Uncertainty in Security Analysis - April 2021
PI: David M. Nicol
Researcher: Hoang Hai Ngyuen
HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.
This research intersects the predictive security metric problem since we are attempting to predict uncertainty associated with a system model. It also intersects with resilience as a system's resilience will be established by analysis of some model and decisions (e.g., how significant breach may be, whether to interdict and where, where to focus recovery activity) will be made as a result. Those decisions will be better informed when some notion of uncertainty is built into the model predictions, or accompanies those model predictions.
PUBLICATIONS
Papers written as a result of your research from the current quarter only.
Hoang Hai Nguyen, David M. Nicol, "Estimating Loss Due to Cyber-attack in the Presence of Uncertainty", 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2020)
Abstract: Cyber-security risk assessment includes estimation of losses possible to a system due to cyber-attacks. As there are uncertain elements to this and as we model uncertainty using probability, we seek to estimate the attack loss distribution. In particular, the tail of the distribution represents the low-probability but high-impact events. However, quantifying those events using standard Monte Carlo techniques is inefficient due to the low probability. This paper proposes a novel cyber-security risk assessment approach based on uncertain graphs, with an emphasis on modeling losses due to cyber-attacks. Under rare event realizations where the attack loss is greater than a selected threshold, we (i) derive the analytically optimal importance sampling scheme for the loss tail probability and (ii) propose an approximation to the optimal importance sampling scheme which has the assurance of bounded relative error. While the approximation scheme requires solving an NP-hard problem, we use a search procedure that becomes more efficient as the attack loss threshold increases. A case study on a medium-sized network demonstrates the use and performance of our approach.
KEY HIGHLIGHTS
Each effort should submit one or two specific highlights. Each item should include a paragraph or two along with a citation if available. Write as if for the general reader of IEEE S&P.
The purpose of the highlights is to give our immediate sponsors a body of evidence that the funding they are providing (in the framework of the SoS lablet model) is delivering results that "more than justify" the investment they are making.
Our research focuses on understanding the network security risk and the uncertainty associated with the estimate when security properties of the network components are not exactly known. In previous study, we used Bernoulli random variables to model the existence of a link between two immediate hosts in the network, which indicates the possibility of a lateral movement [1]. Our current investigation generalized this model by modeling the uncertainty in the link existence using Beta distribution, a more versatile class of distributions that takes one of many different shapes depending on its two parameters.
Computing the existence of a pathway between two specifically chosen hosts (i.e. reachability analysis) in the generalized model reduces to identifying the reachability distribution, in the form of a multivariate reliability polynomial of Betas. This is a hard problem. However, our initial results highly suggest that in many cases, the reliability distribution can be well-approximated by another beta distribution. This observation aligns with several results from previous studies [2] [3] regarding approximating Betas. Our finding however applies to a much more general setup. The implication of this result is that under conditions in which the approximation is sufficiently good, the computational cost of reachability analysis can be significantly reduced.
COMMUNITY ENGAGEMENTS
No community engagements this quarter.
EDUCATIONAL ADVANCES:
No educational advances this quarter.