Detection and Mitigation of Cyber-Attacks Using Game Theory and Learning
|
|
- Letitia Greer
- 8 years ago
- Views:
Transcription
1 Detection and Mitigation of Cyber-Attacks Using Game Theory and Learning João P. Hespanha Kyriakos G. Vamvoudakis
2 Correlation Engine COAs Data Data Data Data Cyber Situation Awareness Framework Mission Cyber-Assets Simulation/Live Security Exercises Observations: Netflow, Probing, Time analysis Analysis to get up-to-date view of cyber-assets Analyze and Characterize Attackers Analysis to determine dependencies between assets and missions Mission Model Cyber-Assets Model Predict Future Actions Create semantically-rich view of cyber-mission status Sensor Alerts Data Impact Analysis
3 Outline... Large matrix games (summary of results) Observability of dynamical systems under attacks to sensors Multi-agent learning under cyber-attack using Q-learning Integration of online optimization for real-time attack prediction and visualization
4 Outline... Large matrix games (summary of results) Observability of dynamical systems under attacks to sensors Multi-agent learning under cyber-attack using Q-learning Integration of online optimization for real-time attack prediction and visualization Bopardikar- UTRC Prandini-Milano Poly. Milano
5 Network Security Games intrusion detection system chat software attack graph from [J. Wing 2007] web proxy intruder s target! sequence of intruder actions that compromise database server, not detected by IDS Even trivially small network security games can lead to games with very large decision trees Problem statistics of ictf 2010 over 7800 distinct mission states (defender observations) over 2500 distinct observations available to the attacker defender can choose among about distinct policies attacker can choose among distinct policies, depending on attacker's level of expertise
6 attack graph from [J. Wing 2007] Network Security Games intrusion detection system Developed sample-based approach to solving zero-sum games Approach provides probabilistic guarantees on the performance of the policies (in terms of security levels) Results applicable to very general classes of games that can include stochastic actions, partial information, etc. chat software web proxy intruder s target! sequence of intruder actions that compromise database server, not detected by IDS Even trivially small network security games can lead to games with very large decision trees Problem statistics of ictf 2010 over 7800 distinct mission states (defender observations) over 2500 distinct observations available to the attacker defender can choose among about distinct policies attacker can choose among distinct policies, depending on attacker's level of expertise
7 Application to ictf 2010 services S6, S2 We were able to Provide Cyber-security Litya office receives estimates avg. 314 of units mission for completion success of all 4 missions Take into account the effect of attacks & counter measures Response can be a function of attacker sophistication Play what-if scenarios (vulnerabilities, information, services S4, S5 etc.) services S3, S7 service S1 Increasing level of attacker sophistication services S2, S3 Level of attacker sophistication # units received by Litya for 1 round of missions [Option I, no bribes] services S0, S2 service S8 service S6 # units received by Litya for 1 round of missions [Option I, with bribes] service S9 # units received by Litya for 1 round of missions [Option II, with bribes] no service vulnerable (baseline) services S3, S9 S2 services S0, S1 service S2 (vulnerable to 38 teams) S2, S6, S9 (vulnerable to at least 6 team) S0, S2, S4, S6, S7, S8, S9 services S3, S8 service S1 service S0 (vulnerable to at least 1 team) all services vulnerable
8 Outline... Large matrix games (summary of results) Observability of dynamical systems under attacks to sensors Multi-agent learning under cyber-attack using Q-learning Integration of online optimization for real-time attack prediction and visualization Sinopoli-CMU Y. Mo-Caltech
9 Detection in Adversarial Environments How to interpret & access the reliability of sensors that have been manipulated? Sensors relevant to cyber missions? Measurement sensors (e.g., SCADA systems) Computational sensors (e.g., weather forecasting simulation engines) Data retrieval sensors (e.g., database queries) Cyber-security sensors (e.g., IDSs) Domains Deterministic sensors: with n sensors, one can get correct answer as long as m < n/2 sensors have been manipulated Stochastic sensors without manipulation: solution given by hypothesis testing/estimation Stochastic sensors with potential manipulation: open problem?
