**Cybersecurity
Dynamics: **

**A
Foundation for the Science of
Cyber Security**

Shouhuai
Xu

I
would like to briefly describe
the approach that I have been pursuing towards ultimately tackling the
holy-grail challenge the research community is confronted with: **Building a
Foundation for the Science of Cyber Security.** The importance
of this
problem was not widely recognized until the 2008 Science of Security Workshop.

The
approach is centered on the
novel concept of **Cybersecurity
Dynamics**, which essentially describes the
evolution of security state of a cyber system, which is often a very
large
system (of complex systems). As the term may tell itself, this concept
is
largely influenced by certain disciplines such as Dynamical System (a
field of
Applied Mathematics) and Statistical Physics. The evolution of security
state
is caused by the ** interaction** between
the cyber attackers/attacks and the cyber
defenders/defenses. While the modeling of Cybersecurity Dynamics is
centered on
security concepts and domain knowledge, analysis of the resulting
models often
turns out to be very difficult, due to several technical barriers that
I plan
to write about at a later time. Nevertheless, the

Figure
1.
My vision of Cybersecurity
Dynamics Foundation for the Science of Cyber Security, where the
(sub-)fields mentioned in each perspective are
by no means exclusive (explaining the "open-end" in each perspective).

While
I firmly believe **Cybersecurity
Dynamics** is the right abstraction that will lead to the
ultimately-wanted foundation (i.e., not only deepening our
understanding/knowledge, but also guiding the development of
tools/instruments
for real-life cyber operations risk-management and decision-making), it
is also
clear to me, as hinted above, that there are a range of challenging
theoretic
and practical (engineering) problems that must be adequately addressed
before
we achieve the ultimate goal or fulfill the ambitious vision. Moreover,
these
problems cannot be bypassed because they are inherent, and therefore
must be
confronted and tackled --- regardless of the specific technical
approach that
is undertaken. In order to ultimately tackle the holy-grail challenge,
there
are tons of opportunities for researchers crossing multiple
disciplines,
crossing multiple sub-disciplines within Computer Science, and crossing
the
already established various security sub-fields, to closely work
together. The
way ahead is exciting!!

(Update in May 2016) It has become clear that at a higher-level of abstraction (than Figure 1), Cybersecurity Dynamics offers the following X-Y-Z-t "coordinate system" for exploring cybersecurity, where the X-axis represents first-principle modeling (i.e., assumption-driven modeling), the Y-axis represents data analitics (i.e., data-driven analysis), the Z-axis represents security metrics, and t means that everything is dynamic. This is highlighted in Figure 2 below.

Figure 2. The X-Y-Z-t "coordinate system" for exploring cybersecurity.

**Manuscripts
in submission:**

- J.
Mireles, E. Ficke, J. Cho, P. Hurley, and S. Xu. Metrics Towards
Measuring Cyber Agility. In submission.

- P. Du, Z. Sun, H. Chen, J. Cho, and S. Xu. Statistical Estimation of Malware Detection Metrics in the Absence of Ground Truth. In submission.
- J. Cho, S. Xu, P. Hurley, M. Mackay, T. Benjamin, and M. Beaumont. STRAM: Measuring the Trustworthiness of Computer-based Systems. In submission.
- R. Zheng, W. Lu, and S. Xu. Using Event-Triggered Control to Estimate Cybersecurity Equilibria. In submission.

