Two related works:
1. A Large-Scale Markov Game Approach to Dynamic Protection of Interdependent Infrastructure Networks (https://rdcu.be/bJKug)
2. A Dynamic Games Approach to Proactive Defense Strategies against Advanced Persistent Threats in Cyber-Physical Systems (https://authors.elsevier.com/a/1a2wQc43uoSQ4)
This document summarizes a seminar on universal adversarial perturbations. It begins with a quick introduction to adversarial attack methods like DeepFool. It then discusses the concept of universal adversarial perturbations - single perturbations that can fool neural networks into misclassifying most images. The document explains how universal perturbations are crafted to satisfy a fooling rate while being small. It shows that a single perturbation can achieve high fooling rates across different networks and models. It also discusses how universal perturbations capture the local geometry and correlations in the decision boundaries of neural networks.
Key-Recovery Attacks on KIDS, a Keyed Anomaly Detection System1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
n-Tier Modelling of Robust Key management for Secure Data Aggregation in Wire...IJECEIAES
Security problems in Wireless Sensor Network (WSN) have been researched from more than a decade. There are various security approaches being evolving towards resisting various forms of attack using different methodologies. After reviewing the existing security approaches, it can be concluded that such security approaches are highly attack-specific and doesnt address various associated issues in WSN. It is essential for security approach to be computationally lightweight. Therefore, this paper presents a novel analytical modelling that is based on n-tier approach with a target to generate an optimized secret key that could ensure higher degree of security during the process of data aggregation in WSN. The study outcome shows that proposed system is computationally lightweight with good performance on reduced delay and reduced energy consumption. It also exhibits enhanced response time and good data delivery performance to balance the need of security and data forwarding performance in WSN.
Secure Network Discovery for Risk-Aware Framework in ManetIOSR Journals
This document summarizes a research paper that proposes an adaptive risk-aware response mechanism for secure network discovery in mobile ad hoc networks (MANETs). The mechanism uses an extended Dempster-Shafer theory that introduces importance factors to combine multiple evidence sources, like intrusion detection alerts and routing table changes, and assess overall risk. It then employs adaptive decision making to dynamically isolate malicious nodes and recover routing tables. The proposed approach aims to address limitations of existing binary and naive fuzzy isolation techniques by enabling more flexible and weighted responses to routing attacks in MANETs.
Creation of smart spaces and scaling of devices to achieve miniaturization in pervasive computing environments has put forth a question on the degree of security of such devices. Security being a unique challenge in such environments, solution demands scalability, access control, heterogeneity, trust. Most of the existing cryptographic solutions widely in use rely on the hardness of factorization and number theory
problems. With the increase in cryptanalytic attacks these schemes will soon become insecure. We need an alternate security mechanism which is as hard as the existing number theoretic approaches. In this work, we discuss the aspects of Lattice based cryptography as a new dimension of providing security whose strength lies in the hardness of lattice problems. We discuss about a cryptosystem whose security relies on high lattice dimension.
The document discusses advance techniques of computational intelligence for biomedical image analysis. It provides an overview of computational intelligence, which involves adaptive mechanisms like artificial neural networks, evolutionary computation, fuzzy systems, and swarm intelligence. These techniques exhibit an ability to learn or adapt to new environments. The document also discusses deep learning techniques like convolutional neural networks and recurrent neural networks that are widely used for tasks like image classification.
Approximating Attack Surfaces with Stack Traces [ICSE 15]Chris Theisen
Security testing and reviewing efforts are a necessity for software projects, but are time-consuming and expensive to apply. Identifying vulnerable code supports decision-making during all phases of software development. An approach for identifying vulnerable code is to identify its attack surface, the sum of all paths for untrusted data into and out of a system. Identifying the code that lies on the attack surface requires expertise and significant manual effort. This paper proposes an automated technique to empirically approximate attack surfaces through the analysis of stack traces. We hypothesize that stack traces from user-initiated crashes have several desirable attributes for measuring attack surfaces. The goal of this research is to aid software engineers in prioritizing security efforts by approximating the attack surface of a system via stack trace analysis. In a trial on Windows 8, the attack surface approximation selected 48.4% of the binaries and contained 94.6% of known vulnerabilities. Compared with vulnerability prediction models (VPMs) run on the entire codebase, VPMs run on the attack surface approximation improved recall from .07 to .1 for binaries and from .02 to .05 for source files. Precision remained at .5 for binaries, while improving from .5 to .69 for source files.
This document summarizes a seminar on universal adversarial perturbations. It begins with a quick introduction to adversarial attack methods like DeepFool. It then discusses the concept of universal adversarial perturbations - single perturbations that can fool neural networks into misclassifying most images. The document explains how universal perturbations are crafted to satisfy a fooling rate while being small. It shows that a single perturbation can achieve high fooling rates across different networks and models. It also discusses how universal perturbations capture the local geometry and correlations in the decision boundaries of neural networks.
Key-Recovery Attacks on KIDS, a Keyed Anomaly Detection System1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
n-Tier Modelling of Robust Key management for Secure Data Aggregation in Wire...IJECEIAES
Security problems in Wireless Sensor Network (WSN) have been researched from more than a decade. There are various security approaches being evolving towards resisting various forms of attack using different methodologies. After reviewing the existing security approaches, it can be concluded that such security approaches are highly attack-specific and doesnt address various associated issues in WSN. It is essential for security approach to be computationally lightweight. Therefore, this paper presents a novel analytical modelling that is based on n-tier approach with a target to generate an optimized secret key that could ensure higher degree of security during the process of data aggregation in WSN. The study outcome shows that proposed system is computationally lightweight with good performance on reduced delay and reduced energy consumption. It also exhibits enhanced response time and good data delivery performance to balance the need of security and data forwarding performance in WSN.
Secure Network Discovery for Risk-Aware Framework in ManetIOSR Journals
This document summarizes a research paper that proposes an adaptive risk-aware response mechanism for secure network discovery in mobile ad hoc networks (MANETs). The mechanism uses an extended Dempster-Shafer theory that introduces importance factors to combine multiple evidence sources, like intrusion detection alerts and routing table changes, and assess overall risk. It then employs adaptive decision making to dynamically isolate malicious nodes and recover routing tables. The proposed approach aims to address limitations of existing binary and naive fuzzy isolation techniques by enabling more flexible and weighted responses to routing attacks in MANETs.
Creation of smart spaces and scaling of devices to achieve miniaturization in pervasive computing environments has put forth a question on the degree of security of such devices. Security being a unique challenge in such environments, solution demands scalability, access control, heterogeneity, trust. Most of the existing cryptographic solutions widely in use rely on the hardness of factorization and number theory
problems. With the increase in cryptanalytic attacks these schemes will soon become insecure. We need an alternate security mechanism which is as hard as the existing number theoretic approaches. In this work, we discuss the aspects of Lattice based cryptography as a new dimension of providing security whose strength lies in the hardness of lattice problems. We discuss about a cryptosystem whose security relies on high lattice dimension.
The document discusses advance techniques of computational intelligence for biomedical image analysis. It provides an overview of computational intelligence, which involves adaptive mechanisms like artificial neural networks, evolutionary computation, fuzzy systems, and swarm intelligence. These techniques exhibit an ability to learn or adapt to new environments. The document also discusses deep learning techniques like convolutional neural networks and recurrent neural networks that are widely used for tasks like image classification.
