| Title | Dynamic information-theoretic measures for security informatics |
| Publication Type | Conference Paper |
| Year of Publication | 2013 |
| Authors | Colbaugh, R., Glass, K., Bauer, T. |
| Conference Name | 2013 IEEE International Conference on Intelligence and Security Informatics |
| Date Published | jun |
| Keywords | activity trace, behavior prediction, cryptography, cyber security, dynamic information-theoretic measure, dynamical process analysis, Human Behavior, Informatics, information theoretic security, Information theory, innocent computer network activity, instruction sequence, invasive software, legitimate software, malicious computer network activity, Malware, Markov processes, Metrics, natural language processing, policy-based governance, predictive analytics, pubcrawl, Resiliency, Scalability, security application, security domain, security informatics, social network, social network dynamics, Social network services, social networking (online), static analysis, stochastic dynamical system, Vehicle dynamics |
| Abstract | Many important security informatics problems require consideration of dynamical phenomena for their solution; examples include predicting the behavior of individuals in social networks and distinguishing malicious and innocent computer network activities based on activity traces. While information theory offers powerful tools for analyzing dynamical processes, to date the application of information-theoretic methods in security domains has focused on static analyses (e.g., cryptography, natural language processing). This paper leverages information-theoretic concepts and measures to quantify the similarity of pairs of stochastic dynamical systems, and shows that this capability can be used to solve important problems which arise in security applications. We begin by presenting a concise review of the information theory required for our development, and then address two challenging tasks: 1.) characterizing the way influence propagates through social networks, and 2.) distinguishing malware from legitimate software based on the instruction sequences of the disassembled programs. In each application, case studies involving real-world datasets demonstrate that the proposed techniques outperform standard methods. |
| DOI | 10.1109/ISI.2013.6578784 |
| Citation Key | colbaugh_dynamic_2013 |
Dynamic information-theoretic measures for security informatics