**Published/accepted
papers: **

- (new) C. Peng, M. Xu, S. Xu, and T. Hu. Modeling Multivariate Cybersecurity Risks. Journal of Applied Statistics, Accepted, 2018.
- (new) Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng, Yuyi Zhong. VulDeePecker: A Deep Learning-Based System for Vulnerability Detection. Network and Distributed System Security Symposium 2018 (NDSS'18)
- Note: The two databases we created in this paper, are publicly available at GitHub here.
- R. Zheng, W. Lu, and S. Xu. Preventive and Reactive Cyber Defense Dynamics Is Globally Stable. Accepted to IEEE Transactions on Network Science and Engineering.
- Note: This paper settles down an almost 10 years old open problem by proving that this particular kind of cybersecurity dynamics is globally stable in the entire parameter universe.
- A. Tyra, Jingtao Li, Y. Shang, S. Jiang, Y. Zhao, and S. Xu. Robustness of non-interdependent and interdependent networks against dependent and adaptive attacks. Physica A 482 (2017) 713-727.
- H. Chen, X. Zhao, F. Liu, S. Xu, and W. Lu. Optimizing inter-connections to maximize the spectral radius of interdependent networks. Physical Review E, Vol.95, No.3; DOI: 10.1103/PhysRevE.95.032308.
- M. Xu, L. Hua, and S. Xu. A Vine Copula Model for Predicting the Effectiveness of Cyber Defense Early-Warning. Technometrics, 2017. (Local copy)
- C. Peng, M. Xu, S. Xu, and T. Hu. Modeling and Predicting Extreme Cyber Attack Rates via Marked Point Processes. Journal of Applied Statistics, 2017. (Local copy)
- X. Hu, M. Xu, S. Xu, and P. Zhao. Multiple Cyber Attacks against a Target with Observation Errors and Dependent Outcomes: Characterization and Optimization, Reliability Engineering & System Safety, 2017.
- M. Pendleton, R. Garcia-Lebron, J. Cho, and S. Xu. A Survey on Systems Security Metrics, ACM Computing Survey, 2017.
- Note: The ontologies accommodating the metrics described in the paper are available at GitHub here. We hope this is a starting point of community effort that eventually will achieve the ultimate goal.
- An earlier draft without considering ontology: A Survey on Security Metrics.
- Z. Li, D. Zou, S. Xu, H. Jin, H. Qi, and J. Hu. VulPecker: An Automated Vulnerability Detection System Based on Code Similarity Analysis. ACSAC'2016.
- Note: The two databases we created in this paper, namely the Vulnerability Patch Database and the Vulnerability Code Instance Database, are publicly available at GitHub here. We hope the databases will evolve as more vulnerability information becomes available in the future, which would take a community effort.
- J. Mireles, J. Cho, and S. Xu. Extracting Attack Narratives from Traffic Datasets. The 1st International Conference on Cyber Conflict in the U.S. (CyCon U.S. '2016).
- J. Cho, P. Hurley, and S. Xu. Metrics and Measurement of Trustworthy Systems. Milcom'2016.
- G. Da, M. Xu and S. Xu. On the Quasi-Stationary Distribution of SIS Models. Probability in the Engineering and Informational Sciences, Volume 30, Issue 4, October 2016, pages 622-639.
- Z. Zhan, M. Xu, and S. Xu. Predicting Cyber Attack Rates with Extreme Values. IEEE Transactions on Information Forensics & Security, 10(8): 1666-1677 (2015).
- Y. Chen, Z. Huang, S. Xu and Y. Lai. Spatiotemporal patterns and predictability of cyberattacks. PLoS One 10(5): e0124472. doi:10.1371/journal.pone.0124472, 2015.
- R. Zheng, W. Lu, and S. Xu. Active Cyber Defense Dynamics Exhibiting Rich Phenomena. 2015 Symposium and Bootcamp on the Science of Security (HotSoS’15).
- Z. Zhan, M. Xu, and S. Xu. A Characterization of Cybersecurity Posture from Network Telescope Data. Proceedings of The 6th International Conference on Trustworthy Systems (InTrust'14).
- L. Xu, Z. Zhan, S. Xu, and K. Ye. An Evasion and Counter-Evasion Study in Malicious Websites Detection. IEEE 2014 Conference on Communications and Network Security (IEEE CNS’14).
- L. Xu. Characterizing and Detecting Malicious Websites. PhD Thesis (under my supervision), 2014.
- Z. Zhan. A Statistical Framework for Analyzing Cyber Threats. PhD Thesis (under my supervision), 2014.
- Y. Han, W. Lu and S. Xu. Characterizing the Power of Moving Target Defense via Cyber Epidemic Dynamics. 2014 Symposium and Bootcamp on the Science of Security (HotSoS’14). The slides are available here.
- G. Da, M. Xu and S. Xu. A New Approach to Modeling and Analyzing Security of Networked Systems. 2014 Symposium and Bootcamp on the Science of Security (HotSoS’14). The slides are available here.
- S. Xu. Cybersecurity Dynamics (poster). 2014 Symposium and Bootcamp on the Science of Security (HotSoS’14). The poster slide is available here.
- S. Xu. Emergent Behavior in Cybersecurity (poster). 2014 Symposium and Bootcamp on the Science of Security (HotSoS’14). The poster slide is available here.
- M.
Xu, G. Da, and S. Xu. Cyber
Epidemic Models with Dependencies. Internet Mathematics, 11:1,
62-92.
**This paper won Taylor & Francis Mathematics & Statistics Readers' Award 2015** - S. Xu, W. Lu, L. Xu, and Z. Zhan.
*Adaptive Epidemic Dynamics in Networks: Thresholds and Control*. ACM Transactions on Autonomous and Adaptive Systems (TAAS), 8(4), Article 19, 2014. - W. Lu,
S. Xu, and X. Yi.
*Optimizing Active Cyber Defense*. The 4^{th}Conference on Decision and Game Theory for Security (GameSec'13), pp 206-225. - S. Xu,
W. Lu, and H. Li,
*A**Stochastic Model of Active Cyber Defense Dynamics*. Internet Mathematics, 11:1, 23-71. - Z. Zhan, M. Xu, and S. Xu.
*Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study*. IEEE Transactions on Information Forensics & Security (IEEE TIFS), 8(11): 1775-1789, (2013). - M. Xu
and S. Xu.
*An Extended Stochastic Model for Quantitative Security Analysis of Networked Systems*. Internet Mathematics, 8(3): 288-320 (2012). - S. Xu,
W. Lu, and Z. Zhan.
*A Stochastic Model of Multi-Virus Dynamics*. IEEE Transactions on Dependable and Secure Computing (IEEE TDSC), 9(1): 30-45 (2012). - S. Xu,
W. Lu, and L. Xu.
*Push- and Pull-based Epidemic Spreading in Networks: Thresholds and Deeper Insights*. ACM Transactions on Autonomous and Adaptive Systems (TAAS), 7(3): Article 32 (2012). - X. Li, P. Parker,
and S. Xu.
*A Stochastic Model for Quantitative Security Analysis of Networked Systems*. IEEE Transactions on Dependable and Secure Computing (IEEE TDSC), 8(1): 28-43 (2011). - Y.
Shang, W. Luo, and S. Xu.
*L-hop percolation on networks with arbitrary degree distributions and its applications*. Physical Review E 84, 031113 (2011). - S. Xu. Towards a Theoretical Framework for Trustworthy Cyber Sensing. Proceedings of the 2010 SPIE Conference on SPIE Defense, Security, and Sensing (DSS'10).
- S. Xu.
Collaborative
Attack vs. Collaborative Defense. Invited Paper in the Proceedings
of The 4th International Conference on Collaborative Computing:
Networking, Applications and Worksharing (CollaborativeCom'08), Nov.
13-16, 2008.

