Biblio

The emergence of novel technologies and high speed networks has enabled a continually generation of huge volumes of data that should be stored and processed. These big data have allowed the emergence of new forms of complex attacks whose resolution represents a big challenge. Different methods and tools are developed to deal with this issue but definite detection is still needed since various features are not considered and tracing back an attack remains a timely activity. In this context, we propose an investigation framework that allows the reconstruction of complex attack scenarios based on huge volume of data. This framework used a temporal conceptual graph to represent the big data and the dependency between them in addition to the tracing back of the whole attack scenario. The selection of the most probable attack scenario is assisted by a developed decision model based on hybrid neural network that enables the real time classification of the possible attack scenarios using RBF networks and the convergence to the most potential attack scenario within the support of an Elman network. The efficiency of the proposed framework has been illustrated for the global attack reconstruction process targeting a smart city where a set of available services are involved.

5G mobile networks promise universal communication environment and aims at providing higher bandwidth, increased communication and networking capabilities, and extensive signal coverage by using multiple communication technologies including Device-to-Device (D-to-D). This paradigm, will allow scalable and ubiquitous connectivity for large-scale mobile networks where a huge number of heterogeneous devices with limited resources will cooperate to enhance communication efficiency in terms of link reliability, spectral efficiency, system capacity, and transmission range. However, owing to its decentralized nature, cooperative D-to-D communication could be vulnerable to attacks initiated on relay nodes. Consequently, a source node has the interest to select the more protected relay to ensure the security of its traffic. Nevertheless, an improvement in the protection level has a counterpart cost that must be sustained by the device. To address this trade-off as well as the interaction between the attacker and the source device, we propose a dynamic game theoretic based approach to model and analyze this problem as a cost model. The utility function of the proposed non-cooperative game is based on the concepts of return on protection and return on attack which illustrate the gain of selecting a relay for transmitting a data packet by a source node and the reward of the attacker to perform an attack to compromise the transmitted data. Moreover, we discuss and analyze Nash equilibrium convergence of this attack-defense model and we propose an heuristic algorithm that can determine the equilibrium state in a limited number of running stages. Finally, we perform simulation work to show the effectiveness of the game model in assessing the behavior of the source node and the attacker and its ability to reach equilibrium within a finite number of steps.

One of the most critical challenges facing cyber defense nowadays is the complexity of recent released cyber-attacks, which are capable of disrupting critical industries and jeopardizing national economy. In this context, moving beyond common security approaches to make it possible to neutralize and react to security attacks at their early stages, becomes a requisite. We develop in this paper a formal model for the proactive assessment of security damages. We define a network of observer agents capable of observing incomplete information about attacks and affected cyber systems, and generating security observations useful for the identification of ongoing attack scenarios and their evolution in the future. A set of analytics are developed for the generation and management of scenario contexts as a set of measures useful for the proactive assessment of damages in the future, and the launching of countermeasures. A case study is provided to exemplify the proposal.

The infrastructures of Supervisory Control and Data Acquisition (SCADA) systems have evolved through time in order to provide more efficient supervision services. Despite the changes made on SCADA architectures, several enhancements are still required to address the need for: a) large scale supervision using a high number of sensors, b) reduction of the reaction time when a malicious activity is detected; and c) the assurance of a high interoperability between SCADA systems in order to prevent the propagation of incidents. In this context, we propose a novel sensor cloud based SCADA infrastructure to monitor large scale and inter-dependant critical infrastructures, making an effective use of sensor clouds to increase the supervision coverage and the processing time. It ensures also the interoperability between interdependent SCADAs by offering a set of services to SCADA, which are created through the use of templates and are associated to set of virtual sensors. A simulation is conducted to demonstrate the effectiveness of the proposed architecture.

Securing cyber system is a major concern as security attacks become more and more sophisticated. We develop in this paper a novel graph-based Active Cyber Defense (ACD) model to proactively respond to cyber attacks. The proposed model is based on the use of a semantically rich graph to describe cyber systems, types of used interconnection between them, and security related data useful to develop active defense strategies. The developed model takes into consideration the probabilistic nature of cyber attacks, and their degree of complexity. In this context, analytics are provided to proactively test the impact of vulnerabilities/threats increase on the system, analyze the consequent behavior of cyber systems and security solution, and decide about the security state of the whole cyber system. Our model integrates in the same framework decisions made by cyber defenders based on their expertise and knowledge, and decisions that are automatically generated using security analytic rules.