Approximating Attack Surfaces with Stack Traces [ICSE 15]Chris Theisen
Security testing and reviewing efforts are a necessity for software projects, but are time-consuming and expensive to apply. Identifying vulnerable code supports decision-making during all phases of software development. An approach for identifying vulnerable code is to identify its attack surface, the sum of all paths for untrusted data into and out of a system. Identifying the code that lies on the attack surface requires expertise and significant manual effort. This paper proposes an automated technique to empirically approximate attack surfaces through the analysis of stack traces. We hypothesize that stack traces from user-initiated crashes have several desirable attributes for measuring attack surfaces. The goal of this research is to aid software engineers in prioritizing security efforts by approximating the attack surface of a system via stack trace analysis. In a trial on Windows 8, the attack surface approximation selected 48.4% of the binaries and contained 94.6% of known vulnerabilities. Compared with vulnerability prediction models (VPMs) run on the entire codebase, VPMs run on the attack surface approximation improved recall from .07 to .1 for binaries and from .02 to .05 for source files. Precision remained at .5 for binaries, while improving from .5 to .69 for source files.
Research of adversarial example on a deep neural networkNAVER Engineering
최근 컴퓨터 성능이 발달되고 대량의 데이터 수집이 가능하게 되면서, 인공지능 기술 중에 딥뉴럴네트워크 (Deep Neural Network, DNN)을 이용한 인공지능 기술이 각광받고 있다.
특히, 딥뉴럴네트워크은 이미지 인식, 음성 인식, 패턴 분석 등 분야에 있어서 탁월한 성능을 보여주고 있다. 하지만 딥뉴럴네트워크의 보안문제 중 Adversarial example이 주목 받고 있다.
Adversarial example은 입력 데이터에 최소한의 데이터를 변조를 하여 딥뉴럴네트워크가 원래 class가 아닌 다른 class로 잘못 인식하게 만드는 공격이다.
따라서 Adversarial example은 딥뉴럴네트워크의 보안문제에 위협이 된다. 이번 발표에서는 Adversarial example에 대한 전체적인 내용과 발표자가 제안한 방법인 Friend-safe evasion attack 등에 대해서 소개하고자 한다.
This document discusses analytics for assessing cybersecurity risks in smart grids. It identifies several risk management practices for smart grids including the NIST supply chain risk management practice, Department of Energy risk management practice, and compliance with technical standards. It also maps the relationships between smart grid domains, actors, interfaces, and vulnerabilities based on NIST guidelines to identify high-risk areas and inform priority actions. Finally, it shows how risk identification and assessment can be conducted based on analyzing security objectives, impact levels, and relationships between smart grid components defined in NIST guidelines.
This document proposes using mean field game theory to model security in mobile ad hoc networks (MANETs) as a game with multiple players. It introduces a novel approach where each individual node is treated as a separate player, rather than aggregating all defenders or attackers. The model considers the state, actions, costs and transitions of both an attacking player and defending players. Simulation results show the proposed distributed scheme helps nodes determine optimal defending strategies and improves network lifetime and security compared to other approaches.
Advanced Security Mechanism for Mobile Ad hoc Networks using Game Theoretic A...AM Publications
Game philosophy can deliver a useful tool to study the safety problem in mobile ad hoc networks (MANETs).
Most of obtainable works on smearing game theories to safety only consider two players in the security game typical: an
assailant and a protector. While this supposition may be valid for a network with centralized administration, it is not
truthful in MANETs, where centralized administration is not available. In this paper, using recent improvements in mean
field game theory, we propose a unique game hypothetical approach with multiple players for safety in MANETs. The mean
field game theory provides a powerful mathematical tool for problems with a large number of players. The future scheme
can enable an individual node in MANETs to make strategic security defense decisions without centralized administration.
Furthermore, each node in the planned scheme only needs to know its own state information and the collective
consequence of the other nodes in the MANET. Consequently, the proposed scheme is a fully dispersed scheme. Simulation
results are obtainable to illustrate the effectiveness of the proposed scheme.
TOPOLOGY MAP ANALYSIS FOR EFFECTIVE CHOICE OF NETWORK ATTACK SCENARIOIJCNCJournal
In general, network attack should be prohibited and information security technology should contribute to improve the trust of network communication. Almost network communication is based on IP packet that is standardized by the international organization. So, network attack does not work without following the standardized protocols and data format. Therefore, network attack also leaks information concerning adversaries by their IP packets. In this paper, we propose an effective choice for network attack scenario which counter-attacks adversary. We collect and analyze IP packets from the adversary, and derive network topology map of the adversary. The characteristics of topology map can be evaluated by the Eigen value of topology matrix. We observe the changes of characteristics of topology map by the influence of attack scenario. Then we can choose the most effective or suitable network counter-attack strategy. In this paper, we assume two kinds of attack scenarios and three types of tactics. And we show an example choice of attack using actual data of adversary which were observed by our dark-net monitoring.
Towards Evaluating the Robustness of Deep Intrusion Detection Models in Adver...Sri Ram
Network Intrusion Detection System (NIDS) is a method that is utilized to categorize network traffic as malicious or normal. Anomaly-based method and signature-based method are the traditional approaches used for network intrusion detection. The signature-based approach can only detect familiar attacks whereas the anomaly-based approach shows promising results in detecting new unknown attacks. Machine Learning (ML) based approaches have been studied in the past for anomaly-based NIDS. In recent years, the Deep Learning (DL) algorithms have been widely utilized for intrusion detection due to its capability to obtain optimal feature representation automatically. Even though DL based approaches improves the accuracy of the detection tremendously, they are prone to adversarial attacks. The attackers can trick the model to wrongly classify the adversarial samples into a particular target class. In this paper, the performance analysis of several ML and DL models are carried out for intrusion detection in both adversarial and non-adversarial environment. The models are trained on the NSLKDD dataset which contains a total of 148,517 data points. The robustness of several models against adversarial samples is studied.
This document summarizes an adversarial examples presentation. It discusses how adversarial examples are samples modified to cause misclassification, gradient descent optimization techniques, neural network training methods, and black-box and white-box adversarial attack methods like Fast Gradient Sign Method. It also covers adversarial example defenses, uses of adversarial examples in research, and targeted perturbation algorithms.
Monitoring Smart Grid Operations and Maintaining Missions Assurancenamblasec
This document summarizes a modeling and optimization framework for maintaining mission assurance in smart grid operations through adaptive computer network defenses. It measures key security properties as mission assurance indicators and optimizes the allocation of host and network defenses given attacker efforts and constraints to maximize mission assurance. The framework uses discrete event simulation, linear programming, and communication between ExtendSim and Excel via macros to dynamically adapt defenses based on the measured mission state. The goal is to continuously assure critical security properties like availability and integrity despite changing attacker efforts.
Self-Learning Systems for Cyber SecurityKim Hammar
The document discusses using reinforcement learning to develop self-learning systems for cyber security. It proposes modeling network attack and defense as games and using reinforcement learning to learn effective security policies. The approach involves emulating computer infrastructures, creating models from the emulations, and using reinforcement learning and simulations to evaluate policies and estimate models. The goal is to automate security tasks and develop systems that can adapt to changing attack methods.
The document summarizes adversarial machine learning. It discusses how small perturbations can cause machine learning models to misclassify inputs while remaining imperceptible to humans. Various white-box and black-box attack algorithms are described that generate adversarial examples to fool models, including fast gradient sign method, Jacobian saliency map attack, and generative adversarial networks. Defenses against adversarial attacks include adversarial training to make models more robust, input sanitization to remove perturbations, and detection-based approaches.
ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTSIJCNCJournal
The pivotal role of data security in mobile edge-computing environments forms the foundation for the
proposed work. Anomalies and outliers in the sensory data due to network attacks will be a prominent
concern in real time. Sensor samples will be considered from a set of sensors at a particular time instant as
far as the confidence level on the decision remains on par with the desired value. A “true” on the
hypothesis test eventually means that the sensor has shown signs of anomaly or abnormality and samples
have to be immediately ceased from being retrieved from the sensor. A deep learning Actor-Criticbased
Reinforcement algorithm proposed will be able to detect anomalies in the form of binary indicators and
hence decide when to withdraw from receiving further samples from specific sensors. The posterior trust
value influences the value of the confidence interval and hence the probability of anomaly detection. The
paper exercises a single-tailed normal function to determine the range of the posterior trust metric. The
decision taken by the prediction model will be able to detect anomalies with a good percentage of anomaly
detection accuracy.
Actor Critic Approach based Anomaly Detection for Edge Computing EnvironmentsIJCNCJournal
The pivotal role of data security in mobile edge-computing environments forms the foundation for the
proposed work. Anomalies and outliers in the sensory data due to network attacks will be a prominent
concern in real time. Sensor samples will be considered from a set of sensors at a particular time instant as
far as the confidence level on the decision remains on par with the desired value. A “true” on the
hypothesis test eventually means that the sensor has shown signs of anomaly or abnormality and samples
have to be immediately ceased from being retrieved from the sensor. A deep learning Actor-Criticbased
Reinforcement algorithm proposed will be able to detect anomalies in the form of binary indicators and
hence decide when to withdraw from receiving further samples from specific sensors. The posterior trust
value influences the value of the confidence interval and hence the probability of anomaly detection. The
paper exercises a single-tailed normal function to determine the range of the posterior trust metric. The
decision taken by the prediction model will be able to detect anomalies with a good percentage of anomaly
detection accuracy
Survey of Adversarial Attacks in Deep Learning ModelsIRJET Journal
This document discusses adversarial attacks and defenses in deep learning models from an interpretation perspective. It categorizes interpretation strategies into feature-level interpretation and model-level interpretation. Feature-level interpretation techniques like gradient-based methods and influence functions can help understand adversarial attacks. Model-level interpretation of components and representations can also aid in attacking models. Additionally, feature and model-level interpretation can assist in developing defenses through techniques like model robustification, adversarial detection, and representation interpretation. The document outlines algorithms and methodologies for interpreting adversarial machine learning and considers challenges in interpreting adversarial examples.
Security optimization of dynamic networks with probabilistic graph modeling a...Pvrtechnologies Nellore
This document summarizes a research paper that presents a probabilistic graph model and algorithms for analyzing network security. It aims to reduce the probability of successful attacks on complex networks that may change dynamically. The model represents network configurations probabilistically to capture uncertainties. It formulates the problem of optimizing network security resources as a linear program to compute optimal placements under constraints. Experiments on real network data show the model accurately computes vulnerability probabilities and efficiently finds optimal security configurations and quantifies risks from mobile devices.
Self-Learning Systems for Cyber SecurityKim Hammar
The document discusses challenges in cybersecurity from evolving and automated attacks on complex infrastructures. The goal is to automate security tasks and develop self-learning systems that can adapt to changing attack methods. The proposed approach is to model network attacks and defenses as games and use reinforcement learning to learn policies that can be incorporated into self-learning systems. Key aspects of the approach include emulating computer infrastructures, using the emulations to create system models, and applying reinforcement learning and policy mapping to the models to develop effective security strategies that can be implemented and help systems automate tasks and continuously self-improve over time.
FAST DETECTION OF DDOS ATTACKS USING NON-ADAPTIVE GROUP TESTINGIJNSA Journal
Network security has become more important role today to personal users and organizations. Denial-ofService (DoS) and Distributed Denial-of-Service (DDoS) attacks are serious problem in network. The major challenges in design of an efficient algorithm in data stream are one-pass over the input, poly-log space, poly-log update time and poly-log reporting time. In this paper, we use strongly explicit construction d-disjunct matrices in Non-adaptive group testing (NAGT) to adapt these requirements and propose a solution for fast detecting DoS and DDoS attacks based on NAGT approach.
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
SECURING THE DIGITAL FORTRESS: ADVERSARIAL MACHINE LEARNING CHALLENGES AND CO...IRJET Journal
This document discusses adversarial machine learning challenges and countermeasures in cybersecurity. It begins by introducing the topic of adversarial machine learning and its threats to cybersecurity systems that incorporate machine learning models. It then reviews related literature on adversarial attacks against machine learning systems. The document explores different types of adversarial attacks, such as evasion attacks and poisoning attacks, and provides real-world examples. It also discusses the motivations and goals of adversaries launching these attacks. Finally, it delves into common attack algorithms and methods used to generate adversarial examples.
6th International Disaster and Risk Conference IDRC 2016 Integrative Risk Management - Towards Resilient Cities. 28 August - 01 September 2016 in Davos, Switzerland
Self-learning systems for cyber securityKim Hammar
The document discusses using reinforcement learning and game theory to develop self-learning systems for cybersecurity. It describes challenges like evolving attacks and complex infrastructure. The approach models network attacks and defense as games and uses reinforcement learning to learn effective security policies. The work focuses on intrusion prevention, using emulation to create models of real systems and identify dynamics models for simulations. This allows training policies through reinforcement learning to automate security tasks and adapt to changing threats.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Research of adversarial example on a deep neural networkNAVER Engineering
최근 컴퓨터 성능이 발달되고 대량의 데이터 수집이 가능하게 되면서, 인공지능 기술 중에 딥뉴럴네트워크 (Deep Neural Network, DNN)을 이용한 인공지능 기술이 각광받고 있다.
특히, 딥뉴럴네트워크은 이미지 인식, 음성 인식, 패턴 분석 등 분야에 있어서 탁월한 성능을 보여주고 있다. 하지만 딥뉴럴네트워크의 보안문제 중 Adversarial example이 주목 받고 있다.
Adversarial example은 입력 데이터에 최소한의 데이터를 변조를 하여 딥뉴럴네트워크가 원래 class가 아닌 다른 class로 잘못 인식하게 만드는 공격이다.
따라서 Adversarial example은 딥뉴럴네트워크의 보안문제에 위협이 된다. 이번 발표에서는 Adversarial example에 대한 전체적인 내용과 발표자가 제안한 방법인 Friend-safe evasion attack 등에 대해서 소개하고자 한다.
This document discusses analytics for assessing cybersecurity risks in smart grids. It identifies several risk management practices for smart grids including the NIST supply chain risk management practice, Department of Energy risk management practice, and compliance with technical standards. It also maps the relationships between smart grid domains, actors, interfaces, and vulnerabilities based on NIST guidelines to identify high-risk areas and inform priority actions. Finally, it shows how risk identification and assessment can be conducted based on analyzing security objectives, impact levels, and relationships between smart grid components defined in NIST guidelines.
This document proposes using mean field game theory to model security in mobile ad hoc networks (MANETs) as a game with multiple players. It introduces a novel approach where each individual node is treated as a separate player, rather than aggregating all defenders or attackers. The model considers the state, actions, costs and transitions of both an attacking player and defending players. Simulation results show the proposed distributed scheme helps nodes determine optimal defending strategies and improves network lifetime and security compared to other approaches.
Advanced Security Mechanism for Mobile Ad hoc Networks using Game Theoretic A...AM Publications
Game philosophy can deliver a useful tool to study the safety problem in mobile ad hoc networks (MANETs).
Most of obtainable works on smearing game theories to safety only consider two players in the security game typical: an
assailant and a protector. While this supposition may be valid for a network with centralized administration, it is not
truthful in MANETs, where centralized administration is not available. In this paper, using recent improvements in mean
field game theory, we propose a unique game hypothetical approach with multiple players for safety in MANETs. The mean
field game theory provides a powerful mathematical tool for problems with a large number of players. The future scheme
can enable an individual node in MANETs to make strategic security defense decisions without centralized administration.
Furthermore, each node in the planned scheme only needs to know its own state information and the collective
consequence of the other nodes in the MANET. Consequently, the proposed scheme is a fully dispersed scheme. Simulation
results are obtainable to illustrate the effectiveness of the proposed scheme.
TOPOLOGY MAP ANALYSIS FOR EFFECTIVE CHOICE OF NETWORK ATTACK SCENARIOIJCNCJournal
In general, network attack should be prohibited and information security technology should contribute to improve the trust of network communication. Almost network communication is based on IP packet that is standardized by the international organization. So, network attack does not work without following the standardized protocols and data format. Therefore, network attack also leaks information concerning adversaries by their IP packets. In this paper, we propose an effective choice for network attack scenario which counter-attacks adversary. We collect and analyze IP packets from the adversary, and derive network topology map of the adversary. The characteristics of topology map can be evaluated by the Eigen value of topology matrix. We observe the changes of characteristics of topology map by the influence of attack scenario. Then we can choose the most effective or suitable network counter-attack strategy. In this paper, we assume two kinds of attack scenarios and three types of tactics. And we show an example choice of attack using actual data of adversary which were observed by our dark-net monitoring.
Towards Evaluating the Robustness of Deep Intrusion Detection Models in Adver...Sri Ram
Network Intrusion Detection System (NIDS) is a method that is utilized to categorize network traffic as malicious or normal. Anomaly-based method and signature-based method are the traditional approaches used for network intrusion detection. The signature-based approach can only detect familiar attacks whereas the anomaly-based approach shows promising results in detecting new unknown attacks. Machine Learning (ML) based approaches have been studied in the past for anomaly-based NIDS. In recent years, the Deep Learning (DL) algorithms have been widely utilized for intrusion detection due to its capability to obtain optimal feature representation automatically. Even though DL based approaches improves the accuracy of the detection tremendously, they are prone to adversarial attacks. The attackers can trick the model to wrongly classify the adversarial samples into a particular target class. In this paper, the performance analysis of several ML and DL models are carried out for intrusion detection in both adversarial and non-adversarial environment. The models are trained on the NSLKDD dataset which contains a total of 148,517 data points. The robustness of several models against adversarial samples is studied.
This document summarizes an adversarial examples presentation. It discusses how adversarial examples are samples modified to cause misclassification, gradient descent optimization techniques, neural network training methods, and black-box and white-box adversarial attack methods like Fast Gradient Sign Method. It also covers adversarial example defenses, uses of adversarial examples in research, and targeted perturbation algorithms.
Monitoring Smart Grid Operations and Maintaining Missions Assurancenamblasec
This document summarizes a modeling and optimization framework for maintaining mission assurance in smart grid operations through adaptive computer network defenses. It measures key security properties as mission assurance indicators and optimizes the allocation of host and network defenses given attacker efforts and constraints to maximize mission assurance. The framework uses discrete event simulation, linear programming, and communication between ExtendSim and Excel via macros to dynamically adapt defenses based on the measured mission state. The goal is to continuously assure critical security properties like availability and integrity despite changing attacker efforts.
Self-Learning Systems for Cyber SecurityKim Hammar
The document discusses using reinforcement learning to develop self-learning systems for cyber security. It proposes modeling network attack and defense as games and using reinforcement learning to learn effective security policies. The approach involves emulating computer infrastructures, creating models from the emulations, and using reinforcement learning and simulations to evaluate policies and estimate models. The goal is to automate security tasks and develop systems that can adapt to changing attack methods.
The document summarizes adversarial machine learning. It discusses how small perturbations can cause machine learning models to misclassify inputs while remaining imperceptible to humans. Various white-box and black-box attack algorithms are described that generate adversarial examples to fool models, including fast gradient sign method, Jacobian saliency map attack, and generative adversarial networks. Defenses against adversarial attacks include adversarial training to make models more robust, input sanitization to remove perturbations, and detection-based approaches.
ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTSIJCNCJournal
The pivotal role of data security in mobile edge-computing environments forms the foundation for the
proposed work. Anomalies and outliers in the sensory data due to network attacks will be a prominent
concern in real time. Sensor samples will be considered from a set of sensors at a particular time instant as
far as the confidence level on the decision remains on par with the desired value. A “true” on the
hypothesis test eventually means that the sensor has shown signs of anomaly or abnormality and samples
have to be immediately ceased from being retrieved from the sensor. A deep learning Actor-Criticbased
Reinforcement algorithm proposed will be able to detect anomalies in the form of binary indicators and
hence decide when to withdraw from receiving further samples from specific sensors. The posterior trust
value influences the value of the confidence interval and hence the probability of anomaly detection. The
paper exercises a single-tailed normal function to determine the range of the posterior trust metric. The
decision taken by the prediction model will be able to detect anomalies with a good percentage of anomaly
detection accuracy.
Actor Critic Approach based Anomaly Detection for Edge Computing EnvironmentsIJCNCJournal
The pivotal role of data security in mobile edge-computing environments forms the foundation for the
proposed work. Anomalies and outliers in the sensory data due to network attacks will be a prominent
concern in real time. Sensor samples will be considered from a set of sensors at a particular time instant as
far as the confidence level on the decision remains on par with the desired value. A “true” on the
hypothesis test eventually means that the sensor has shown signs of anomaly or abnormality and samples
have to be immediately ceased from being retrieved from the sensor. A deep learning Actor-Criticbased
Reinforcement algorithm proposed will be able to detect anomalies in the form of binary indicators and
hence decide when to withdraw from receiving further samples from specific sensors. The posterior trust
value influences the value of the confidence interval and hence the probability of anomaly detection. The
paper exercises a single-tailed normal function to determine the range of the posterior trust metric. The
decision taken by the prediction model will be able to detect anomalies with a good percentage of anomaly
detection accuracy
Survey of Adversarial Attacks in Deep Learning ModelsIRJET Journal
This document discusses adversarial attacks and defenses in deep learning models from an interpretation perspective. It categorizes interpretation strategies into feature-level interpretation and model-level interpretation. Feature-level interpretation techniques like gradient-based methods and influence functions can help understand adversarial attacks. Model-level interpretation of components and representations can also aid in attacking models. Additionally, feature and model-level interpretation can assist in developing defenses through techniques like model robustification, adversarial detection, and representation interpretation. The document outlines algorithms and methodologies for interpreting adversarial machine learning and considers challenges in interpreting adversarial examples.
Security optimization of dynamic networks with probabilistic graph modeling a...Pvrtechnologies Nellore
This document summarizes a research paper that presents a probabilistic graph model and algorithms for analyzing network security. It aims to reduce the probability of successful attacks on complex networks that may change dynamically. The model represents network configurations probabilistically to capture uncertainties. It formulates the problem of optimizing network security resources as a linear program to compute optimal placements under constraints. Experiments on real network data show the model accurately computes vulnerability probabilities and efficiently finds optimal security configurations and quantifies risks from mobile devices.
