Cybersecurity
Dynamics:
A
Foundation for the Science of
Cyber Security
Shouhuai
Xu
I
would like to briefly describe
the approach that I have been pursuing towards ultimately tackling the
holy-grail challenge the research community is confronted with: Building a
Foundation for the Science of Cyber Security. The importance
of this
problem was not widely recognized until the 2008 Science of Security Workshop.
The
approach is centered on the
novel concept of Cybersecurity
Dynamics, which essentially describes the
evolution of security state of a cyber system, which is often a very
large
system (of complex systems). As the term may tell itself, this concept
is
largely influenced by certain disciplines such as Dynamical System (a
field of
Applied Mathematics) and Statistical Physics. The evolution of security
state
is caused by the interaction between
the cyber attackers/attacks and the cyber
defenders/defenses. While the modeling of Cybersecurity Dynamics is
centered on
security concepts and domain knowledge, analysis of the resulting
models often
turns out to be very difficult, due to several technical barriers that
I plan
to write about at a later time. Nevertheless, the expressive
power (if I may abuse the term here) of Cybersecurity
Dynamics is amazing: We can build descriptive,
prescriptive, predicative, and experimental
models surrounding the same concept
as well as some natural security metrics that can be derived thereof.
It is
both interesting and surprising (at least to me) that there are a rich
set of
mathematical techniques that can address some respective aspects of
the
problem. So far, I have worked with my mathematician collaborators on
several
relevant techniques: Stochastic Process, Dynamical System, Statistical
Physics,
Control Theory, Game Theory, Statistics, and Algebraic Graph Theory. I
expect
that other mathematical techniques are relevant as well. My vision of
the
Cybersecurity Dynamics Foundation for the
Science of Cybersecurity is depicted in
Figure 1.

Figure
1.
My vision of Cybersecurity
Dynamics Foundation for the Science of Cyber Security, where the
(sub-)fields mentioned in each perspective are
by no means exclusive (explaining the "open-end" in each perspective).
While
I firmly believe Cybersecurity
Dynamics is the right abstraction that will lead to the
ultimately-wanted foundation (i.e., not only deepening our
understanding/knowledge, but also guiding the development of
tools/instruments
for real-life cyber operations risk-management and decision-making), it
is also
clear to me, as hinted above, that there are a range of challenging
theoretic
and practical (engineering) problems that must be adequately addressed
before
we achieve the ultimate goal or fulfill the ambitious vision. Moreover,
these
problems cannot be bypassed because they are inherent, and therefore
must be
confronted and tackled --- regardless of the specific technical
approach that
is undertaken. In order to ultimately tackle the holy-grail challenge,
there
are tons of opportunities for researchers crossing multiple
disciplines,
crossing multiple sub-disciplines within Computer Science, and crossing
the
already established various security sub-fields, to closely work
together. The
way ahead is exciting!!
(Update in May 2016)
It has become clear that at a higher-level of abstraction (than Figure
1), Cybersecurity Dynamics offers the following X-Y-Z-t "coordinate
system" for exploring cybersecurity, where the X-axis represents
first-principle modeling (i.e., assumption-driven modeling), the Y-axis
represents data analitics (i.e., data-driven analysis), the Z-axis
represents security metrics, and t means that everything is dynamic.
This is highlighted in Figure 2 below.

Figure
2. The X-Y-Z-t "coordinate system" for exploring cybersecurity.
Manuscripts
in submission:
- J.
Mireles, E. Ficke, J. Cho, P. Hurley, and S. Xu. Metrics Towards
Measuring Cyber Agility. In submission.
- P.
Du, Z. Sun, H. Chen, J. Cho, and S. Xu. Statistical Estimation of
Malware Detection Metrics in the Absence of Ground Truth. In submission.
- J.
Cho, S. Xu, P. Hurley, M. Mackay, T. Benjamin, and M. Beaumont. STRAM:
Measuring the Trustworthiness of Computer-based Systems. In submission.
- R.
Zheng, W. Lu, and S. Xu. Using Event-Triggered Control to Estimate
Cybersecurity Equilibria. In submission.
Published/accepted
papers:
- (new)
H.
