Cybersecurity Dynamics:

A Foundation for the Science of Cyber Security

 

Shouhuai Xu

 

I would like to briefly describe the approach that I have been pursuing towards ultimately tackling the holy-grail challenge the research community is confronted with: Building a Foundation for the Science of Cyber Security. The importance of this problem was not widely recognized until the 2008 Science of Security Workshop.

 

The approach is centered on the novel concept of Cybersecurity Dynamics, which essentially describes the evolution of security state of a cyber system, which is often a very large system (of complex systems). As the term may tell itself, this concept is largely influenced by certain disciplines such as Dynamical System (a field of Applied Mathematics) and Statistical Physics. The evolution of security state is caused by the interaction between the cyber attackers/attacks and the cyber defenders/defenses. While the modeling of Cybersecurity Dynamics is centered on security concepts and domain knowledge, analysis of the resulting models often turns out to be very difficult, due to several technical barriers that I plan to write about at a later time. Nevertheless, the expressive power (if I may abuse the term here) of Cybersecurity Dynamics is amazing: We can build descriptive, prescriptive, predicative, and experimental models surrounding the same concept as well as some natural security metrics that can be derived thereof. It is both interesting and surprising (at least to me) that there are a rich set of mathematical techniques that can address some respective aspects of the problem. So far, I have worked with my mathematician collaborators on several relevant techniques: Stochastic Process, Dynamical System, Statistical Physics, Control Theory, Game Theory, Statistics, and Algebraic Graph Theory. I expect that other mathematical techniques are relevant as well. My vision of the Cybersecurity Dynamics Foundation for the Science of Cybersecurity is depicted in Figure 1.

 

Figure 1. My vision of Cybersecurity Dynamics Foundation for the Science of Cyber Security, where the (sub-)fields mentioned in each perspective are by no means exclusive (explaining the "open-end" in each perspective).

 

While I firmly believe Cybersecurity Dynamics is the right abstraction that will lead to the ultimately-wanted foundation (i.e., not only deepening our understanding/knowledge, but also guiding the development of tools/instruments for real-life cyber operations risk-management and decision-making), it is also clear to me, as hinted above, that there are a range of challenging theoretic and practical (engineering) problems that must be adequately addressed before we achieve the ultimate goal or fulfill the ambitious vision. Moreover, these problems cannot be bypassed because they are inherent, and therefore must be confronted and tackled --- regardless of the specific technical approach that is undertaken. In order to ultimately tackle the holy-grail challenge, there are tons of opportunities for researchers crossing multiple disciplines, crossing multiple sub-disciplines within Computer Science, and crossing the already established various security sub-fields, to closely work together. The way ahead is exciting!!

(Update in May 2016) It has become clear that at a higher-level of abstraction (than Figure 1), Cybersecurity Dynamics offers the following X-Y-Z-t "coordinate system" for exploring cybersecurity, where the X-axis represents first-principle modeling (i.e., assumption-driven modeling), the Y-axis represents data analitics (i.e., data-driven analysis), the Z-axis represents security metrics, and t means that everything is dynamic. This is highlighted in Figure 2 below.

Figure 2. The X-Y-Z-t "coordinate system" for exploring cybersecurity.

Manuscripts in submission: 

1. J. Mireles, E. Ficke, J. Cho, P. Hurley, and S. Xu. Metrics Towards Measuring Cyber Agility. In submission.
   
2. J. Cho, S. Xu, P. Hurley, M. Mackay, T. Benjamin, and M. Beaumont. STRAM: Measuring the Trustworthiness of Computer-based Systems. In submission.
3. R. Zheng, W. Lu, and S. Xu. Using Event-Triggered Control to Estimate Cybersecurity Equilibria. In submission. 