Self-Learning Systems for Cyber SecurityKim Hammar
The document discusses challenges in cybersecurity from evolving and automated attacks on complex infrastructures. The goal is to automate security tasks and develop self-learning systems that can adapt to changing attack methods. The proposed approach is to model network attacks and defenses as games and use reinforcement learning to learn policies that can be incorporated into self-learning systems. Key aspects of the approach include emulating computer infrastructures, using the emulations to create system models, and applying reinforcement learning and policy mapping to the models to develop effective security strategies that can be implemented and help systems automate tasks and continuously self-improve over time.
FAST DETECTION OF DDOS ATTACKS USING NON-ADAPTIVE GROUP TESTINGIJNSA Journal
Network security has become more important role today to personal users and organizations. Denial-ofService (DoS) and Distributed Denial-of-Service (DDoS) attacks are serious problem in network. The major challenges in design of an efficient algorithm in data stream are one-pass over the input, poly-log space, poly-log update time and poly-log reporting time. In this paper, we use strongly explicit construction d-disjunct matrices in Non-adaptive group testing (NAGT) to adapt these requirements and propose a solution for fast detecting DoS and DDoS attacks based on NAGT approach.
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
SECURING THE DIGITAL FORTRESS: ADVERSARIAL MACHINE LEARNING CHALLENGES AND CO...IRJET Journal
This document discusses adversarial machine learning challenges and countermeasures in cybersecurity. It begins by introducing the topic of adversarial machine learning and its threats to cybersecurity systems that incorporate machine learning models. It then reviews related literature on adversarial attacks against machine learning systems. The document explores different types of adversarial attacks, such as evasion attacks and poisoning attacks, and provides real-world examples. It also discusses the motivations and goals of adversaries launching these attacks. Finally, it delves into common attack algorithms and methods used to generate adversarial examples.
6th International Disaster and Risk Conference IDRC 2016 Integrative Risk Management - Towards Resilient Cities. 28 August - 01 September 2016 in Davos, Switzerland
Self-learning systems for cyber securityKim Hammar
The document discusses using reinforcement learning and game theory to develop self-learning systems for cybersecurity. It describes challenges like evolving attacks and complex infrastructure. The approach models network attacks and defense as games and uses reinforcement learning to learn effective security policies. The work focuses on intrusion prevention, using emulation to create models of real systems and identify dynamics models for simulations. This allows training policies through reinforcement learning to automate security tasks and adapt to changing threats.
Similar to Algorithmic Game Theory for Critical Infrastructure Security and Resilience (20)
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on automated letter generation for Bonterra Impact Management using Google Workspace or Microsoft 365.
Interested in deploying letter generation automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Tatiana Kojar
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfflufftailshop
When it comes to unit testing in the .NET ecosystem, developers have a wide range of options available. Among the most popular choices are NUnit, XUnit, and MSTest. These unit testing frameworks provide essential tools and features to help ensure the quality and reliability of code. However, understanding the differences between these frameworks is crucial for selecting the most suitable one for your projects.
Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes.
Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions.
Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻
The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️
Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution.
The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
A Comprehensive Guide to DeFi Development Services in 2024Intelisync
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Introduction of Cybersecurity with OSS at Code Europe 2024
Algorithmic Game Theory for Critical Infrastructure Security and Resilience
1. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Algorithmic Game Theory for Critical Infrastructure
Security and Resilience
Linan Huang Quanyan Zhu
Department of Electrical and Computer Engineering
New York University, USA
Game Solving: Theory and Practice, Prague, Czech Republic
Monday, July 9, 2018
July 9, 2018 1 / 54
2. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Critical Infrastructure
Presidential Policy Directive 21 (PPD-21) identifies 16 sectors.
Critical infrastructure sectors must be secure and resilient from all natural
hazards and human attacks.
Source: http://www.sandia.gov/nisac
July 9, 2018 2 / 54
3. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Catastrophe and Cyber-physical Threats
Hurricane Sandy (NJ), Harvey (Texas), Irma (Florida).
Large-scale power cut.
Flooding subway stations.
Collapsed and submerged roads.
July 9, 2018 3 / 54
4. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Hurricane Sandy
Source: New York Times
July 9, 2018 4 / 54
5. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Resilience
Figure: Resilience of PSE&G Electric Power System during Hurricane Sandy. Source:
New York Times.
July 9, 2018 5 / 54
6. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Resilience
Figure: Resilience of ConEd Electric Power System during Hurricane Sandy. Source: New
York Times.
July 9, 2018 6 / 54
7. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Catastrophe and Cyber-physical Threats
Advanced persistent threats: Stuxnet
Specifically targeted v.s. spray-and-pray
Long-term persistent v.s. smash-and-grab
Methodical v.s. opportunistic
Source: https://www.extremetech.com/computing/200898-windows-pcs-vulnerable-to-stuxnet-attack-
five-years-after-patches
July 9, 2018 7 / 54
8. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Security and Resilience
Security: Deter attackers from reaching and sabotaging their targets.
Resilience: What if an attack succeeds?
Guarantee essential services.
Reduce economic loss.
Recover wholly and quickly from failures.
Security Resilience
Deter attacks
from success
Mitigate
attack
impact
Recover quickly
and entirely
July 9, 2018 8 / 54
9. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Network-level Security and Resilience
Connected infrastructure sectors to enhance information, energy and material
exchanges.
Multi-layer networks model the interdependent infrastructure sectors.
Nodes are abstractions of systems or network components.
Links represent logical, physical or geographical dependencies.
http://energyskeptic.com/2011/em/
July 9, 2018 9 / 54
10. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Interdependencies among different critical infrastructures
Source: Gao et al. Natl. Sci. Rev. 2014.
July 9, 2018 10 / 54
11. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Cascading Failures
Interdependencies cause cross-infrastructure cascading failures.
Demos of cascading failures and recovery
https://drive.google.com/drive/u/0/folders/0B6-Q8-SnvO6lYmlxX2FuN3ZuV1U
Mitigate cascading failures through
Agile response to disasters and attacks
Dynamic long-term planning of resources
July 9, 2018 11 / 54
12. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Node-level Security and Resilience
Zooming-in: From high-level network models to node-level models.
Modeling the attack path of APTs for a facility.
Initial entry: compromise, but not breach the network.
Privilege escalation: control the (C&C) servers to receive additional
instructions and malicious code.
Lateral movement: establish additional points of compromise so that the
attack can continue if one point is closed.
Leave backdoors and the network remains compromised.
Developing cost-effective proactive defense strategies.
July 9, 2018 12 / 54
13. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Game-theoretic Framework
Advantages of game-theoretic framework
Worst-case analysis of natural failures with unknown statistics
Modeling attackers and defenders with distinctive objectives
Security from a strategic perspective
Computational challenges
NE computation of stochastic games over large-scale networks
PBNE computation of dynamic games under incomplete information
July 9, 2018 13 / 54
14. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Part I:
Network-Level Infrastructure Protection
Multi-layer networks under cyber-physical attacks
Game-theoretic modeling of cascading failures and resilient
policies
Approximation algorithm to tackle the curse of
dimensionality
July 9, 2018 14 / 54
15. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Cyber and Physical Attacks
Natural disasters or attacks cause a component failure
Cyber, physical, and logical interdependence
Negative effects on other components
Systematic failures
July 9, 2018 15 / 54
16. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Related Work
Modeling and understanding large-scale interdependent infrastructure
network.
Physical, cyber, geographic, logical dependency [Rinaldi et al. 2001].