Chen, J. Cho, and S. Xu. Quantifying the Security Effectiveness of
Firewalls and DMZs. 2018
Symposium and Bootcamp on the Science of Security (HotSoS’18).
- (new) C.
Peng, M. Xu, S. Xu, and T. Hu. Modeling Multivariate Cybersecurity
Risks. Journal of Applied Statistics, Accepted, 2018.
- (new) Zhen
Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun
Deng, Yuyi Zhong. VulDeePecker:
A Deep Learning-Based System for
Vulnerability Detection. Network and Distributed System Security
Symposium 2018 (NDSS'18)
- Note: The two
databases we created in this paper, are publicly
available at GitHub
here.
- R.
Zheng, W. Lu, and S. Xu. Preventive
and Reactive Cyber Defense Dynamics Is Globally Stable. Accepted to
IEEE Transactions on Network Science and Engineering.
- Note: This
paper settles down an almost 10 years old open problem by proving
that this particular kind of
cybersecurity dynamics is globally stable in the entire parameter
universe.
- A.
Tyra, Jingtao Li, Y. Shang, S. Jiang, Y. Zhao, and S. Xu. Robustness of non-interdependent and
interdependent networks against dependent and adaptive attacks.
Physica A 482 (2017) 713-727.
- H.
Chen, X. Zhao, F. Liu, S. Xu, and W. Lu. Optimizing
inter-connections
to maximize the spectral radius of interdependent networks.
Physical Review E, Vol.95, No.3; DOI: 10.1103/PhysRevE.95.032308.
- M.
Xu, L. Hua, and S. Xu. A
Vine Copula Model for Predicting the
Effectiveness of Cyber Defense Early-Warning. Technometrics, 2017. (Local copy)
- C.
Peng, M. Xu, S. Xu, and T. Hu. Modeling
and Predicting Extreme Cyber
Attack Rates via Marked Point Processes. Journal of Applied
Statistics, 2017. (Local copy)
- X.
Hu, M. Xu, S. Xu, and P. Zhao. Multiple Cyber
Attacks against a Target
with Observation Errors and Dependent Outcomes: Characterization and
Optimization, Reliability Engineering & System Safety, 2017.
- M.
Pendleton, R. Garcia-Lebron, J. Cho, and S. Xu. A Survey on
Systems
Security Metrics, ACM Computing Survey, 2017.
- Note: The
ontologies accommodating the metrics described in the paper are
available at GitHub
here. We hope this is a starting point of community effort that
eventually will achieve the ultimate goal.
- Z.
Li, D. Zou, S. Xu, H. Jin, H. Qi, and J. Hu. VulPecker:
An Automated
Vulnerability Detection System Based on Code Similarity Analysis.
ACSAC'2016.
- Note: The two
databases we created in this paper, namely the Vulnerability Patch
Database and the Vulnerability Code Instance Database, are publicly
available at GitHub
here. We hope the databases will evolve as more vulnerability
information becomes available in the future, which would take a
community effort.
- J.
Mireles, J. Cho, and S. Xu. Extracting Attack
Narratives from Traffic
Datasets. The 1st International Conference on Cyber Conflict in the
U.S. (CyCon U.S. '2016).
- J.
Cho, P. Hurley, and S. Xu. Metrics and
Measurement of Trustworthy
Systems. Milcom'2016.
- G.
Da, M. Xu and S. Xu. On
the Quasi-Stationary Distribution of SIS
Models. Probability in the Engineering and Informational Sciences,
Volume 30, Issue 4, October 2016, pages 622-639.
- Z.
Zhan, M. Xu, and S. Xu. Predicting
Cyber Attack Rates with Extreme Values. IEEE Transactions on
Information Forensics & Security, 10(8): 1666-1677 (2015).
- Y.
Chen, Z. Huang, S. Xu and Y. Lai. Spatiotemporal
patterns and
predictability of cyberattacks. PLoS One 10(5): e0124472.
doi:10.1371/journal.pone.0124472, 2015.
- R.
Zheng, W. Lu, and S. Xu. Active Cyber Defense
Dynamics Exhibiting Rich
Phenomena. 2015
Symposium and Bootcamp on the Science of Security (HotSoS’15).
