CAPTURE: Cyberattack Forecasting Using Non-Stationary Features with Time Lags

Okutan, Ahmet; Yang, Shanchieh Jay; McConky, Katie; Werner, Gordon

doi:10.1109/cns.2019.8802639

Cited by 8 publications

(7 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Therefore, a more appropriate way to determine the risks for ICS is a method that is based on the preparation of attack profiles [3][4]. With this method, attack profiles are considered as sequences of attacks that consist of a combination of different threats [1][2][3][4]. Then the number of risks can be described by the following dependence:…”

Section: Methods and Modelsmentioning

confidence: 99%

“…As the number and complexity of successfully implemented cyberattacks on various information and communication systems (ICS) [1] - [2] grows, the need for qualitatively new procedures for forming the composition of information protection (IP) and cybersecurity (CS) complexes on all ICS protection circuits increases. Note that the permanent task of creating effective circuits for the ICS cybersecurity has generated a lot of researches on the optimization of the composition of information protection tools (IPT) and CS.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Decision Support System on Optimization of Information Protection Tools Placement

A¹

2020

IJATCSE

View full text Add to dashboard Cite

The article discusses the possibilities of modifying the genetic algorithm (GA) to solve the problem of selecting and optimizing the configuration of information protection tools (IPT) for the security circuits of information and communication systems (ICS). The scientific novelty of the work lies in the fact that the GA proposes the use of the total amount of risks from information loss, as well as the integral indicator of IPT and cost indicators for each class of IPT, as criteria for optimizing the composition of IPT. The genetic algorithm in the problem of optimizing the choice of the composition of IPT for ICS is considered as a variation of the problem associated with multi-selection. In this regard, the optimization of the IPT placement along the ICS protection circuits is considered as a modification of the combinatorial knapsack problem. The GA used in the computing core of the decision support system (DSS) differs from the standard GA. As a part of the GA modification, the chromosomes are presented in the form of matrices, the elements of which are numbers that correspond to the IPT numbers in the ICS nodes. In the process of modifying the GA, a k-point crossing-over was applied. A fitness function is presented as the sum of efficiency factors. At the same time, in addition to the traditional absolute indicators of the IPT efficiency, the total value of risks from information loss, as well as cost indicators for each class of IPT are taken into account. The practical value of the research lies in the implementation of DSS based on the proposed modification of GA. Computational experiments on the selection of a rational software algorithm for implementing the model are performed. It is shown that the implementation of the GA in DSS allows to accelerate the search for optimal variants of cybersecurity (CS) tools placement for ICS by more than 25 times. This advantage allows not only to quickly search through the variety of hardware-software IPT and their combinations for ICS, but also to combine the proposed algorithm with the available models and algorithms for optimizing the composition of the ICS cybersecurity circuits. Potentially, such a combination of models and algorithms will make it possible to quickly rebuild the ICS protection, adjusting its profiles in accordance with new threats and classes of cyber attacks.

show abstract

Section: Methods and Modelsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Decision Support System on Optimization of Information Protection Tools Placement

A¹

2020

IJATCSE

View full text Add to dashboard Cite

show abstract

“…Аналіз останніх досліджень і публікацій. Збільшення кількості і складності успішно реалізованих кібератак на різні ОБІ [1,2] породжує потребу в якісно нових процедурах формування складу комплексів СЗІ та кібербезпеки (КБ) для всіх контурів захисту інформаційних масивів ОБІ. Задача, що не втрачає актуальність формування ефективних контурів захисту інформації (ЗІ) та КБ ОБІ породила безліч теоретичних і прикладних досліджень, присвячених питанням оптимізації складу СЗІ та КБ [3,4].…”

Section: постановка проблемиunclassified

Efficiency of the Indicators Investment Calculation Method in the Information Security System of Information Objects

et al. 2021

View full text Add to dashboard Cite

The article describes the methodology of multi-criteria optimization of costs for the information protection system of the object of informatization. The technique is based on the use of a modified VEGA genetic algorithm. A modified algorithm for solving the MCO problem of parameters of a multi-circuit information protection system of an informatization object is proposed, which makes it possible to substantiate the rational characteristics of the ISS components, taking into account the priority metrics of OBI cybersecurity selected by the expert. In contrast to the existing classical VEGA algorithm, the modified algorithm additionally applies the Pareto principle, as well as a new mechanism for the selection of population specimens. The Pareto principle applies to the best point. At this point, the solution, interpreted as the best, if there is an improvement in one of the cybersecurity metrics, and strictly no worse in another metric (or metrics). The new selection mechanism, in contrast to the traditional one, involves the creation of an intermediate population. The formation of an intermediate population occurs in several stages. At the first stage, the first half of the population is formed based on the metric - the proportion of vulnerabilities of the object of informatization that are eliminated in a timely manner. At the second stage, the second half of the intermediate population is formed based on the metric - the proportion of risks that are unacceptable for the information assets of the informatization object. Further, these parts of the intermediate population are mixed. After mixing, an array of numbers is formed and mixed. At the final stage of selection for crossing, specimens (individuals) will be taken by the number from this array. The numbers are chosen randomly. The effectiveness of this technique has been confirmed by practical results

show abstract

“…Probably the best-known tools were proposed by MITRE [92], such as CyGraph [73]. Applied research and experimental deployment are becoming subject of research by other research groups as well [48,54,56,78,80].…”

Section: Publications On Csamentioning

confidence: 99%

“…Network security situation forecasting [63] covers various approaches to forecast holistic cybersecurity situation, such as an increase or decrease in the number of expected attacks. The last two categories often rely on time series analysis and other statistical inferences but may also involve predictions based on unconventional sources, such as recent news or sentiment on social media [80].…”

Section: Taxonomy and Components Of Csamentioning

confidence: 99%

SoK

Husák

Jirsík

Yang

2020

Proceedings of the 15th International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

Cyber situational awareness is an essential part of cyber defense that allows the cybersecurity operators to cope with the complexity of today's networks and threat landscape. Perceiving and comprehending the situation allow the operator to project upcoming events and make strategic decisions. In this paper, we recapitulate the fundamentals of cyber situational awareness and highlight its unique characteristics in comparison to generic situational awareness known from other fields. Subsequently, we provide an overview of existing research and trends in publishing on the topic, introduce front research groups, and highlight the impact of cyber situational awareness research. Further, we propose an updated taxonomy and enumeration of the components used for achieving cyber situational awareness. The updated taxonomy conforms to the widely-accepted three-level definition of cyber situational awareness and newly includes the projection level. Finally, we identify and discuss contemporary research and operational challenges, such as the need to cope with rising volume, velocity, and variety of cybersecurity data and the need to provide cybersecurity operators with the right data at the right time and increase their value through visualization. CCS CONCEPTS • Security and privacy → Formal security models; • Networks → Network security.

show abstract

CAPTURE: Cyberattack Forecasting Using Non-Stationary Features with Time Lags

Cited by 8 publications

References 22 publications

Decision Support System on Optimization of Information Protection Tools Placement

Decision Support System on Optimization of Information Protection Tools Placement

Efficiency of the Indicators Investment Calculation Method in the Information Security System of Information Objects

SoK

Contact Info

Product

Resources

About