Risk management based on network flows [Lee et al. 2007], numerical
simulation [Korkali et al. 2014], and interacting dynamic coupling [Rosato et
al. 2008].
CASCADE [Dobson et al. 2005]: High-level probabilistic model.
Game-theoretic methods for security and resilience of cyberphysical control
systems [Zhu and Ba¸sar 2015] and decentralized decision-making [Chen and Zhu
2016].
Scalable methods for curse of dimensionality: constraint sampling in
approximate dynamic programming [Farias and Roy 2004] and factored MDP
[Guestrin et al. 2003].
July 9, 2018 16 / 54
17. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Multi-layer Networks
Nodes represent components and links represent dependencies: G = (N, E).
The jth
node at layer i has a state of being normal xi
j = 1 or faulty xi
j = 0.
The jth
node at layer i can be attacked (resp. defended) ai
j = 1 (resp.
di
j = 1) or not ai
j = 0 (resp. di
j = 0).
July 9, 2018 17 / 54
18. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Single-layer Network
A global index l to unify the 2D index (i, j), e.g., Ω1,1 = {n1
1, n1
2, n2
1, n3
7} as
Ω1 = {n1, n2, n6, n17}.
System state x = [xl]l=1,··· ,17 ∈ X.
System action of defender d ∈ D and attacker a ∈ A.
Exponential growth of the state size.
July 9, 2018 18 / 54
19. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Stationary Policy
Defender policy µ : X → D := l Dl.
Attacker policy ν : X → A := l Al.
Information structure Fl of node l.
July 9, 2018 19 / 54
20. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Zero-sum Stochastic Markov Game
A dynamic game with probabilistic transitions.
Generalization of both Markov decision processes and repeated games.
Markov transition probability Pr(xt+1
|xt
, a, d).
Node l’s utility cl(xl, dl, al).
System utility at state x, c(x, d, a) = l cl.
Long-term objective J(x0
,µ, νµ, νµ, ν) :=
∞
t=0 γt
Eµ,νµ,νµ,ν,x0 [c(Xt, d, a)].
July 9, 2018 20 / 54
21. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Zero-Sum Stochastic Markov Game
Goal: find secure strategy µ∗
, ν∗µ∗
, ν∗
µ∗
, ν∗
and the value function of the game
J∗
(x0
) = min
µµµ∈U
max
ννν∈V
J(x0
,µ, νµ, νµ, ν) = J(x0
,µ∗
, ν∗
µ∗
, ν∗
µ∗
, ν∗
).
Risk quantification: J∗
(x0
) : X → R provides a security measure of state x0
.
Saddle-point equilibrium:
J(x0
,µ, ν∗
µ, ν∗
µ, ν∗
) ≥ J(x0
,µ∗
, ν∗
µ∗
, ν∗
µ∗
, ν∗
) ≥ J(x0
,µ∗
, νµ∗
, νµ∗
, ν), ∀ννν,µµµ, ∀x0
Minimax theorem:
min
µµµ∈U
max
ννν∈V
J(x0
,µ, νµ, νµ, ν) = max
ννν∈V
min
µµµ∈U
J(x0
,µ, νµ, νµ, ν).
Feasible stationary mixed strategy:
µ∗
µ∗
µ∗
(x) ∈ Ux
:= {φd
(x, d) ∈ R≥0
:
d
φd
(x, d) = 1}, ∀x
φd
(x, d) is the probability of taking action d at the global state x for a
defender.
July 9, 2018 21 / 54
22. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Dynamic Programming
Bellman Equation J∗
(x) = c(x, d∗
, a∗
) + γ x Pr(x |x, a∗
, d∗
)J∗
(x ), ∀x.
The first term is the reward of current stage x.
The second term is the expectation of the value function over all the
possible next stage x .
Mixed-strategy generalization
J∗
(x) =
a∈A
φa∗
(x, a) ×
f(x,a)
d∈D
c(x, d, a) + γ
x ∈ I
i=1 Xi
Pr(x |x, a, d)J∗
(x )
φd∗
(x, d), ∀x.
July 9, 2018 22 / 54
23. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Bilinear Programming
min
J∗(x),φd(x,d)
x
α(x)J∗
(x)
subject to :
J∗
(x) ≥
d
c(x, d, a) + γ
x
Pr(x |x, a, d)J∗
(x ) φd
(x, d), ∀x, ∀a
d∈D
φd
(x, d) = 1, ∀x
φd
(x, d) ≥ 0, ∀x, d.
Bilinear programming is nonlinear and the current computation tools do not
succeed in providing the global optimal.
The direct computation of J∗
(x) is hard, but we can use value iteration
Jt+1
(x) := min
φd
max
φa
a∈A
φa
(x, a)
d∈D
[c(x, d, a) + γ
x
Pr(x |x, a, d)Jt
(x )]φd
(x, d).
July 9, 2018 23 / 54
24. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Value Iteration
Define z(x) :=
maxφa
a∈A φa
(x, a) d∈D[c(x, d, a) + γ
x
Pr(x |x, a, d)Jt
(x )]φd
(x, d).
Solve iteratively for the following linear programming with initial guess J0
(x).
min
z(x),φd(x,d)
x
α(x)z(x)
subject to :
z(x) ≥
d
c(x, d, a) + γ
x
Pr(x |x, a, d)Jt
(x ) φd
(x, d), ∀x, ∀a
d∈D
φd
(x, d) = 1, ∀x
φd
(x, d) ≥ 0, ∀x, d.
The optimal value of variable z(x) is the Jt+1
(x).
Replace Jt
(x) with Jt+1
(x) and iterate.
July 9, 2018 24 / 54
25. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Single controller
Single controller assumption Pr(x |x, a, d) = Pr(x |x, a) results in the
following linear program.
Prime LP:
min
J∗(x),φd(x,d)
x
α(x )J∗
(x )
subject to :
J∗
(x) ≥
d∈D
c(x, d, a)φd
(x, d) + γ
x
Pr(x |x, a)J∗
(x ), ∀x, a
d∈D
φd
(x, d) = 1, ∀x
φd
(x, d) ≥ 0, ∀x, d.
Large-scale network with system state x.
LP variables J∗
(x) and φd
(x, d).
LP constraints ∀x ∈ X, ∀a ∈ A.
July 9, 2018 25 / 54
26. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Approximation
Approximate LP: J∗
(x) =
k
j=1 wjhj(x).
Restricted information structure of the defender
φd
(x, d) =
n
l=1
φd
l (x, dl) =
n
l=1
φd
l (Fl, dl)
and Fl is the set of nodes which node l can observe, e.g., Fl = xl.
Factored graph to exploit the sparsity of dependencies:
P(x |x, a) =
i∈N
P(xi|x, a) =
i∈N
P(xi|xi, xΩi
, ai).
Variable elimination: sum and max → max and sum.
July 9, 2018 26 / 54
27. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Example of Variable Elimination
(1 − γ)w0 ≥ max
x1,...,x4
e1(x1) + e2(x1, x2) + e3(x2, x3, x4) + e4(x3, x4).
With an elimination order O = {x3, x2, x4, x1}, the RHS
max
x1,x2,x4
e1(x1) + e2(x1, x2) + max
x3
e3(x2, x3, x4) + e4(x3, x4)
= max
x1,x2,x4
e1(x1) + e2(x1, x2) + E1(x2, x4).
A new constraint is generated, i.e.,
E1(x2, x4) ≥ e3(x2, x3, x4) + e4(x3, x4), ∀x2, x3, x4.
21 3 4
Unattackable a2 ≡ 0
xΩ1 = ∅ xΩ2 = [x1] xΩ2 = [x2, x4] xΩ2 = [x3]
July 9, 2018 27 / 54
28. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Computation Reduction
ALP in red is insensitive to network size.
Exact LP in blue grows exponentially1
.
1Huang et al., MSCPES, CPS-Week, 2017; Huang et al., GameSec 2017
July 9, 2018 28 / 54
29. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Acceptable Approximate Error
Small absolute errors in green and red.
Relative error in blue decreases as the network size increases.
July 9, 2018 29 / 54
30. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
High-Level Connections Between Two Models:
Connections between Network-Level and Node-Level Models
The node-level model provides a zoomed-in model of nodes at the
network-level model.
The node-level analysis provides ways to estimate parameters for the
network-level analysis.
Transition probability Pr(xt+1
|xt
, a, d).
Node l’s utility cl(xl, dl, al).
July 9, 2018 30 / 54
31. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Part II:
Node-Level Infrastructure Protection
Industrial control systems under multi-stage multi-phase
APTs
Game-theoretic modeling of their dynamic, stealthy, and
deceptive nature
Adaptive Bayesian learning for incomplete information
Proactive and reactive information structures for insider and
outsider threats
July 9, 2018 31 / 54
32. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Multistage Infiltration
APTs infiltrate stage by stage.
The attack graph has a tree structure without loops.
The stages are discrete and the horizon T is finite.
Defender
Stage 0 Stage 1 Stage t Stage T
Attacker
σ0
2 = R2(σ0
1) σ1
2 = R2(σ1
1) σt
2 = R2(σt
1) σT
2 = R2(σT
1 )
σ0
1 σ1
1 σt
1 σT
1
h0
= Ø h0
= {a0
1, a0
2} ht
= {ht−1
, at−1
1 , at−1
2 } hT
= {a0
1, ..., aT −1
1 , a0
2, ..., aT −1
2 }
a0
1 a1
1 at
1 aT
1
a0
2 a1
2 at
2 aT
2
July 9, 2018 32 / 54
33. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Game-theoretic Modeling of Strategic Attackers2
Acknowledge the entry: Traditional intrusion prevention can be ineffective for
APTs.
Steal full cryptographic key by zero-day vulnerabilities.
Bridge the air gap, e.g., infect other insecure clients of the same services
provider and propagate through USB.
Strategic attackers: APTs operated by human experts can analyze system
responses and learn the detection rule, thus evade traditional intrusion
detection.
2Huang and Zhu, CINS, Sigmetrics, 2018
July 9, 2018 33 / 54
34. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Related Work
Identification of APTs [Cole 2012].
Dynamic game-theoretic framework for APTs in CIs.
A security game plus an information-trading game for insider threats [Hu
et al. 2015].
Multi-layer and multi-phase game model of APTs [Zhu and Rass 2018].
Flip-It game [Dijk et al. 2013]: APTs steal the private key so that they
stealthily take over the system alternately with the defender.
Incomplete information and deception.
Use random variable to model the incomplete information in a game
[Harsanyi 1967].
Cyber denial and deception [Stech et al. 2016]: Reverse deceptions from
defenders to counter the deceptive and stealthy nature of APTs.
Bayesian learning and conjugate prior assumptions [Ryzhov 2012].
July 9, 2018 34 / 54
35. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Type as the Incomplete Information
A random variable models the incomplete information caused by the
deceptive and stealthy nature of APTs.
The realization of the random variable is the type of attackers.
Attacker’s type θ2 ∈ Θ2 distinguishes between legitimate users and APTs
with different targets.
Defender does not know the realization of the type, and needs to form a
belief Bt
1(θ2).
July 9, 2018 35 / 54
36. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Action and History
Discrete actions for player i ∈ {1, 2} at stage t: at
i ∈ At
i.
The feasible action set At
i is stage-dependent.
Observable history and perfect recall:
ht
:= [a0
1, · · · , at−1
1 , a0
2, · · · , at−1
2 ] ∈ Ht
.
Observing history is not sufficient for strategic decision making.
Behaviors do not directly reveal the type.
Different defensive methods work for different types of attacks.
Defender
Stage 0 Stage 1 Stage t Stage T
Attacker
σ0
2 = R2(σ0
1) σ1
2 = R2(σ1
1) σt
2 = R2(σt
1) σT
2 = R2(σT
1 )
σ0
1 σ1
1 σt
1 σT
1
h0
= Ø h0
= {a0
1, a0
2} ht
= {ht−1
, at−1
1 , at−1
2 } hT
= {a0
1, ..., aT −1
1 , a0
2, ..., aT −1
2 }
a0
1 a1
1 at
1 aT
1
a0
2 a1
2 at
2 aT
2
July 9, 2018 36 / 54
37. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Markov State Transition
The cardinality of the history is increasing with stages.
History update: ht
= ht−1
∪ {at
1, at
2}.
State xt
shows the current system status, e.g., pressure, location of APTs,
compromised sensors, etc.
Initial state x0
and the history ht
determine state xt
∈ Xt
at stage t.
Markov state transition: xt+1
= ft
(xt
, at
1, at
2).
0 TT − 1t − 1 tStage
V T −1
i (hT −1
, θi)
V T
i (hT
, θi)
V t−1
i (ht−1
, θi)
Cost-to-go from stage t − 1
V T
i (hT
, θi)V t
i (ht
, θi)V t−1
i (ht−1
, θi)
DP
n0
3
nT
1
nT
2
nT
3
nT
4
nT
5
July 9, 2018 37 / 54
38. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Dynamic Bayesian Bimatrix Game
Stage-dependent type belief: Bt
1 : Ht
→ Θ2.
P1 forms belief according to the current observation Ht
.
Θ2 is a probability distribution over the type space Θ2.
Behavioral mixed strategy: σt
i (·|ht
, θi) : Ht
× Θi → At
i
Probability measure: at
i∈At
i
σt
i (at
i|ht
, θi) = 1.
Action at
i is a realization of the policy σt
i .
July 9, 2018 38 / 54
39. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Adaptive Belief Update
Multistage Bayesian update:
Pr(Par|data, M) =
Pr(Par|M) × Pr(Par, data|M)
Pr(data|M)
.
Type belief depends on the mixed strategy σt
2 which serves as the likelihood
function of the new observation at
2.
Bt+1
1 (θ2|[ht
, at
1, at
2]) =
Bt
1(θ2|ht
)σt
2(at
2|ht
, θ2)
1
0
Bt
1(ˆθ2|ht)σt
2(at
2|ht, ˆθ2)dˆθ2
.
One action may not directly reveal the type, e.g., behavioral analysis rather
than signature analysis for encrypted outbound traffic.
Length of the connection.
Number of packets.
Amount of data.
Destination IP.
Adversarial objective is gradually learned via the multistage transition.
July 9, 2018 39 / 54
40. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Utility Function
Stage utility: Jt
i (xt
, at
1, at
2, θ1, θ2).
State-dependent: Increasing rotor’s speed under pressure state xt
leads
to different utilities for both players.
Type-related: Same action can result in different utilities for different
types.
Cumulative utility for complete information:
ˆUt :T
1 (σt :T
1 , σt :T
2 , hT +1
, θ1, θ2) =
T
t=t
Eσt
1,σt
2
[Jt
1(xt
, σt
1, σt
2, θ1, θ2)]
=
T
t=t at
1∈At
1
σt
1(at
1|ht
, θ1)
at
2∈At
2
σt
2(at
2|ht
, θ2)Jt
1(xt
, at
1, at
2, θ1, θ2).