10 Problem formulation X binary random variable to be estimated for simplicity (papers treats general case) Y 1, Y 2,, Y n noisy measurements of X produced by n sensors per-sensor error probability (not necessarily very small) Z 1, Z 2,, Z n measurements actually reported by the n sensors at most m sensors attacked p attack probability that we are under attack (very hard to know!) interpretation of sensor data should be mostly independent of p attack
11 Result for small # of sensors (n<2/p err ) X binary random variable to be estimated Y 1, Y 2,, Y n noisy measurements of X produced by n sensors Z 1, Z 2,, Z n measurements actually reported by the n sensors at most m sensors attacked p attack probability that we are under attack (very hard to know!) Theorem: The optimal estimator is go with the majority of the (potentially manipulated) sensor readings go with the majority, EXCEPT if there is consensus The optimal estimator is largely independent of p attack (hard to know)
12 Result for small # of sensors (n<2/p err ) X binary random variable to be estimated Y 1, Y 2,, Y n noisy measurements of X produced by n sensors Z 1, Z 2,, Z n measurements actually reported by the n sensors This year s at work most m sensors attacked p attack Can probability we extend that this we to the are estimation under attack of (very time-varying hard to know!) variables: e.g., the state of a mission! Theorem: The optimal estimator is go with the majority of the (potentially manipulated) sensor readings go with the majority, EXCEPT if there is consensus The optimal estimator is largely independent of p attack (hard to know)
13 Estimation in Adversarial Environments How to interpret & access the reliability of sensors that have been manipulated? Sensors relevant to cyber missions? Measurement sensors (e.g., SCADA systems) Computational sensors (e.g., weather forecasting simulation engines) Data retrieval sensors (e.g., database queries) Cyber-security sensors (e.g., IDSs) Previously Now X constant binary random variable to be estimated X(t) time-varying state variable to be estimated, based on 1.sensor measurements that may have been manipulated 2.system dynamics E.g., the state of a cyber mission
14 Problem formulation dynamical evolution of systems s state control signals N measurements produced by sensor at most M sensors can be manipulated by the attackers N measurements reported by sensor Dynamics can also be formulated as a discrete-event system using the Ramadge- Wonham supervisory control framework Under what conditions can one reconstruct the state from (potentially corrupted) sensor measurements?
15 Problem formulation dynamical evolution of systems s state control signals N measurements produced by sensor at most M sensors can be manipulated by the attackers N measurements reported by sensor Theorem: Exact state reconstruction is possible if and only if system is observable through every subset of N - 2M measurements state could be reconstructed through only N - 2M measurements in the absence of attacks potential attack at M sensors, effectively disables 2M sensors
16 Estimation algorithms Gramian-based estimator: batch, finite-time estimation inversion of the observability matrix at each time step Observer-based estimator: asymptotic estimation recursive low-computation algorithm provably robust with respect to noise on all sensors (including non attacked ones) Algorithm outline: 1. Build an estimate removing by ignoring a set S of M sensors 2. Build additional estimates by removing, in addition, all combinations of M additional sensors 3. If all attacked sensors were in set S, then the estimates in steps 1. and 2. will be consistent (modulo noise) (all estimates can be constructed without combinatorial complexity, by using finite dimensionality)
17 Outline... Large matrix games (summary of results) Observability of dynamical systems under attacks to sensors Multi-agent learning under cyber-attack using Q-learning Integration of online optimization for real-time attack prediction and visualization
18 Resilient Cyber-Mission Architectures In complex cyber missions, human operators define policies and rules computing elements automate processes of distributed resource allocation, scheduling, inventory management, etc. self-configuration: automatic configuration of components self-healing: automatic discovery and correction of faults self-optimization: automatic allocation of resources for optimal operation What is the impact of attacks on this type of automated/optimization process? Can we devise algorithms with built-in attack prediction/awareness capabilities?