**Keynote/Invited/Colloquium/Seminar
Talks:**

- Cybersecurity Dynamics: Recent Progresses. Huazhong University of Science and Technology, December 21, 2017.
- Cybersecurity Dynamics: Recent Progresses. Wuhan University, December 20, 2017.
- Cybersecurity
Dynamics: A Foundation for the Science of Cybersecurity. SouthWest
JiaoTong University, December 18, 2017.

- Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity. East China Normal University, December 13, 2017.
- PD & MTD Dynamics. ARO Invitational Workshop on Foundations and Challenges for Proactive and Dynamic Network Defense, Nov. 30-Dec. 1, 2017, Tampa, USA.
- Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity. The 1st International Symposium on Cybersecurity Dynamics, July 19-21, Chongqing University, China.
- Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity. School of Computer Science, HuaZhong University of Science and Technology, July 18, 2017.
- Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity. Hong Kong University of Science and Technology, July 13, 2017.
- Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity. Hong Kong PolyTech University, July 12, 2017.
- Three Case Studies of Metrics and Measurements in the STRAM Framework. ARL, December 13, 2016.
- New Progress in Cybersecurity Dynamics. Institute of Information Engineering, Chinese Academy of Sciences, July 22, 2016.
- New Progress in Cybersecurity Dynamics. School of Computer Science, Huazhong University of Science and Technology, July 19, 2016.
- Towards Eliminating the Threat of Drive-By Download Attacks. School of Mathematics, Fudan University, July 14, 2016.
- New Progress in Cybersecurity Dynamics. School of Mathematics, Fudan University, July 13, 2016.
- Cybersecurity Dynamics. Cyber Security Winter School, Deakin University, July 7-8, 2016.
- Cybersecurity Dynamics. Department of Statistics, University of Science and Technology of China, June 26, 2016.
- A Call for a Theory of Uncertainty in the Cyber Security Domain. Presented at the 2016 Workshop on Mathematical Reliability and Safety, Jiangsu Normal University, China, June 23-25, 2016.
- Cybersecurity Dynamics, Department of Computer Science, University of South Florida, April 7, 2016.
- Grey-Box Cybersecurity Data Analytics. USAF RATPAC Working Group, April 6, 2016.
- Complexity and Network Sciences Support for the Emerging Science of Cyber Security: Challenges and Exciting Research Opportunities. The Minisymposium on Complex Networked Systems: Modeling and Dynamics, the 8th International Congress on Industrial and Applied Mathematics (ICIAM'15), Beijing, China, August 10-14, 2015.
- Cybersecurity Dynamics. School of Computer Science, Fudan University, August 3, 2015.
- Cybersecurity Dynamics. Institute of Information Engineering, Chinese Academy of Sciences, July 21, 2015.
- Cybersecurity Dynamics. Department of Computer Science, Nanjing University, July 16, 2015.
- Cybersecurity Dynamics. Department of Computer Science, George Mason University, June 16, 2015.
- Cyber Defense C2
for Optimizing MTDs. AFRL, June 9, 2015.

- Towards Eliminating the Threat of Drive-By Download Attacks. Department of Mathematics, Illinois State University, April 20, 2015.
- Cybersecurity
Dynamics. Department of Mathematics and Computer Science, Clarkson
University, April 16, 2015.

- Cybersecurity Dynamics. School of Mathematics, Fudan University, Dec. 18, 2014.
- Cybersecurity Data Analytics. Institute of Information Engineering, Chinese Academy of Sciences, Dec. 16, 2014.
- Cybersecurity Dynamics. Institute of Systems Science, Academy of Mathematics and Systems Science, Chinese Academy of Sciences, Dec. 15, 2014.
- Cybersecurity
Data Analytics. School of Software, East China Normal University, Dec.
12, 2014.

- Cybersecurity Dynamics: with application to formulating cyber defense C2 framework. ARO workshop on "Cyber Security: From Tactics to Strategies and Back" held at University of North Carolina at Chapel Hill, Sept. 23, 2014.
- Cybersecurity Dynamics: a foundation to the science of cybersecurity. Keynote at CTCIS'14.
- Towards
Orchestrating Moving Target Defense with Quantified Mission Assurance,
AFRL, August 26, 2014.

- Cybersecurity Data Analytics. School of Mathematics, Jiangsu Normal University, July 28, 2014.
- Cybersecurity Data Analytics. School of Computer Science, Wuhan University, July 16, 2014.
- Cybersecurity Dynamics. School of Computer Science, Huazhong University of Science and Technology, July 15, 2014.
- Cybersecurity Dynamics. Department of Computer Science, University of North Carolina at Chapel Hill, April 10, 2014.
- Cybersecurity Dynamics. Invited Talk at Inscrypt'13, Nov. 27 - Nov. 30, 2013.
- Cybersecurity Dynamics. Department of Computer Science, University of California at Irvine, Nov. 1, 2013.
- Cybersecurity
Dynamics. Department of Electrical Engineering, Arizona State
University, Oct. 30, 2013.

- Cybersecurity Dynamics. Department of Computer Science, Texas State University, Oct. 4, 2013.
- Cybersecurity Dynamics. Department of Electrical Engineering and Computer Science, Syracuse University, Sept. 25, 2013.
- Cybersecurity Dynamics. Department of Computer Science, IUPUI, Oct. 12, 2012.
- Toward a Statistical Framework for Using Darkspace-Based Unsolicited Traffic to Infer Cyber Threats, The First International Workshop on Darkspace and Unsolicited Traffic Analysis (DUST'12), May 14-May 15, 2012.
- In Quest of a Foundation for Cyber Security. Department of Computer Science, Texas A&M University, Dec. 1, 2010.
- (How)
Can We Manage the Trustworthiness of Security Infrastructures and
Services
*, Keynote*address at The 3rd Asia-Pacific Trusted Infrastructure Technologies Conference (APTC 2008), Oct. 14-17, 2008.

**Acknowledgement.****
**I
thank
Dr. Moti Yung for mentoring me in the
wonderful field
of Cryptography --- the transformation from *the
art of cryptography* to *the science of
cryptography* has served as the biggest inspiration for this
endeavor ---
and for constantly encouraging me when this endeavor hits road
blockers. I
thank Dr. Ravi Sandhu for explaining me
his
model-architecture-mechanism way of thinking. My interactions with them
as well
as Dr. Elisa Bertino and Dr. Gene Tsudik
have, in one way or another, influenced my way of thinking. I have
benefited a lot from my interactions with Dr. Steven King, Dr.
Alexander Kott, Dr. John McLean, Dr. Sukarno Mertoguno, Dr. Tom
Moyer, Dr.
David Nicol, Dr. Mike Reiter, Dr. Ananthram Swami, and Dr. Cliff Wang.
Their insightful
questions/comments have directly deepened my understanding of the
problem, and have even led to some exciting future research
directions. I thank my
mathematician/physicist/statistician collaborators: Dr. Gaofeng
Da, Dr. Yujuan Han, Dr. Zi-Gang Huang, Dr.
Ying-Cheng Lai (as well we his students), Dr. Xiaohu
Li, Dr. Wenlian Lu (as well as his
students), Dr. Yilun
Shang, Dr. Jie Sun, and Dr. Maochao Xu.
My collaboration with
them has made me understand better the strengths and limitations of
several
Applied Mathematics techniques (broadly defined) in coping with the
problems
encountered in this endeavor. I thanks all of my co-authors for the
fruitful collaboration.

This
research endeavor has been
supported in part by ARO, ARL, AFOSR, and NSF.

Created:
9/2/2013; Last edited: 2/8/2018