- Z.
Zhan, M. Xu, and S. Xu. A Characterization of
Cybersecurity Posture
from Network Telescope Data. Proceedings of The 6th International
Conference on Trustworthy Systems (InTrust'14).
- L.
Xu, Z. Zhan, S. Xu, and K. Ye. An Evasion and
Counter-Evasion Study in
Malicious Websites Detection. IEEE 2014 Conference on
Communications
and Network Security (IEEE CNS’14).
- L. Xu. Characterizing and Detecting
Malicious Websites. PhD Thesis (under my
supervision), 2014.
- Z. Zhan. A
Statistical Framework for Analyzing Cyber Threats. PhD Thesis
(under my
supervision), 2014.
- Y. Han, W. Lu
and S. Xu. Characterizing
the Power of Moving Target Defense via Cyber
Epidemic Dynamics. 2014
Symposium and Bootcamp on the Science of Security (HotSoS’14).
The slides are available here.
- G. Da, M. Xu
and S. Xu. A New Approach to
Modeling and Analyzing Security of
Networked Systems. 2014
Symposium and Bootcamp on the Science of Security (HotSoS’14).
The slides are available here.
- S. Xu. Cybersecurity Dynamics
(poster). 2014
Symposium and Bootcamp on the Science of Security (HotSoS’14).
The poster slide is available here.
- S. Xu. Emergent
Behavior in Cybersecurity (poster). 2014
Symposium and Bootcamp on the Science of Security (HotSoS’14).
The poster slide is available here.
- M.
Xu, G. Da, and S. Xu. Cyber
Epidemic Models with Dependencies. Internet Mathematics, 11:1,
62-92. This
paper won Taylor & Francis Mathematics
& Statistics Readers' Award 2015
- S. Xu, W. Lu, L. Xu, and Z. Zhan. Adaptive
Epidemic Dynamics in Networks: Thresholds and Control. ACM
Transactions on Autonomous and Adaptive Systems (TAAS), 8(4), Article
19, 2014.
- W. Lu,
S. Xu, and X. Yi. Optimizing
Active Cyber Defense. The 4th Conference on Decision
and
Game
Theory for Security (GameSec'13), pp 206-225.
- S. Xu,
W. Lu, and H. Li, A Stochastic Model of
Active Cyber Defense
Dynamics. Internet Mathematics, 11:1, 23-71.
- Z. Zhan, M. Xu, and S. Xu. Characterizing Honeypot-Captured
Cyber Attacks: Statistical Framework and Case Study. IEEE
Transactions on Information Forensics & Security (IEEE TIFS),
8(11): 1775-1789, (2013).
- M. Xu
and S. Xu. An
Extended Stochastic Model for Quantitative Security Analysis of
Networked
Systems. Internet Mathematics, 8(3): 288-320 (2012).
- S. Xu,
W. Lu, and Z. Zhan. A Stochastic Model of
Multi-Virus Dynamics. IEEE Transactions on Dependable and
Secure
Computing
(IEEE TDSC), 9(1): 30-45 (2012).
- S. Xu,
W. Lu, and L. Xu. Push-
and Pull-based Epidemic Spreading in Networks: Thresholds and Deeper
Insights.
ACM Transactions on Autonomous and Adaptive Systems (TAAS), 7(3):
Article 32 (2012).
- X. Li, P. Parker,
and S. Xu. A
Stochastic
Model for Quantitative Security Analysis of Networked Systems.
IEEE
Transactions on Dependable and Secure Computing (IEEE TDSC), 8(1):
28-43 (2011).
- Y.
Shang, W. Luo, and S. Xu.
L-hop
percolation on networks with arbitrary
degree distributions and its applications. Physical Review E
84, 031113 (2011).
- S. Xu.
Towards a Theoretical
Framework for Trustworthy Cyber Sensing. Proceedings of the 2010
SPIE Conference on SPIE Defense, Security, and Sensing (DSS'10).
- S. Xu.
Collaborative
Attack vs. Collaborative Defense. Invited Paper in the Proceedings
of The 4th International Conference on Collaborative Computing:
Networking, Applications and Worksharing (CollaborativeCom'08), Nov.