Published/accepted papers:

1. (new) E. Ficke, K. Schweitzer, R. Bateman, and S. Xu. Characterizing the Effectiveness of Network-based Intrusion Detection Systems, IEEE Milcom 2018, to appear.
2. (new) R. Garcia-Lebron, K. Schweitzer, R. Bateman, and S. Xu. A Framework for Characterizing the Evolution of Cyber Attacker-Victim Relation Graphs, IEEE Milcom 2018, to appear.
3. (new) J. Charlton, J. Cho, and S. Xu. Measuring Relative Accuracy of Malware Detectors in the Absence of Ground Truth, IEEE Milcom 2018, to appear.
4. (new) M. Xu, K. Schweitzer, R. Bateman, and S. Xu. Modeling and Predicting Cyber Hacking Breaches. IEEE Transactions on Information Forensics & Security, 13(11): 2856-2871 (2018).
5. (new) P. Du, Z. Sun, H. Chen, J. Cho, and S. Xu. Statistical Estimation of Malware Detection Metrics in the Absence of Ground Truth. IEEE Transactions on Information Forensics & Security, 13(12): 2965-2980 (2018).
6. (new) H. Chen, J. Cho, and S. Xu. Quantifying the Security Effectiveness of Firewalls and DMZs. 2018 Symposium and Bootcamp on the Science of Security (HotSoS’18), 2018.
7. (new) H. Chen, J. Cho, and S. Xu. Poster: Quantifying the security effectiveness of network diversity. 2018 Symposium and Bootcamp on the Science of Security (HotSoS’18), 2018.
8. (new) C. Peng, M. Xu, S. Xu, and T. Hu. Modeling Multivariate Cybersecurity Risks. Journal of Applied Statistics, Accepted, 2018. 
9. (new) Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng, Yuyi Zhong. VulDeePecker: A Deep Learning-Based System for Vulnerability Detection. Network and Distributed System Security Symposium 2018 (NDSS'18)
• Note: The two databases we created in this paper, are publicly available at GitHub here. 
10.  R. Zheng, W. Lu, and S. Xu. Preventive and Reactive Cyber Defense Dynamics Is Globally Stable. Accepted to IEEE Transactions on Network Science and Engineering. 
• Note: This paper settles down an almost 10 years old open problem by proving that this particular kind of cybersecurity dynamics is globally stable in the entire parameter universe.
11. A. Tyra, Jingtao Li, Y. Shang, S. Jiang, Y. Zhao, and S. Xu. Robustness of non-interdependent and interdependent networks against dependent and adaptive attacks. Physica A 482 (2017) 713-727.
12. H. Chen, X. Zhao, F. Liu, S. Xu, and W. Lu. Optimizing inter-connections to maximize the spectral radius of interdependent networks. Physical Review E, Vol.95, No.3; DOI: 10.1103/PhysRevE.95.032308.
13. M. Xu, L. Hua, and S. Xu. A Vine Copula Model for Predicting the Effectiveness of Cyber Defense Early-Warning. Technometrics, 2017. (Local copy)
14.  C. Peng, M. Xu, S. Xu, and T. Hu. Modeling and Predicting Extreme Cyber Attack Rates via Marked Point Processes. Journal of Applied Statistics, 2017. (Local copy)
15. X. Hu, M. Xu, S. Xu, and P. Zhao. Multiple Cyber Attacks against a Target with Observation Errors and Dependent Outcomes: Characterization and Optimization, Reliability Engineering & System Safety, 2017.
16.  M. Pendleton, R. Garcia-Lebron, J. Cho, and S. Xu. A Survey on Systems Security Metrics, ACM Computing Survey, 2017. 
• Note: The ontologies accommodating the metrics described in the paper are available at GitHub here. We hope this is a starting point of community effort that eventually will achieve the ultimate goal.
• An earlier draft without considering ontology: A Survey on Security Metrics. 
17.  Z. Li, D. Zou, S. Xu, H. Jin, H. Qi, and J. Hu. VulPecker: An Automated Vulnerability Detection System Based on Code Similarity Analysis. ACSAC'2016.
• Note: The two databases we created in this paper, namely the Vulnerability Patch Database and the Vulnerability Code Instance Database, are publicly available at GitHub here. We hope the databases will evolve as more vulnerability information becomes available in the future, which would take a community effort.
18. J. Mireles, J. Cho, and S. Xu. Extracting Attack Narratives from Traffic Datasets. The 1st International Conference on Cyber Conflict in the U.S. (CyCon U.S. '2016).
