Visible to the public Biblio

Found 346 results

Filters: Keyword is Mathematical model  [Clear All Filters]
2020-10-12
Kannan, Uma, Swamidurai, Rajendran.  2019.  Empirical Validation of System Dynamics Cyber Security Models. 2019 SoutheastCon. :1–6.

Model validation, though a process that's continuous and complex, establishes confidence in the soundness and usefulness of a model. Making sure that the model behaves similar to the modes of behavior seen in real systems, allows the builder of said model to assure accumulation of confidence in the model and thus validating the model. While doing this, the model builder is also required to build confidence from a target audience in the model through communicating to the bases. The basis of the system dynamics model validation, both in general and in the field of cyber security, relies on a casual loop diagram of the system being agreed upon by a group of experts. Model validation also uses formal quantitative and informal qualitative tools in addition to the validation techniques used by system dynamics. Amongst others, the usefulness of a model, in a user's eyes, is a valid standard by which we can evaluate them. To validate our system dynamics cyber security model, we used empirical structural and behavior tests. This paper describes tests of model structure and model behavior, which includes each test's purpose, the ways the tests were conducted, and empirical validation results using a proof-of-concept cyber security model.

2020-10-05
Chakraborty, Anit, Dutta, Sayandip, Bhattacharyya, Siddhartha, Platos, Jan, Snasel, Vaclav.  2018.  Reinforcement Learning inspired Deep Learned Compositional Model for Decision Making in Tracking. 2018 Fourth International Conference on Research in Computational Intelligence and Communication Networks (ICRCICN). :158—163.

We formulate a tracker which performs incessant decision making in order to track objects where the objects may undergo different challenges such as partial occlusions, moving camera, cluttered background etc. In the process, the agent must make a decision on whether to keep track of the object when it is occluded or has moved out of the frame temporarily based on its prediction from the previous location or to reinitialize the tracker based on the belief that the target has been lost. Instead of the heuristic methods we depend on reward and penalty based training that helps the agent reach an optimal solution via this partially observable Markov decision making (POMDP). Furthermore, we employ deeply learned compositional model to estimate human pose in order to better handle occlusion without needing human inputs. By learning compositionality of human bodies via deep neural network the agent can make better decision on presence of human in a frame or lack thereof under occlusion. We adapt skeleton based part representation and do away with the large spatial state requirement. This especially helps in cases where orientation of the target in focus is unorthodox. Finally we demonstrate that the deep reinforcement learning based training coupled with pose estimation capabilities allows us to train and tag multiple large video datasets much quicker than previous works.

Kanellopoulos, Aris, Vamvoudakis, Kyriakos G., Gupta, Vijay.  2019.  Decentralized Verification for Dissipativity of Cascade Interconnected Systems. 2019 IEEE 58th Conference on Decision and Control (CDC). :3629—3634.

In this paper, we consider the problem of decentralized verification for large-scale cascade interconnections of linear subsystems such that dissipativity properties of the overall system are guaranteed with minimum knowledge of the dynamics. In order to achieve compositionality, we distribute the verification process among the individual subsystems, which utilize limited information received locally from their immediate neighbors. Furthermore, to obviate the need for full knowledge of the subsystem parameters, each decentralized verification rule employs a model-free learning structure; a reinforcement learning algorithm that allows for online evaluation of the appropriate storage function that can be used to verify dissipativity of the system up to that point. Finally, we show how the interconnection can be extended by adding learning-enabled subsystems while ensuring dissipativity.

Rakotonirina, Itsaka, Köpf, Boris.  2019.  On Aggregation of Information in Timing Attacks. 2019 IEEE European Symposium on Security and Privacy (EuroS P). :387—400.

A key question for characterising a system's vulnerability against timing attacks is whether or not it allows an adversary to aggregate information about a secret over multiple timing measurements. Existing approaches for reasoning about this aggregate information rely on strong assumptions about the capabilities of the adversary in terms of measurement and computation, which is why they fall short in modelling, explaining, or synthesising real-world attacks against cryptosystems such as RSA or AES. In this paper we present a novel model for reasoning about information aggregation in timing attacks. The model is based on a novel abstraction of timing measurements that better captures the capabilities of real-world adversaries, and a notion of compositionality of programs that explains attacks by divide-and-conquer. Our model thus lifts important limiting assumptions made in prior work and enables us to give the first uniform explanation of high-profile timing attacks in the language of information-flow analysis.

