Lawrence Knachel scite author profile

Lawrence Knachel

4Publications

15Citation Statements Received

91Citation Statements Given

How they've been cited

How they cite others

Affiliations

DEVCOM Army Research Laboratory, Adelphi Laboratory Center

Publications

Order By: Most citations

The game-theoretic model and experimental investigation of cyber wargaming

Colbert

Kott

Knachel

2018

Journal of Defense Modeling & Simulation

View full text Add to dashboard Cite

We demonstrate that game-theoretic calculations serve as a useful tool for assisting cyber wargaming teams in identifying useful strategies. We note a significant similarity between formulating cyber wargaming strategies and the methodology known in military practice as Course of Action (COA) generation. For scenarios in which the attacker must penetrate multiple layers in a defense-in-depth security configuration, an accounting of attacker and defender costs and penetration probabilities provides cost-utility payoff matrices and penetration probability matrices. These can be used as decision tools by both the defender and attacker. Inspection of the matrices allows players to deduce preferred strategies (or COAs) based on game-theoretical equilibrium solutions. The matrices also help in analyzing anticipated effects of potential human-based choices of wargame strategies and counterstrategies.We describe a mathematical game-theoretic formalism and offer detailed analysis of a table-top cyber wargame executed at the US Army Research Laboratory. Our analysis shows how game-theoretical calculations can provide an effective tool for decision-making during cyber wargames.

show abstract

Statistical models for the number of successful cyber intrusions

Leslie

Harang

Knachel

et al. 2017

Journal of Defense Modeling & Simulation

View full text Add to dashboard Cite

We propose several generalized linear models (GLMs) to predict the number of successful cyber intrusions (or "intrusions") into an organization's computer network, where the rate at which intrusions occur is a function of the following observable characteristics of the organization: (i) domain name server (DNS) traffic classified by their top-level domains (TLDs); (ii) the number of network security policy violations; and (iii) a set of predictors that we collectively call "cyber footprint" that is comprised of the number of hosts on the organization's network, the organization's similarity to educational institution behavior (SEIB), and its number of records on scholar.google.com (ROSG). In addition, we evaluate the number of intrusions to determine whether these events follow a Poisson or negative binomial (NB) probability distribution. We reveal that the NB GLM provides the best fit model for the observed count data, number of intrusions per organization, because the NB model allows the variance of the count data to exceed the mean. We also show that there are restricted and simpler NB regression models that omit selected predictors and improve the goodness-of-fit of the NB GLM for the observed data. With our model simulations, we identify certain TLDs in the DNS traffic as having significant impact on the number of intrusions. In addition, we use the models and regression results to conclude that the number of network security policy violations are consistently predictive of the number of intrusions. KeywordsDomain name server (DNS) traffic, cyber risk, generalized linear models (GLM), negative binomial (NB) model, principal component analysis (PCA), managed security service provider (MSSP), regression

show abstract

Game-Theoretic Model and Experimental Investigation of Cyber Wargaming

Colbert¹,

Kott²,

Knachel³

2018

Preprint

View full text Add to dashboard Cite

Modeling approaches for intrusion detection and prevention system return on investment

Leslie

Marvel

Edwards

et al. 2017

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.