19. J. Cho, P. Hurley, and S. Xu. Metrics and Measurement of Trustworthy Systems. Milcom'2016.
20. G. Da, M. Xu and S. Xu. On the Quasi-Stationary Distribution of SIS Models. Probability in the Engineering and Informational Sciences, Volume 30, Issue 4, October 2016, pages 622-639.
21. Z. Zhan, M. Xu, and S. Xu. Predicting Cyber Attack Rates with Extreme Values. IEEE Transactions on Information Forensics & Security, 10(8): 1666-1677 (2015).
22. Y. Chen, Z. Huang, S. Xu and Y. Lai. Spatiotemporal patterns and predictability of cyberattacks. PLoS One 10(5): e0124472. doi:10.1371/journal.pone.0124472, 2015.
23. R. Zheng, W. Lu, and S. Xu. Active Cyber Defense Dynamics Exhibiting Rich Phenomena. 2015 Symposium and Bootcamp on the Science of Security (HotSoS’15).
24. Z. Zhan, M. Xu, and S. Xu. A Characterization of Cybersecurity Posture from Network Telescope Data. Proceedings of The 6th International Conference on Trustworthy Systems (InTrust'14).
25. L. Xu, Z. Zhan, S. Xu, and K. Ye. An Evasion and Counter-Evasion Study in Malicious Websites Detection. IEEE 2014 Conference on Communications and Network Security (IEEE CNS’14).
26. L. Xu. Characterizing and Detecting Malicious Websites. PhD Thesis (under my supervision), 2014.
27. Z. Zhan. A Statistical Framework for Analyzing Cyber Threats. PhD Thesis (under my supervision), 2014. 
28. Y. Han, W. Lu and S. Xu. Characterizing the Power of Moving Target Defense via Cyber Epidemic Dynamics. 2014 Symposium and Bootcamp on the Science of Security (HotSoS’14). The slides are available here.
29. G. Da, M. Xu and S. Xu. A New Approach to Modeling and Analyzing Security of Networked Systems. 2014 Symposium and Bootcamp on the Science of Security (HotSoS’14). The slides are available here.
30. S. Xu. Cybersecurity Dynamics (poster). 2014 Symposium and Bootcamp on the Science of Security (HotSoS’14). The poster slide is available here.
31. S. Xu. Emergent Behavior in Cybersecurity (poster). 2014 Symposium and Bootcamp on the Science of Security (HotSoS’14). The poster slide is available here.
32. M. Xu, G. Da, and S. Xu. Cyber Epidemic Models with Dependencies. Internet Mathematics, 11:1, 62-92. This paper won Taylor & Francis Mathematics & Statistics Readers' Award 2015
33. S. Xu, W. Lu, L. Xu, and Z. Zhan. Adaptive Epidemic Dynamics in Networks: Thresholds and Control. ACM Transactions on Autonomous and Adaptive Systems (TAAS), 8(4), Article 19, 2014.
34. W. Lu, S. Xu, and X. Yi. Optimizing Active Cyber Defense. The 4^th Conference on Decision and Game Theory for Security (GameSec'13), pp 206-225. 
35. S. Xu, W. Lu, and H. Li, A Stochastic Model of Active Cyber Defense Dynamics. Internet Mathematics, 11:1, 23-71.
36.  Z. Zhan, M. Xu, and S. Xu. Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study. IEEE Transactions on Information Forensics & Security (IEEE TIFS), 8(11): 1775-1789, (2013).
37.  M. Xu and S. Xu. An Extended Stochastic Model for Quantitative Security Analysis of Networked Systems. Internet Mathematics, 8(3): 288-320 (2012).
38.  S. Xu, W. Lu, and Z. Zhan. A Stochastic Model of Multi-Virus Dynamics. IEEE Transactions on Dependable and Secure Computing (IEEE TDSC), 9(1): 30-45 (2012).
39.  S. Xu, W. Lu, and L. Xu. Push- and Pull-based Epidemic Spreading in Networks: Thresholds and Deeper Insights. ACM Transactions on Autonomous and Adaptive Systems (TAAS), 7(3): Article 32 (2012).
40.  X. Li, P. Parker, and S. Xu. A Stochastic Model for Quantitative Security Analysis of Networked Systems. IEEE Transactions on Dependable and Secure Computing (IEEE TDSC), 8(1): 28-43 (2011).
41. Y. Shang, W. Luo, and S. Xu. L-hop percolation on networks with arbitrary degree distributions and its applications. Physical Review E 84, 031113 (2011). 
42. S. Xu. Towards a Theoretical Framework for Trustworthy Cyber Sensing. Proceedings of the 2010 SPIE Conference on SPIE Defense, Security, and Sensing (DSS'10).
43. S. Xu. Collaborative Attack vs. Collaborative Defense. Invited Paper in the Proceedings of The 4th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborativeCom'08), Nov. 13-16, 2008.
    

