ABSTRACT
The Internet is a man-made complex system under constant attacks (e.g., Advanced Persistent Threats and malwares). It is therefore important to understand the phenomena that can be induced by the interaction between cyber attacks and cyber defenses. In this paper, we explore the rich phenomena that can be exhibited when the defender employs active defense to combat cyber attacks. To the best of our knowledge, this is the first study that shows that active cyber defense dynamics (or more generally, cybersecurity dynamics) can exhibit the bifurcation and chaos phenomena. This has profound implications for cyber security measurement and prediction: (i) it is infeasible (or even impossible) to accurately measure and predict cyber security under certain circumstances; (ii) the defender must manipulate the dynamics to avoid such unmanageable situations in real-life defense operations.
- D. Aitel. Nematodes -- beneficial worms. http://www.immunityinc.com/downloads/nematodes.pdf, Sept. 2005.Google Scholar
- F. Castaneda, E. Sezer, and J. Xu. Worm vs. worm: preliminary study of an active counter-attack mechanism. In Proceedings of ACM WORM'04, pages 83--93, 2004. Google ScholarDigital Library
- D. Chakrabarti, Y. Wang, C. Wang, J. Leskovec, and C. Faloutsos. Epidemic thresholds in real networks. ACM Trans. Inf. Syst. Secur., 10(4): 1--26, 2008. Google ScholarDigital Library
- G. Da, M. Xu, and S. Xu. A new approach to modeling and analyzing security of networked systems. In Proceedings of HotSoS'14, pages 6:1--6:12. Google ScholarDigital Library
- P. S. Dodds, K. D. Harris, and C. M. Danforth. Limited imitation contagion on random networks: Chaos, universality, and unpredictability. Phys. Rev. Lett., 110: 158701, Apr 2013.Google ScholarCross Ref
- A. Ganesh, L. Massoulie, and D. Towsley. The effect of network topology on the spread of epidemics. In Proceedings of IEEE Infocom 2005, 2005.Google ScholarCross Ref
- Y. Han, W. Lu, and S. Xu. Characterizing the power of moving target defense via cyber epidemic dynamics. In Proceedings of HotSoS'14, pages 10:1--10:12. Google ScholarDigital Library
- H. Hethcote. The mathematics of infectious diseases. SIAM Rev., 42(4): 599--653, 2000. Google ScholarDigital Library
- J. Hofbauer and K. Sigmund. The theory of evolution and dynamical systems. Cambridge University Press, 1998.Google Scholar
- R. Horn and C. Johnson. Matrix Analysis. Cambridge University Press, 1985. Google ScholarCross Ref
- J. Kephart and S. White. Directed-graph epidemiological models of computer viruses. In IEEE Symposium on Security and Privacy, pages 343--361, 1991.Google ScholarCross Ref
- J. Kephart and S. White. Measuring and modeling computer virus prevalence. In IEEE Symposium on Security and Privacy, pages 2--15, 1993. Google ScholarDigital Library
- W. Kermack and A. McKendrick. A contribution to the mathematical theory of epidemics. Proc. of Roy. Soc. Lond. A, 115: 700--721, 1927.Google ScholarCross Ref
- J. Kesan and C. Hayes. Mitigative counterstriking: Self-defense and deterrence in cyberspace. Harvard Journal of Law and Technology (forthcoming, available at SSRN: http://ssrn.com/abstract=1805163).Google Scholar
- P. L. Krapivsky. Kinetics of monomer-monomer surface catalytic reactions. Phys. Rev. A, 45: 1067--1072, Jan 1992.Google ScholarCross Ref
- H. Lin. Lifting the veil on cyber offense. IEEE Security & Privacy, 7(4): 15--21, 2009. Google ScholarDigital Library
- W. Lu, S. Xu, and X. Yi. Optimizing active cyber defense dynamics. In Proceedings of GameSec'13, pages 206--225. Google ScholarDigital Library
- W. Matthews. U.s. said to need stronger, active cyber defenses. http://www.defensenews.com/story.php?i=4824730, 1 Oct 2010.Google Scholar
- A. McKendrick. Applications of mathematics to medical problems. Proc. of Edin. Math. Soceity, 14: 98--130, 1926.Google Scholar
- A. Milanese, J. Sun, and T. Nishikawa. Approximating spectral impact of structural perturbations in large networks. Phys. Rev. E, 81: 046112, Apr 2010.Google ScholarCross Ref
- J. Morales, S. Xu, and R. Sandhu. Analyzing malware detection efficiency with multiple anti-malware programs. In Proceedings of 2012 ASE CyberSecurity'12.Google Scholar
- R. Naraine. 'friendly' welchia worm wreaking havoc. http://www.internetnews.com/ent-news/article.php/3065761/Friendly-Welchia-Worm-Wreaking-Havoc.htm, August 19, 2003.Google Scholar
- R. Pastor-Satorras and A. Vespignani. Epidemic spreading in scale-free networks. PRL, 86(14): 3200--3203, 2001.Google ScholarCross Ref
- R. Robinson. Dynamical Systems: Stability, Symbolic Dynamics, and Chaos (2dn Edition). CRC Press, 1999.Google Scholar
- C. Schneider-Mizell and L. Sander. A generalized voter model on complex networks. Journal of Statistical Physics, 136(1): 11, 2008.Google Scholar
- B. Schneier. Benevolent worms. http://www.schneier.com/blog/archives/2008/02/benevolent_worm_1.html, February 19, 2008.Google Scholar
- L. Shaughnessy. The internet: Frontline of the next war? http://www.cnn.com/2011/11/07/us/darpa/, November 7, 2011.Google Scholar
- P. Van Mieghem, J. Omic, and R. Kooij. Virus spread in networks. IEEE/ACM Trans. Netw., 17(1): 1--14, Feb. 2009. Google ScholarDigital Library
- Y. Wang, D. Chakrabarti, C. Wang, and C. Faloutsos. Epidemic spreading in real networks: An eigenvalue viewpoint. In Proceedings of SRDS'03, pages 25--34.Google Scholar
- N. Weaver and D. Ellis. White worms don't work. ;login: The USENIX Magazine, 31(6): 33--38, 2006.Google Scholar
- H. S. N. Wire. Active cyber-defense strategy best deterrent against cyber-attacks. http://www.homelandsecuritynewswire.com/active-cyber-defense-strategy-best-deterrent-against-cyber-attacks, 28 June 2011.Google Scholar
- J. Wolf. Update 2-u.s. says will boost its cyber arsenal. http://www.reuters.com/article/2011/11/07/cyber-usa-offensive-idUSN1E7A61YQ20111107, November 7, 2011.Google Scholar
- M. Xu and S. Xu. An extended stochastic model for quantitative security analysis of networked systems. Internet Mathematics, 8(3): 288--320, 2012.Google ScholarCross Ref
- S. Xu. Cybersecurity dynamics. In Proceedings of HotSoS'14, pages 14:1--14:2. Google ScholarDigital Library
- S. Xu. Emergent behavior in cybersecurity. In Proceedings of HotSoS'14, pages 13:1--13:2. Google ScholarDigital Library
- S. Xu, W. Lu, and H. Li. A stochastic model of active cyber defense dynamics. Internet Mathematics, 11(1): 23--61, 2015.Google ScholarCross Ref
- S. Xu, W. Lu, and L. Xu. Push- and pull-based epidemic spreading in arbitrary networks: Thresholds and deeper insights. ACM TAAS, 7(3): 32:1--32:26, 2012. Google ScholarDigital Library
- S. Xu, W. Lu, L. Xu, and Z. Zhan. Adaptive epidemic dynamics in networks: Thresholds and control. ACM TAAS, 8(4): 19, 2014. Google ScholarDigital Library
- S. Xu, W. Lu, and Z. Zhan. A stochastic model of multivirus dynamics. IEEE TDSC, 9(1): 30--45, 2012. Google ScholarDigital Library
Index Terms
- Active cyber defense dynamics exhibiting rich phenomena
Recommendations
Towards Automated Verification of Active Cyber Defense Strategies on Software Defined Networks
SafeConfig '16: Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber DefenseActive Cyber Defense (ACD) reconfigures cyber systems (networks and hosts) in timely manner in order to automatically respond to cyber incidents and mitigate potential risks or attacks. However, to launch a successful cyber defense, ACD strategies need ...
The Cybersecurity Dynamics Way of Thinking and Landscape
MTD'20: Proceedings of the 7th ACM Workshop on Moving Target DefenseThe Cybersecurity Dynamics framework offers an approach to systematically understanding, characterizing, quantifying and managing cybersecurity from a holistic perspective. The framework looks into cyberspace through the dynamics lens because ...
Characterizing the power of moving target defense via cyber epidemic dynamics
HotSoS '14: Proceedings of the 2014 Symposium and Bootcamp on the Science of SecurityMoving Target Defense (MTD) can enhance the resilience of cyber systems against attacks. Although there have been many MTD techniques, there is no systematic understanding and quantitative characterization of the power of MTD. In this paper, we propose ...
Comments