Murino, Giuseppina, Armando, Alessandro, Tacchella, Armando.  2019.  Resilience of Cyber-Physical Systems: an Experimental Appraisal of Quantitative Measures. 2019 11th International Conference on Cyber Conflict (CyCon). 900:1–19.
Cyber-Physical Systems (CPSs) interconnect the physical world with digital computers and networks in order to automate production and distribution processes. Nowadays, most CPSs do not work in isolation, but their digital part is connected to the Internet in order to enable remote monitoring, control and configuration. Such a connection may offer entry-points enabling attackers to gain control silently and exploit access to the physical world at the right time to cause service disruption and possibly damage to the surrounding environment. Prevention and monitoring measures can reduce the risk brought by cyber attacks, but the residual risk can still be unacceptably high in critical infrastructures or services. Resilience - i.e., the ability of a system to withstand adverse events while maintaining an acceptable functionality - is therefore a key property for such systems. In our research, we seek a model-free, quantitative, and general-purpose evaluation methodology to extract resilience indexes from, e.g., system logs and process data. While a number of resilience metrics have already been put forward, little experimental evidence is available when it comes to the cyber security of CPSs. By using the model of a real wastewater treatment plant, and simulating attacks that tamper with a critical feedback control loop, we provide a comparison between four resilience indexes selected through a thorough literature review involving over 40 papers. Our results show that the selected indexes differ in terms of behavior and sensitivity with respect to specific attacks, but they can all summarize and extract meaningful information from bulky system logs. Our evaluation includes an approach for extracting performance indicators from observed variables which does not require knowledge of system dynamics; and a discussion about combining resilience indexes into a single system-wide measure is included. 11The authors wish to thank Leonardo S.p.A. for its financial support. The research herein presented is partially supported by project NEFERIS awarded by the Italian Ministry of Defense to Leonardo S.p.A. in partnership with the University of Genoa. This work received funding from the European Union's Horizon 2020 research and innovation program under grant agreement No 830892 for project SPARTA.
2020-09-21
K.R., Raghunandan, Aithal, Ganesh, Shetty, Surendra.  2019.  Comparative Analysis of Encryption and Decryption Techniques Using Mersenne Prime Numbers and Phony Modulus to Avoid Factorization Attack of RSA. 2019 International Conference on Advanced Mechatronic Systems (ICAMechS). :152–157.
In this advanced era, it is important to keep up an abnormal state of security for online exchanges. Public Key cryptography assumes an indispensable job in the field of security. Rivest, Shamir and Adleman (RSA) algorithm is being utilized for quite a long time to give online security. RSA is considered as one of the famous Public Key cryptographic algorithm. Nevertheless, a few fruitful assaults are created to break this algorithm because of specific confinements accepted in its derivation. The algorithm's security is principally founded on the issue of factoring large number. If the process factorization is done then, at that point the entire algorithm can end up fragile. This paper presents a methodology which is more secure than RSA algorithm by doing some modifications in it. Public Key exponent n, which is termed as common modulus replaced by phony modulus to avoid the factorization attack and it is constructed by Mersenne prime numbers to provide more efficiency and security. Paper presents a comparative analysis of the proposed algorithm with the conventional RSA algorithm and Dual RSA.
Kovach, Nicholas S., Lamont, Gary B..  2019.  Trust and Deception in Hypergame Theory. 2019 IEEE National Aerospace and Electronics Conference (NAECON). :262–268.
Hypergame theory has been used to model advantages in decision making. This research provides a formal representation of deception to further extend the hypergame model. In order to extend the model, we propose a hypergame theoretic framework based on temporal logic to model decision making under the potential for trust and deception. Using the temporal hypergame model, the concept of trust is defined within the constraints of the model. With a formal definition of trust in hypergame theory, the concepts of distrust, mistrust, misperception, and deception are then constructed. These formal definitions are then applied to an Attacker-Defender hypergame to show how the deception within the game can be formally modeled; the model is presented. This demonstrates how hypergame theory can be used to model trust, mistrust, misperception, and deception using a formal model.
Razaque, Abdul, Almiani, Muder, khan, Meer Jaro, Magableh, Basel, Al-Dmour, Ayman, Al-Rahayfeh, Amer.  2019.  Fuzzy-GRA Trust Model for Cloud Risk Management. 2019 Sixth International Conference on Software Defined Systems (SDS). :179–185.
