Visible to the public Uncertainty in Security Analysis - July 2018Conflict Detection Enabled

Submitted by David Nicol on Sun, 03/11/2018 - 2:38pm

PI(s), Co-PI(s), Researchers: David M. Nicol and Hoang Hai Ngyuen

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

This research intersects the predictive security metric problem since we are attempting to predict uncertainty associated with a system model. It also intersects with resilience as a system's resilience will be established by analysis of some model and decisions (e.g., how significant breach may be, whether to interdict and where, where to focus recovery activity) will be made as a result. Those decisions will be better informed when some notion of uncertainty is built into the model predictions, or accompanies those model predictions.

PUBLICATIONS
Papers written as a result of your research from the current quarter only.

No publications this quarter.

KEY HIGHLIGHTS
Each effort should submit one or two specific highlights. Each item should include a paragraph or two along with a citation if available. Write as if for the general reader of IEEE S&P.
The purpose of the highlights is to give our immediate sponsors a body of evidence that the funding they are providing (in the framework of the SoS lablet model) is delivering results that "more than justify" the investment they are making.

Our research focuses on understanding the network security risk and the uncertainty associated with the estimate when security-related properties of the network components are not exactly known. In previous study, we used Boolean random variables to model the existence of a link between two immediate hosts in the network, which indicates the possibility of a lateral movement [1]. Our current investigation generalized this model by modeling the uncertainty in the link existence using beta distribution, a more versatile class of distributions that takes one of many different shapes depending on its two parameters.

Computing the existence of a pathway between two specifically chosen hosts (i.e. reachability analysis) in the generalized model reduces to identifying the reachability distribution, in the form of a multivariate reliability polynomial of beta distributed random variables. This is a hard problem. However, our initial results highly suggest that in many cases, the reachability distribution can be well-approximated by another beta distribution. This observation aligns with several results from previous studies [2] [3] regarding approximating functions of beta distributed random variables. Our finding however applies to a much more general setup. The implication of this result is that under conditions in which the approximation is sufficiently good, reachability analysis on the generalized model can be significantly simplified.

[1] HH Nguyen, K Palani, DM Nicol. An approach to incorporating uncertainty in network security analysis. Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp (2017).

[2] Da-Yin Fan. The distribution of the product of independent beta variables. Communications in Statistics - Theory and Methods (1991).

[3] Nadarajah, Saralees, and Kotz, Samuel. Exact and approximate distributions for the product of Dirichlet components. Kybernetika 40.6 (2004).

COMMUNITY ENGAGEMENTS

No community engagements this quarter.

EDUCATIONAL ADVANCES:

No educational advances this quarter.

Groups: