James Halvorsen scite author profile

James Halvorsen

3Publications

1Citation Statement Received

59Citation Statements Given

How they've been cited

How they cite others

Affiliations

Washington State University, Western Washington University

Publications

Order By: Most citations

Evaluating the Observability of Network Security Monitoring Strategies With TOMATO

Halvorsen

Waite²,

Hahn

2019

IEEE Access

View full text Add to dashboard Cite

Monitoring systems for malicious behavior increasingly requires aggregating and analyzing data from various sources, such as network flows, host logs, and end-point monitoring platforms. However, there's currently a lack of metrics and methodologies to compute the observability and efficiency of a security monitoring strategy. This manuscript introduces TOMATO (Threat Observability & Monitoring Assessment Tool), which is a platform to evaluate the effectiveness of a security monitoring strategy by exploring both the number of known adversarial techniques that can be detected within a network, along with evaluating the number of false-positives produced by the monitoring strategy. The output produces both an observability score and efficiency score of a set of deployed monitoring techniques, which are evaluated based on the data from the environment, and simulated attacks generated from MITRE ATT&CK. The proposed approach is then integrated into an ELK stack and evaluated on real SCADA devices within the WSU Smart City Testbed.

show abstract

CP‐SyNet: A tool for generating customised cyber‐power synthetic network for distribution systems with distributed energy resources

et al. 2022

View full text Add to dashboard Cite

The integration of distributed energy resources and advancement in information technology has enabled the transition of traditional power distribution systems to active cyber-physical distribution systems. A growing amount of research has been done on the modelling, analysis, and optimisation of power distribution system behaviour. However, existing publicly available distribution test feeders are limited in numbers and have minimal features. Furthermore, these test feeders do not include cyber models and are not customisable. To bridge this gap, we propose and develop Cyber-physical synthetic distribution system network (CP-SyNet), a tool for generating customisable cyber-physical synthetic distribution test feeders. CP-SyNet generates three-phase unbalanced test feeders according to users' requirements, while simultaneously considering both the cyber side and the physical side of the network for cyber-physical analysis. The physical test network is developed using a graph-theoretical approach that employs information from existing test feeders. The cyber side considers an equivalent communication network by transforming the physical topology into possible and feasible simulated network. Two examples are presented to demonstrate the feasibility of the proposed framework to generate cyber-physical test feeders.

show abstract

Target Discovery Differentials for 0-Knowledge Detection of ICS Malware

Halvorsen

Rrushi

2017

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

James Halvorsen

Evaluating the Observability of Network Security Monitoring Strategies With TOMATO

CP‐SyNet: A tool for generating customised cyber‐power synthetic network for distribution systems with distributed energy resources

Target Discovery Differentials for 0-Knowledge Detection of ICS Malware

Contact Info

Product

Resources

About