Cloud computing is not adequately secure due to the currently used traditional trust methods such as global trust model and local trust model. These are prone to security vulnerabilities. This paper introduces a trust model based on the fuzzy mathematics and gray relational theory. Fuzzy mathematics and gray relational analysis (Fuzzy-GRA) aims to improve the poor dynamic adaptability of cloud computing. Fuzzy-GRA platform is used to test and validate the behavior of the model. Furthermore, our proposed model is compared to other known models. Based on the experimental results, we prove that our model has the edge over other existing models.
2020-09-11
Shukla, Ankur, Katt, Basel, Nweke, Livinus Obiora.  2019.  Vulnerability Discovery Modelling With Vulnerability Severity. 2019 IEEE Conference on Information and Communication Technology. :1—6.
Web browsers are primary targets of attacks because of their extensive uses and the fact that they interact with sensitive data. Vulnerabilities present in a web browser can pose serious risk to millions of users. Thus, it is pertinent to address these vulnerabilities to provide adequate protection for personally identifiable information. Research done in the past has showed that few vulnerability discovery models (VDMs) highlight the characterization of vulnerability discovery process. In these models, severity which is one of the most crucial properties has not been considered. Vulnerabilities can be categorized into different levels based on their severity. The discovery process of each kind of vulnerabilities is different from the other. Hence, it is essential to incorporate the severity of the vulnerabilities during the modelling of the vulnerability discovery process. This paper proposes a model to assess the vulnerabilities present in the software quantitatively with consideration for the severity of the vulnerabilities. It is possible to apply the proposed model to approximate the number of vulnerabilities along with vulnerability discovery rate, future occurrence of vulnerabilities, risk analysis, etc. Vulnerability data obtained from one of the major web browsers (Google Chrome) is deployed to examine goodness-of-fit and predictive capability of the proposed model. Experimental results justify the fact that the model proposed herein can estimate the required information better than the existing VDMs.
Azakami, Tomoka, Shibata, Chihiro, Uda, Ryuya, Kinoshita, Toshiyuki.  2019.  Creation of Adversarial Examples with Keeping High Visual Performance. 2019 IEEE 2nd International Conference on Information and Computer Technologies (ICICT). :52—56.
The accuracy of the image classification by the convolutional neural network is exceeding the ability of human being and contributes to various fields. However, the improvement of the image recognition technology gives a great blow to security system with an image such as CAPTCHA. In particular, since the character string CAPTCHA has already added distortion and noise in order not to be read by the computer, it becomes a problem that the human readability is lowered. Adversarial examples is a technique to produce an image letting an image classification by the machine learning be wrong intentionally. The best feature of this technique is that when human beings compare the original image with the adversarial examples, they cannot understand the difference on appearance. However, Adversarial examples that is created with conventional FGSM cannot completely misclassify strong nonlinear networks like CNN. Osadchy et al. have researched to apply this adversarial examples to CAPTCHA and attempted to let CNN misclassify them. However, they could not let CNN misclassify character images. In this research, we propose a method to apply FGSM to the character string CAPTCHAs and to let CNN misclassified them.
2020-09-08
Chen, Yu-Cheng, Gieseking, Tim, Campbell, Dustin, Mooney, Vincent, Grijalva, Santiago.  2019.  A Hybrid Attack Model for Cyber-Physical Security Assessment in Electricity Grid. 2019 IEEE Texas Power and Energy Conference (TPEC). :1–6.
A detailed model of an attack on the power grid involves both a preparation stage as well as an execution stage of the attack. This paper introduces a novel Hybrid Attack Model (HAM) that combines Probabilistic Learning Attacker, Dynamic Defender (PLADD) model and a Markov Chain model to simulate the planning and execution stages of a bad data injection attack in power grid. We discuss the advantages and limitations of the prior work models and of our proposed Hybrid Attack Model and show that HAM is more effective compared to individual PLADD or Markov Chain models.
2020-09-04
Sadkhan, Sattar B., Reda, Dhilal M..  2018.  Best Strategies of Choosing Crypto-System’s Key for Cryptographer and Attacker Based on Game Theory. 2018 Al-Mansour International Conference on New Trends in Computing, Communication, and Information Technology (NTCCIT). :1—6.
