultimate aim of research on cyberpatterns is an overall framework for cyberpatterns integrating all the cyber domains to help develop a better-understood and effective cyberspace. However, there are many research questions in cyberpatterns that remain unanswered regarding both their conceptual foundation and practical use. This chapter concludes the book by exploring some of the most critical and important problems needing to be addressed.