19 Focus: Distributed Consensus/Agreement Classical problem in distributed computing: A group of computing elements must agree on a common scalar value x (e.g., priority, resources allocated, inventory decision, database value) Decision done iteratively & distributed using peer-to-peer communication 2 nd order adjustment rule value at processor i, iteration k correct update on adjustment update on adjustment by attacker adjustment on x i by processor i, at iteration k Goal: minimize errors between values of agents and their neighbors Attacker: maximize errors using stealth attacks (small v i ) peers of agent i (self-included)
20 Focus: Distributed Consensus/Agreement Classical problem in distributed computing: A group of computing elements must agree on a common scalar value x (e.g., priority, resources allocated, inventory decision, database value) Decision done iteratively & distributed using peer-to-peer communication 2 nd order adjustment rule value at processor i, iteration k correct update on adjustment update on adjustment by attacker adjustment on x i by processor i, at iteration k Nash equilibrium formulation: error min. by us max. by attacker our updates (small means smooth) min. by us max. by attacker attacker updates (small means stealth) max. by us min. by attacker
21 Optimal Solution Bellman Equation Optimal Control and Attacker Policies number of peers Under appropriate regularity assumptions (smoothness) u i * is optimal (minimal) for us v i * is optimal (maximal) for attacker Moreover, Consensus will be reached asymptotically All variables will remain bounded through the transient (in fact, Lyapunov stability) Theoretical results derived for a continuous-time approximation of the algorithms, more suitable for the asymptotic analysis
22 Optimal Solution Bellman Equation Optimal Control and Attacker Policies number of peers But Bellman equation difficult to solve (curse of dimensionality) Last year: Under appropriate Machine learning regularity based assumptions approach to solve (smoothness) this distributed consensus problem u i * is optimal (minimal) for us Restricted to second-order updates (double v i integrator) * is optimal (maximal) for attacker Global knowledge of the communication graph was required Moreover, Global knowledge of the update rules used by each agent required Consensus will be reached asymptotically All variables This year s will work remain overcomes bounded these through 3 limitations the transient (in fact, Lyapunov stability) Theoretical results derived for a continuous-time approximation of the algorithms, more suitable for the asymptotic analysis
23 Focus: Distributed Consensus/Agreement Classical problem in distributed computing: A group of computing elements must agree on a common scalar value x (e.g., priority, resources allocated, inventory decision, database value) Decision done iteratively & distributed using peer-to-peer communication General update rule: value at processor i, iteration k+1 correct update malicious update by attacker Goal: minimize errors between values of agents and their neighbors Attacker: maximize errors using stealth attacks (small v i ) peers of agent i (self-included)
24 Focus: Distributed Consensus/Agreement Classical problem in distributed computing: A group of computing elements must agree on a common scalar value x (e.g., priority, resources allocated, inventory decision, database value) Decision done iteratively & distributed using peer-to-peer communication General update rule: value at processor i, iteration k+1 correct update Nash equilibrium formulation: malicious update by attacker error min. by us max. by attacker our updates (small means smooth) min. by us max. by attacker attacker updates (small means stealth) max. by us min. by attacker
25 Focus: Distributed Consensus/Agreement Classical problem in distributed computing: A group Challenges: of computing elements must agree on a common scalar value x (e.g., priority, Each resources agent does allocated, not necessarily inventory know decision, the update database algorithm value) Decision used done by iteratively the other & agents distributed (A i,b i,d using i ) peer-to-peer communication Each agent does not necessarily know the global graph (just its General set update of neighbors rule: N i ) value at processor i, iteration k+1 correct update Nash equilibrium formulation: malicious update by attacker error min. by us max. by attacker our updates (small means smooth) min. by us max. by attacker attacker updates (small means stealth) max. by us min. by attacker
26 Q-learning We shall use Q-Learning (Watkins, 1989) (a popular method from machine learning) states or situations of each agent Generator actions evaluations Tester Q-learning: Model-free machine learning method to learn an action-utility or Q-function, giving the expected utility of taking a given action in a given state. The learned Q-function directly approximates, the optimal action-value function, independent of the policy being followed. Watkins algorithm motivates us
27 Q-function Instead of the Q-tables (complexity problems) used by Watkins 1989, we shall instead use appropriate neural networks. But encoding the states and actions (Q-function) properly will be challenging. are the unique symmetric positive definite matrices that solve the game Q-function: Optimal Q-function: Each Q-function is quadratic Unknown matrix to be found
28 Actor/Critic Learning Approach Explicit representation of policy and value function Minimal computation to select actions Can learn an explicit policy Can put constraints on policies Appealing as psychological and neural models Critic = Model free (distributed) algorithm to evaluate the current algorithm & estimate attacker actions Actor = Model free (distributed) algorithm to enact optimal decisions (based on critic s findings) Actor & Critic based on Approximate Dynamic Programming Neural Network approximation of Q-function (action dependent) & optimal control laws
29 Learning Structure Critic Neural Networks to approximate the costs unknown weights to be learned basis sets, with local state and control information Actor Neural networks to approximate the control and adversarial inputs Bellman equations in integral form Sampling interval Compare to Watkins Q-function
30 Learning under attacks key result Theorem : Assuming The signals are persistently exciting. The graph is strongly connected. Then The equilibrium points of the closed-loop signals are asymptotically stable The policies converge to a Nash equilibrium Unknown second order dynamics and unknown graph structure, cost weights and leader information Proposed algorithm. Synchronization of all the agents is achieved even under attacks and unknown network and agent information.