Keynote/Invited/Colloquium/Seminar Talks:

1. Cybersecurity-Oriented Statistics: Problems, Some Results, and Research Directions. School of Mathematics and Statistics, Jiangsu Normal University, July 15, 2018.
2. Cybersecurity-Oriented Statistics: Problems, Some Results, and Research Directions. School of Statistics and Data Science, July 12, 2018.
3. Cybersecurity Dynamics: New Progresses. Nanjing University of Posts and Telecommunications, July 11, 2018.
4. Cybersecurity Dynamics: New Progresses. Chongqing University, July 9, 2018.
5. Cybersecurity Dynamics: New Progresses. Wuhan University, July 5, 2018.
6. Cybersecurity Dynamics: New Progresses. Huazhong University of Science and Technology, July 4, 2018.
7. Cybersecurity Dynamics: New Progresses. Fudan University, June 29, 2018.
8. Cybersecurity Dynamics: New Progresses. East China Normal University, June 28, 2018.
9. Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity. North Carolina State University, April 10, 2018.
10. Cybersecurity Dynamics: Recent Progresses. Huazhong University of Science and Technology, December 21, 2017.
11. Cybersecurity Dynamics: Recent Progresses. Wuhan University, December 20, 2017.
12. Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity. SouthWest JiaoTong University, December 18, 2017.
    
13. Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity. East China Normal University, December 13, 2017.
14. PD & MTD Dynamics. ARO Invitational Workshop on Foundations and Challenges for Proactive and Dynamic Network Defense, Nov. 30-Dec. 1, 2017, Tampa, USA.
15. Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity. The 1st International Symposium on Cybersecurity Dynamics, July 19-21, Chongqing University, China.
16. Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity. School of Computer Science, HuaZhong University of Science and Technology, July 18, 2017.
17. Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity. Hong Kong University of Science and Technology, July 13, 2017.
18. Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity. Hong Kong PolyTech University, July 12, 2017.
19. Three Case Studies of Metrics and Measurements in the STRAM Framework. ARL, December 13, 2016.
20. New Progress in Cybersecurity Dynamics. Institute of Information Engineering, Chinese Academy of Sciences, July 22, 2016.
21. New Progress in Cybersecurity Dynamics. School of Computer Science, Huazhong University of Science and Technology, July 19, 2016.
22. Towards Eliminating the Threat of Drive-By Download Attacks. School of Mathematics, Fudan University, July 14, 2016.
23. New Progress in Cybersecurity Dynamics. School of Mathematics, Fudan University, July 13, 2016.
24. Cybersecurity Dynamics. Cyber Security Winter School, Deakin University, July 7-8, 2016.
25. Cybersecurity Dynamics. Department of Statistics, University of Science and Technology of China, June 26, 2016.
26. A Call for a Theory of Uncertainty in the Cyber Security Domain. Presented at the 2016 Workshop on Mathematical Reliability and Safety, Jiangsu Normal University, China, June 23-25, 2016.
27. Cybersecurity Dynamics, Department of Computer Science, University of South Florida, April 7, 2016.
28. Grey-Box Cybersecurity Data Analytics. USAF RATPAC Working Group, April 6, 2016.
29. Complexity and Network Sciences Support for the Emerging Science of Cyber Security: Challenges and Exciting Research Opportunities. The Minisymposium on Complex Networked Systems: Modeling and Dynamics, the 8th International Congress on Industrial and Applied Mathematics (ICIAM'15), Beijing, China, August 10-14, 2015.
30. Cybersecurity Dynamics. School of Computer Science, Fudan University, August 3, 2015.
31. Cybersecurity Dynamics. Institute of Information Engineering, Chinese Academy of Sciences, July 21, 2015.
32. Cybersecurity Dynamics. Department of Computer Science, Nanjing University, July 16, 2015.
33. Cybersecurity Dynamics. Department of Computer Science, George Mason University, June 16, 2015. 
34. Cyber Defense C2 for Optimizing MTDs. AFRL, June 9, 2015.
    
35. Towards Eliminating the Threat of Drive-By Download Attacks. Department of Mathematics, Illinois State University, April 20, 2015.
36. Cybersecurity Dynamics. Department of Mathematics and Computer Science, Clarkson University, April 16, 2015.
    