One of the most important strength features of crypto-system's is the key space. As a result, whenever the system has more key space, it will be more resistant to attack. The weakest type of attack on the key space is Brute Force attack, which tests all the keys on the ciphertext in order to get the plaintext. But there are several strategies that can be considered by the attacker and cryptographer related to the selection of the right key with the lowest cost (time). Game theory is a mathematical theory that draws the best strategies for most problems. This research propose a new evaluation method which is employing game theory to draw best strategies for both players (cryptographer & attacker).
2020-08-24
Huang, Hao, Kazerooni, Maryam, Hossain-McKenzie, Shamina, Etigowni, Sriharsha, Zonouz, Saman, Davis, Katherine.  2019.  Fast Generation Redispatch Techniques for Automated Remedial Action Schemes. 2019 20th International Conference on Intelligent System Application to Power Systems (ISAP). :1–8.
To ensure power system operational security, it not only requires security incident detection, but also automated intrusion response and recovery mechanisms to tolerate failures and maintain the system's functionalities. In this paper, we present a design procedure for remedial action schemes (RAS) that improves the power systems resiliency against accidental failures or malicious endeavors such as cyber attacks. A resilience-oriented optimal power flow is proposed, which optimizes the system security instead of the generation cost. To improve its speed for online application, a fast greedy algorithm is presented to narrow the search space. The proposed techniques are computationally efficient and are suitable for online RAS applications in large-scale power systems. To demonstrate the effectiveness of the proposed methods, there are two case studies with IEEE 24-bus and IEEE 118-bus systems.
2020-08-10
Wasi, Sarwar, Shams, Sarmad, Nasim, Shahzad, Shafiq, Arham.  2019.  Intrusion Detection Using Deep Learning and Statistical Data Analysis. 2019 4th International Conference on Emerging Trends in Engineering, Sciences and Technology (ICEEST). :1–5.
Innovation and creativity have played an important role in the development of every field of life, relatively less but it has created several problems too. Intrusion detection is one of those problems which became difficult with the advancement in computer networks, multiple researchers with multiple techniques have come forward to solve this crucial issue, but network security is still a challenge. In our research, we have come across an idea to detect intrusion using a deep learning algorithm in combination with statistical data analysis of KDD cup 99 datasets. Firstly, we have applied statistical analysis on the given data set to generate a simplified form of data, so that a less complex binary classification model of artificial neural network could apply for data classification. Our system has decreased the complexity of the system and has improved the response time.
2020-08-07
Yan, Dingyu, Liu, Feng, Jia, Kun.  2019.  Modeling an Information-Based Advanced Persistent Threat Attack on the Internal Network. ICC 2019 - 2019 IEEE International Conference on Communications (ICC). :1—7.
An advanced persistent threat (APT) attack is a powerful cyber-weapon aimed at the specific targets in cyberspace. The sophisticated attack techniques, long dwell time and specific objectives make the traditional defense mechanism ineffective. However, most existing studies fail to consider the theoretical modeling of the whole APT attack. In this paper, we mainly establish a theoretical framework to characterize an information-based APT attack on the internal network. In particular, our mathematical framework includes the initial entry model for selecting the entry points and the targeted attack model for studying the intelligence gathering, strategy decision-making, weaponization and lateral movement. Through a series of simulations, we find the optimal candidate nodes in the initial entry model, observe the dynamic change of the targeted attack model and verify the characteristics of the APT attack.
Safar, Jamie L., Tummala, Murali, McEachen, John C., Bollmann, Chad.  2019.  Modeling Worm Propagation and Insider Threat in Air-Gapped Network using Modified SEIQV Model. 2019 13th International Conference on Signal Processing and Communication Systems (ICSPCS). :1—6.
Computer worms pose a major threat to computer and communication networks due to the rapid speed at which they propagate. Biologically based epidemic models have been widely used to analyze the propagation of worms in computer networks. For an air-gapped network with an insider threat, we propose a modified Susceptible-Exposed-Infected-Quarantined-Vaccinated (SEIQV) model called the Susceptible-Exposed-Infected-Quarantined-Patched (SEIQP) model. We describe the assumptions that apply to this model, define a set of differential equations that characterize the system dynamics, and solve for the basic reproduction number. We then simulate and analyze the parameters controlled by the insider threat to determine where resources should be allocated to attain different objectives and results.
Davenport, Amanda, Shetty, Sachin.  2019.  Modeling Threat of Leaking Private Keys from Air-Gapped Blockchain Wallets. 2019 IEEE International Smart Cities Conference (ISC2). :9—13.