Expected cumulative utility for incomplete information:
Ut :T
1 (σt :T
1 , σt :T
2 , hT +1
, θ1) :=
1
0
Bt
1(θ2|ht
) ˆUt :T
1 dθ2.
July 9, 2018 40 / 54
41. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Proactive Perfect Bayesian Nash Equilibrium (P-PBNE)
Proactive information structure for insider threats.
The attacker P2 as the agent perceives policy σt
1 via insiders and chooses
policy σt
2 = R2(σt
1) as the best response to σt
1, i.e., to maximize his own
accumulated utility Ut :T
2 :
σ∗,t :T
2 = arg max
σt :T
2 ∈Σt :T
2
Ut :T
2 (σ∗,t :T
1 , σt :T
2 ) := U∗,t :T
2 .
APTs have to follow rules to evade detection and defender P1 considers the
worst-case policy.
U∗,t :T
1 := inf
σt :T
2 ∈R2(σ∗,t :T
1 )
Ut :T
1 (σ∗,t :T
1 , σt :T
2 )
= sup
σt :T
1 ∈Σt :T
1
inf
σt :T
2 ∈R2(σt :T
1 )
Ut :T
1 (σt :T
1 , σt :T
2 ).
Such equilibrium is called Proactive Perfect Bayesian Nash Equilibrium
(P-PBNE).
July 9, 2018 41 / 54
42. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Reactive Perfect Bayesian Nash Equilibrium (R-PBNE)
Reactive information structure for outsider threats.
Each player does not know the policy of the other player at every stage.
A sequence of strategies σ∗,t :T
i ∈ Σt :T
i is called the ε-reactive perfect
Bayesian Nash equilibrium for player Pi if, for a given ε ≥ 0, i ∈ {1, 2}:
Ut:T
i (σ∗,t:T
i , σ∗,t:T
−i , hT +1
, θi) ≥ sup
σt:T
i ∈Σt:T
i
Ut:T
i (σt:T
i , σ∗,t:T
−i , hT +1
, θi) − ε.
If ε = 0, we have a Reactive Perfect Bayesian Nash Equilibrium (R-PBNE).
Each player cannot gain if deviating unilaterally at any stage.
July 9, 2018 42 / 54
43. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Forward and Backward Process
Optimality principle and dynamic programming: Value function V t
i is the
optimal utility-to-go from stage t for player i.
Incomplete information: Forward belief update coupled with backward PBNE
policy computation.
Stage 0 Stage 1 Stage T
V T
i
V 1
i
V 0
i
B0
i B1
i BT
i
Forward Belief Update
Backward Policy Computation
Bt+1
1 (θ2|[ht
, at
1, at
2]) =
Bt
1(θ2|ht
)σt
2(at
2|ht
,θ2)
1
0
Bt
1(ˆθ2|ht)σt
2(at
2|ht,ˆθ2)dˆθ2
Conjugate prior assumption.
July 9, 2018 43 / 54
44. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Bayesian Games with Two-Sided Incomplete Information
Type θ1 ∈ Θ1
Belief formation
Bayesian update
Utility optimization
Player 1: defender
Bt
2 ∈ △Θ1
Type belief
Type belief
Bt
1 ∈ △Θ2
History ht
=
ht−1
∪ {at−1
1 , at−1
2 }
Belief formation
Bayesian update
Perfect Bayesian
Nash equilibrium
Utility optimization
Mixed strategy σt
1 ∈ △At
1
Mixed strategy σt
2 ∈ △At
2
Action at
1 ∈ At
1
Action at
2 ∈ At
2
Implementation
Implementation
Observable history and perfect recall
Type θ2 ∈ Θ2
Player 2: attacker
Observable history and perfect recall
July 9, 2018 44 / 54
45. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
One-sided Incomplete Information
Beta-binomial conjugate prior assumption to change the distribution update
into the parameter update.
Dynamic programming with an expanded state yt
= {xt
, αt
1, βt
1} to unify two
processes.
July 9, 2018 45 / 54
46. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Benchmark of Complete Information: Mitigate Attack
Economically
We study defender and attacker’s policies under different types of attackers.
For benign users who do not attack and inflict damages, the defender will not
take defensive actions and the system will operate normally.
When the type value increases:
P1 defends with a higher probability because an attack with a larger
type value incurs more loss once succeeds.
The increasing probability of defensive actions reduces the probability of
attacks to a relatively low level.
Defender's policy
Attacker's policy
0.0 0.4 0.6 0.8 1.0 1.2
Type
0.2
0.4
0.6
0.8
1.0
Probability
July 9, 2018 46 / 54
47. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Complete v.s. Incomplete Information
The deception of APTs creates (one-sided) uncertainties for defenders and
decreases defenders’ utilities.
NE and SE are obtained under complete information.
R-PBNE and P-PBNE are obtained under incomplete information.
More information yields better defender’s utilities for stronger types of
attacker. (Information is valuable.)
NE
R-PBNE
0.2 0.4 0.6 0.8 1.0
Type
0.2
0.4
0.6
0.8
1.0
P-PBNE
SE
Overlap
0.2 0.4 0.6 0.8 1.0
Type
0.7
0.8
0.9
1.0
July 9, 2018 47 / 54
48. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Proactive v.s. Reactive Information Structure
SE and P-PBNE are proactive solutions.
NE and R-PBNE are reactive solutions.
P-PBNE may not exist. Use supremum as the upper bound for P-PBNE.
Proactive solutions yield a higher level of utility for stronger attackers.
NE
SE
0.2 0.4 0.6 0.8 1.0
Type
0.85
0.90
0.95
1.00
R-PBNE
Supremum P-PBNE
0.2 0.4 0.6 0.8 1.0
Type
0.2
0.4
0.6
0.8
1.0
1.2
Acquiring the best-response set of the attacker via analysis of the attack tree
and honeypots can effectively confront the insider threat of APTs.
July 9, 2018 48 / 54
49. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Connections Between Two Models
Attack at the network-level aims to propagate over the network.
Attack at the node-level aims to compromise the facility.
An intelligent attacker can create both node level and network level damages
using coordinated attacks to maximize the attack impact at the network level.
July 9, 2018 49 / 54
50. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Connections Between Two Models
Defense at the network-level aims to allocate network-level resources to
prevent the spreading of the failures and recover the failures.
Defense at the node-level aims to proactively deter the attacker from
reaching the target and mitigate the damage on the facility.
July 9, 2018 50 / 54
51. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Think Fast and Slow
At the slow time scale: The equilibrium analysis of the fine-grained node-level
game model provides parameter inputs to the network-level model for
high-level resiliency planning.
At the slow time scale: The online behavior at each node determines the
real-time spreading rates (or probabilities).
July 9, 2018 51 / 54
52. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Challenges
Large-scale interdependent network
Incomplete information of attacks
Composition of attacks on different layers of network
Human behavior modeling and human-in-the-loop cyber-physical system
July 9, 2018 52 / 54
53. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Impacts of Solution
Mechanism design to deter or engage attackers in the system
Prediction of the attack policies by analyzing the game equilibrium
Proactive defense to deter attacks rather than remedy actions
Long-term dynamic resilience planning
July 9, 2018 53 / 54
54. Critical Infrastructure Security and Resilience Network-level Model Node-Level Model Connections Challenge and Solution
Thank You!
July 9, 2018 54 / 54