13-16, 2008.
Keynote/Invited/Colloquium/Seminar
Talks:
- Cybersecurity
Dynamics: Recent Progresses. Huazhong
University of Science and Technology, December 21, 2017.
- Cybersecurity
Dynamics: Recent Progresses. Wuhan University, December 20, 2017.
- Cybersecurity
Dynamics: A Foundation for the Science of Cybersecurity. SouthWest
JiaoTong University, December 18, 2017.
- Cybersecurity
Dynamics: A Foundation for the Science of Cybersecurity. East
China Normal University, December 13, 2017.
- PD & MTD
Dynamics. ARO
Invitational Workshop on Foundations and Challenges for Proactive and
Dynamic Network Defense, Nov. 30-Dec. 1, 2017, Tampa, USA.
- Cybersecurity
Dynamics: A Foundation for the Science of Cybersecurity. The 1st International Symposium
on Cybersecurity Dynamics, July 19-21, Chongqing University, China.
- Cybersecurity
Dynamics: A Foundation
for the Science of Cybersecurity. School of
Computer Science, HuaZhong University of Science and Technology,
July 18, 2017.
- Cybersecurity
Dynamics: A Foundation
for the Science of Cybersecurity. Hong Kong
University of Science and Technology,
July 13, 2017.
- Cybersecurity
Dynamics: A Foundation
for the Science of Cybersecurity. Hong Kong
PolyTech University,
July 12, 2017.
- Three Case
Studies of Metrics and Measurements in the STRAM Framework. ARL,
December 13, 2016.
- New Progress in
Cybersecurity
Dynamics. Institute of
Information Engineering, Chinese Academy
of Sciences, July 22, 2016.
- New Progress in
Cybersecurity
Dynamics. School of
Computer Science, Huazhong University of Science
and Technology, July 19, 2016.
- Towards
Eliminating the Threat of Drive-By Download Attacks. School of
Mathematics, Fudan University, July 14, 2016.
- New Progress in
Cybersecurity
Dynamics. School of Mathematics, Fudan University, July 13, 2016.
- Cybersecurity
Dynamics. Cyber Security Winter
School, Deakin University,
July 7-8, 2016.
- Cybersecurity
Dynamics. Department of Statistics, University of Science and
Technology of China,
June 26, 2016.
- A Call for a
Theory of Uncertainty in the Cyber Security Domain. Presented at the 2016 Workshop on Mathematical
Reliability and Safety, Jiangsu Normal University, China, June
23-25, 2016.
- Cybersecurity
Dynamics, Department of Computer Science, University of South Florida,
April 7, 2016.
- Grey-Box
Cybersecurity Data Analytics. USAF RATPAC Working Group, April 6, 2016.
- Complexity and
Network Sciences Support for the Emerging Science of Cyber Security:
Challenges and Exciting Research Opportunities. The Minisymposium on Complex Networked
Systems: Modeling and Dynamics, the 8th
International Congress on Industrial and Applied Mathematics
(ICIAM'15), Beijing, China, August 10-14, 2015.
- Cybersecurity
Dynamics. School of Computer Science, Fudan University, August 3, 2015.
- Cybersecurity
Dynamics. Institute of Information Engineering, Chinese Academy
of Sciences, July 21, 2015.
- Cybersecurity
Dynamics. Department of Computer Science, Nanjing University, July
16, 2015.
- Cybersecurity
Dynamics. Department of Computer Science, George Mason University, June
16, 2015.
- Cyber Defense C2
for Optimizing MTDs. AFRL, June 9, 2015.
- Towards
Eliminating the Threat of Drive-By Download Attacks. Department of
Mathematics, Illinois State University, April 20, 2015.
- Cybersecurity
Dynamics. Department of Mathematics and Computer Science, Clarkson
University, April 16, 2015.
- Cybersecurity
Dynamics. School of Mathematics, Fudan University, Dec. 18, 2014.
- Cybersecurity
Data Analytics. Institute of Information Engineering, Chinese Academy
of Sciences, Dec. 16, 2014.
- Cybersecurity
Dynamics. Institute of Systems Science, Academy of Mathematics and
Systems Science, Chinese Academy of Sciences, Dec. 15, 2014.