37. Cybersecurity Dynamics. School of Mathematics, Fudan University, Dec. 18, 2014.
38. Cybersecurity Data Analytics. Institute of Information Engineering, Chinese Academy of Sciences, Dec. 16, 2014.
39. Cybersecurity Dynamics. Institute of Systems Science, Academy of Mathematics and Systems Science, Chinese Academy of Sciences, Dec. 15, 2014.
40. Cybersecurity Data Analytics. School of Software, East China Normal University, Dec. 12, 2014.
    
41. Cybersecurity Dynamics: with application to formulating cyber defense C2 framework. ARO workshop on "Cyber Security: From Tactics to Strategies and Back" held at University of North Carolina at Chapel Hill, Sept. 23, 2014.
42. Cybersecurity Dynamics: a foundation to the science of cybersecurity. Keynote at CTCIS'14. 
43. Towards Orchestrating Moving Target Defense with Quantified Mission Assurance, AFRL, August 26, 2014.
    
44. Cybersecurity Data Analytics. School of Mathematics, Jiangsu Normal University, July 28, 2014.
45. Cybersecurity Data Analytics. School of Computer Science, Wuhan University, July 16, 2014.
46. Cybersecurity Dynamics. School of Computer Science, Huazhong University of Science and Technology, July 15, 2014.
47. Cybersecurity Dynamics. Department of Computer Science, University of North Carolina at Chapel Hill, April 10, 2014.
48. Cybersecurity Dynamics. Invited Talk at Inscrypt'13, Nov. 27 - Nov. 30, 2013.
49. Cybersecurity Dynamics. Department of Computer Science, University of California at Irvine, Nov. 1, 2013.
50. Cybersecurity Dynamics. Department of Electrical Engineering, Arizona State University, Oct. 30, 2013.
    
51. Cybersecurity Dynamics. Department of Computer Science, Texas State University, Oct. 4, 2013.
52.  Cybersecurity Dynamics. Department of Electrical Engineering and Computer Science, Syracuse University, Sept. 25, 2013.
53.  Cybersecurity Dynamics. Department of Computer Science, IUPUI, Oct. 12, 2012.
54. Toward a Statistical Framework for Using Darkspace-Based Unsolicited Traffic to Infer Cyber Threats, The First International Workshop on Darkspace and Unsolicited Traffic Analysis (DUST'12), May 14-May 15, 2012.
55.  In Quest of a Foundation for Cyber Security. Department of Computer Science, Texas A&M University, Dec. 1, 2010.
56. (How) Can We Manage the Trustworthiness of Security Infrastructures and Services, Keynote address at The 3rd Asia-Pacific Trusted Infrastructure Technologies Conference (APTC 2008), Oct. 14-17, 2008.

 

Acknowledgement. I thank Dr. Moti Yung for mentoring me in the wonderful field of Cryptography --- the transformation from the art of cryptography to the science of cryptography has served as the biggest inspiration for this endeavor --- and for constantly encouraging me when this endeavor hits road blockers. I thank Dr. Ravi Sandhu for explaining me his model-architecture-mechanism way of thinking. My interactions with them as well as Dr. Elisa Bertino and Dr. Gene Tsudik have, in one way or another, influenced my way of thinking. I have benefited a lot from my interactions with Dr. Steven King, Dr. Alexander Kott, Dr. John McLean, Dr. Sukarno Mertoguno, Dr. Tom Moyer, Dr. David Nicol, Dr. Mike Reiter, Dr. Ananthram Swami, and Dr. Cliff Wang. Their insightful questions/comments have directly deepened my understanding of the problem, and have even led to some exciting future research directions. I thank my mathematician/physicist/statistician collaborators: Dr. Gaofeng Da, Dr. Yujuan Han, Dr. Zi-Gang Huang, Dr. Ying-Cheng Lai (as well we his students), Dr. Xiaohu Li, Dr. Wenlian Lu (as well as his students), Dr. Yilun Shang, Dr. Jie Sun, and Dr. Maochao Xu. My collaboration with them has made me understand better the strengths and limitations of several Applied Mathematics techniques (broadly defined) in coping with the problems encountered in this endeavor. I thanks all of my co-authors for the fruitful collaboration.

This research endeavor has been supported in part by ARO, ARL, AFOSR, and NSF.

 

Created: 9/2/2013; Last edited: 7/19/2018