In this paper we consider the threat surface and security of air gapped wallet schemes for permissioned blockchains as preparation for a Markov based mathematical model, and quantify the risk associated with private key leakage. We identify existing threats to the wallet scheme and existing work done to both attack and secure the scheme. We provide an overview the proposed model and outline justification for our methods. We follow with next steps in our remaining work and the overarching goals and motivation for our methods.

Davenport, Amanda, Shetty, Sachin.  2019.  Air Gapped Wallet Schemes and Private Key Leakage in Permissioned Blockchain Platforms. 2019 IEEE International Conference on Blockchain (Blockchain). :541—545.

In this paper we consider the threat surface and security of air gapped wallet schemes for permissioned blockchains as preparation for a Markov based mathematical model, and quantify the risk associated with private key leakage. We identify existing threats to the wallet scheme and existing work done to both attack and secure the scheme. We provide an overview the proposed model and outline justification for our methods. We follow with next steps in our remaining work and the overarching goals and motivation for our methods.

2020-08-03
Juuti, Mika, Szyller, Sebastian, Marchal, Samuel, Asokan, N..  2019.  PRADA: Protecting Against DNN Model Stealing Attacks. 2019 IEEE European Symposium on Security and Privacy (EuroS P). :512–527.
Machine learning (ML) applications are increasingly prevalent. Protecting the confidentiality of ML models becomes paramount for two reasons: (a) a model can be a business advantage to its owner, and (b) an adversary may use a stolen model to find transferable adversarial examples that can evade classification by the original model. Access to the model can be restricted to be only via well-defined prediction APIs. Nevertheless, prediction APIs still provide enough information to allow an adversary to mount model extraction attacks by sending repeated queries via the prediction API. In this paper, we describe new model extraction attacks using novel approaches for generating synthetic queries, and optimizing training hyperparameters. Our attacks outperform state-of-the-art model extraction in terms of transferability of both targeted and non-targeted adversarial examples (up to +29-44 percentage points, pp), and prediction accuracy (up to +46 pp) on two datasets. We provide take-aways on how to perform effective model extraction attacks. We then propose PRADA, the first step towards generic and effective detection of DNN model extraction attacks. It analyzes the distribution of consecutive API queries and raises an alarm when this distribution deviates from benign behavior. We show that PRADA can detect all prior model extraction attacks with no false positives.
Kobayashi, Hiroyuki.  2019.  CEPHEID: the infrastructure-less indoor localization using lighting fixtures' acoustic frequency fingerprints. IECON 2019 - 45th Annual Conference of the IEEE Industrial Electronics Society. 1:6842–6847.
This paper deals with a new indoor localization scheme called “CEPHEID” by using ceiling lighting fixtures. It is based on the fact that each lighting fixture has its own characteristic flickering pattern. Then, the author proposes a technique to identify individual light by using simple instruments and DNN classifier. Thanks to the less requirements for hardware, CEPHEID can be implemented by a few simple discrete electronic components and an ordinary smartphone. A prototype “CEPHEID dongle” is also introduced in this paper. Finally, the validity of the author's method is examined by indoor positioning experiments.
2020-07-30
Wang, Tianhao, Kerschbaum, Florian.  2019.  Attacks on Digital Watermarks for Deep Neural Networks. ICASSP 2019 - 2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). :2622—2626.
Training deep neural networks is a computationally expensive task. Furthermore, models are often derived from proprietary datasets that have been carefully prepared and labelled. Hence, creators of deep learning models want to protect their models against intellectual property theft. However, this is not always possible, since the model may, e.g., be embedded in a mobile app for fast response times. As a countermeasure watermarks for deep neural networks have been developed that embed secret information into the model. This information can later be retrieved by the creator to prove ownership. Uchida et al. proposed the first such watermarking method. The advantage of their scheme is that it does not compromise the accuracy of the model prediction. However, in this paper we show that their technique modifies the statistical distribution of the model. Using this modification we can not only detect the presence of a watermark, but even derive its embedding length and use this information to remove the watermark by overwriting it. We show analytically that our detection algorithm follows consequentially from their embedding algorithm and propose a possible countermeasure. Our findings shall help to refine the definition of undetectability of watermarks for deep neural networks.