- Cybersecurity
Data Analytics. School of Software, East China Normal University, Dec.
12, 2014.
- Cybersecurity
Dynamics: with application to formulating cyber defense C2 framework.
ARO workshop on "Cyber Security: From Tactics to Strategies and Back"
held at University of North Carolina at Chapel Hill, Sept. 23, 2014.
- Cybersecurity
Dynamics: a foundation to the science of cybersecurity. Keynote at CTCIS'14.
- Towards
Orchestrating Moving Target Defense with Quantified Mission Assurance,
AFRL, August 26, 2014.
- Cybersecurity
Data Analytics. School of Mathematics, Jiangsu Normal University, July
28, 2014.
- Cybersecurity
Data Analytics. School of Computer Science, Wuhan University, July 16,
2014.
- Cybersecurity
Dynamics. School of Computer Science, Huazhong University of Science
and Technology, July 15, 2014.
- Cybersecurity
Dynamics. Department of Computer Science, University of North Carolina
at Chapel Hill, April 10, 2014.
- Cybersecurity
Dynamics. Invited Talk at Inscrypt'13,
Nov. 27 - Nov. 30, 2013.
- Cybersecurity
Dynamics. Department of Computer Science, University of California at
Irvine, Nov. 1, 2013.
- Cybersecurity
Dynamics. Department of Electrical Engineering, Arizona State
University, Oct. 30, 2013.
- Cybersecurity Dynamics.
Department of
Computer Science, Texas State University, Oct. 4, 2013.
- Cybersecurity Dynamics.
Department of
Electrical Engineering and Computer Science, Syracuse University, Sept.
25,
2013.
- Cybersecurity Dynamics.
Department of
Computer Science, IUPUI, Oct. 12, 2012.
- Toward
a Statistical Framework for Using Darkspace-Based Unsolicited Traffic
to Infer Cyber Threats, The First
International Workshop on Darkspace and Unsolicited Traffic Analysis
(DUST'12), May 14-May 15, 2012.
- In Quest of a
Foundation for
Cyber Security. Department of Computer Science, Texas A&M
University, Dec.
1, 2010.
- (How)
Can We Manage the Trustworthiness of Security Infrastructures and
Services,
Keynote address
at The 3rd Asia-Pacific
Trusted Infrastructure Technologies Conference
(APTC
2008), Oct. 14-17, 2008.
Acknowledgement.
I
thank
Dr. Moti Yung for mentoring me in the
wonderful field
of Cryptography --- the transformation from the
art of cryptography to the science of
cryptography has served as the biggest inspiration for this
endeavor ---
and for constantly encouraging me when this endeavor hits road
blockers. I
thank Dr. Ravi Sandhu for explaining me
his
model-architecture-mechanism way of thinking. My interactions with them
as well
as Dr. Elisa Bertino and Dr. Gene Tsudik
have, in one way or another, influenced my way of thinking. I have
benefited a lot from my interactions with Dr. Steven King, Dr.
Alexander Kott, Dr. John McLean, Dr. Sukarno Mertoguno, Dr. Tom
Moyer, Dr.
David Nicol, Dr. Mike Reiter, Dr. Ananthram Swami, and Dr. Cliff Wang.
Their insightful
questions/comments have directly deepened my understanding of the
problem, and have even led to some exciting future research
directions. I thank my
mathematician/physicist/statistician collaborators: Dr. Gaofeng
Da, Dr. Yujuan Han, Dr. Zi-Gang Huang, Dr.
Ying-Cheng Lai (as well we his students), Dr. Xiaohu
Li, Dr. Wenlian Lu (as well as his
students), Dr. Yilun
Shang, Dr. Jie Sun, and Dr. Maochao Xu.
My collaboration with
them has made me understand better the strengths and limitations of
several
Applied Mathematics techniques (broadly defined) in coping with the
problems
encountered in this endeavor. I thanks all of my co-authors for the
fruitful collaboration.
This
research endeavor has been
supported in part by ARO, ARL, AFOSR, and NSF.
Created:
9/2/2013; Last edited: 3/19/2018