2020-07-24
Luzhnov, Vasiliy S., Sokolov, Alexander N., Barinov, Andrey E..  2019.  Simulation of Protected Industrial Control Systems Based on Reference Security Model using Weighted Oriented Graphs. 2019 International Russian Automation Conference (RusAutoCon). :1—5.
With the increase in the number of cyber attacks on industrial control systems, especially in critical infrastructure facilities, the problem of comprehensive analysis of the security of such systems becomes urgent. This, in turn, requires the availability of fundamental mathematical, methodological and instrumental basis for modeling automated systems, modeling attacks on their information resources, which would allow realtime system protection analysis. The paper proposes a basis for simulating protected industrial control systems, based on the developed reference security model, and a model for attacks on information resources of automated systems. On the basis of these mathematical models, a complex model of a protected automated system was developed, which can be used to build protection systems for automated systems used in production.
CUI, A-jun, Fu, Jia-yu, Wang, Wei, Zhang, Hua-feng.  2019.  Construction of Network Active Security Threat Model Based on Offensive and Defensive Differential Game. 2019 12th International Conference on Intelligent Computation Technology and Automation (ICICTA). :289—294.
Aiming at the shortcomings of the traditional network active security threat model that cannot continuously control the threat process, a network active security threat model based on offensive and defensive differential game is constructed. The attack and defense differential game theory is used to define the parameters of the network active security threat model, on this basis, the network security target is determined, the network active security threat is identified by the attack defense differential equation, and finally the network active security threat is quantitatively evaluated, thus construction of network active security threat model based on offensive and defensive differential game is completed. The experimental results show that compared with the traditional network active security threat model, the proposed model is more feasible in the attack and defense control of the network active security threat process, and can achieve the ideal application effect.
Chernov, Denis, Sychugov, Alexey.  2019.  Development of a Mathematical Model of Threat to Information Security of Automated Process Control Systems. 2019 International Russian Automation Conference (RusAutoCon). :1—5.
The authors carry out the analysis of the process of modeling threats to information security of automated process control systems. Basic principles of security threats model formation are considered. The approach to protection of automated process control systems based on the Shtakelberg game in a strategic form was modeled. An abstract mathematical model of information security threats to automated process control systems was developed. A formalized representation of a threat model is described, taking into account an intruder's potential. Presentation of the process of applying the described threat model in the form of a continuous Deming-Shewhart cycle is proposed.
2020-07-16
Xiao, Jiaping, Jiang, Jianchun.  2018.  Real-time Security Evaluation for Unmanned Aircraft Systems under Data-driven Attacks*. 2018 13th World Congress on Intelligent Control and Automation (WCICA). :842—847.

With rapid advances in the fields of the Internet of Things and autonomous systems, the network security of cyber-physical systems(CPS) becomes more and more important. This paper focuses on the real-time security evaluation for unmanned aircraft systems which are cyber-physical systems relying on information communication and control system to achieve autonomous decision making. Our problem formulation is motivated by scenarios involving autonomous unmanned aerial vehicles(UAVs) working continuously under data-driven attacks when in an open, uncertain, and even hostile environment. Firstly, we investigated the state estimation method in CPS integrated with data-driven attacks model, and then proposed a real-time security scoring algorithm to evaluate the security condition of unmanned aircraft systems under different threat patterns, considering the vulnerability of the systems and consequences brought by data attacks. Our simulation in a UAV illustrated the efficiency and reliability of the algorithm.