31 Outline... Large matrix games (summary of results) Observability of dynamical systems under attacks to sensors Multi-agent learning under cyber-attack using Q-learning Integration of online optimization for real-time attack prediction and visualization
32 Cyber Missions Complexity Challenges to real-time cyber-mission protection: cyber assets shared among missions cyber asset requirements change over time missions can use different configurations of resources complex network of cyber-asset dependencies Mission 1 services S0, S1 services S5, S6 service S9 services S0, S1 services S5, S6, S7 service S6 Attack on service S0 can result in multiple mission failure But, damage only realized if missions follows particular paths Mission 2 services S0, S2 service S2 service S8 Cyber Awareness Questions: When & where is an attacker most likely to strike? When & where is an attacker most damaging to mission completion? How will the answer depend on attacker resources? attacker skills? attacker knowledge? (real-time what-if analysis)
33 Mapping Service Attacks to Mission Damage Mission requires multiple services Mission reliance on services varies with time Damage equation: (for service s at time t) Uncertainty equation: (for service s at time t) Potential damage probability of realizing damage attack resources attack resources equation parameters vary with time as mission progresses (learned from data in ictf exercises) Optimal attacks: maximize constrained by: total damage to mission total attack resources at time t In this period: Developed optimization engine that can address 1000 s of variables/constraints in a few milliseconds.
34 Multi-Resolution Visualization Multi-resolution attack analysis 1. High-level attack predictions based on online optimization 2. Potential damage & uncertainty associated with attacks to different services 3. Parameters that determine damage and uncertainty AlloSphere Integration High-level predictions permit fast action Low-level parameters permits investigating rationale for predictions
35 Summary of Accomplishments (Y5) A new notion of observability for systems under attacks. A necessary and sufficient condition for a dynamical system to be M-attack observable. Two estimation algorithms Gramian-based estimator (finite-time convergence) Observer-based estimator (asymptotic convergence) Shielding complex networks from adversarial attacks using Q-learning Developed Model-Free Dynamic Programming-based solution to obtain resilient algorithms with attack estimates Used online Q-learning approach to overcome complexity issues in complex networks There is no need for the physical models, nor the network interactions Applications to critical infrastructures, e.g. power systems Online optimization for real-time attack prediction Develop numerical algorithms for fast (real-time) attack prediction Integration with visualization tools developed (more on Tobias Hollerer s presentation) Focus for future work Develop new self-configuring event-triggered algorithms for complex networks for decision and control given the presence of jamming network attacks. Transition to practice including Mixed Human, Manned and Unmanned Teams and Large Networks of Off-Grid Power systems.
36 Published last year or in press Publications K. Vamvoudakis, J. Hespanha, B. Sinopoli, Y. Mo. Detection in Adversarial Environments. IEEE Trans. on Automatic Control, Special Issue on the Control of Cyber-Physical Systems, February To appear. K. G. Vamvoudakis, M. F. Miranda, J. P. Hespanha. Asymptotically-Stable Optimal Adaptive Control Algorithm with Saturating Actuators and Relaxed Persistence of Excitation. IEEE Transactions on Neural Networks and Learning Systems, July conditionally accepted. Kenji Hirata, J. P. Hespanha, Kenko Uchida. Real-time Pricing Leading to Optimal Operation under Distributed Decision Makings. In Proc. of the 2014 Amer. Contr. Conf., June Daniel Silvestre, Paulo Rosa, J. Hespanha, C. Silvestre. Finite-time Average Consensus in a Byzantine Environment Using Set-Valued Observers. In Proc. of the 2014 Amer. Contr. Conf., June K. G. Vamvoudakis, J. P. Hespanha. Online Optimal Switching of Single Phase DC/AC Inverters Using Partial Information. In Proc. American Control Conference, pp , Portland, OR, Submitted K. Vamvoudakis, J. Hespanha, Game-Theory based Consensus Learning of Double-Integrator Agents in the Presence of Attackers. Sep Submitted to journal publication. K. G. Vamvoudakis, P. J. Antsaklis, W. E. Dixon, J. P. Hespanha, F. L. Lewis, H. Modares, B. Kiumarsi. Autonomy and Machine Intelligence in Complex Systems: A Tutorial. submitted to American Control Conference, Chicago, IL, (invited paper) M. Chong, M. Wakaiki, J. Hespanha. Observability of Linear Systems under attacks. September Submitted to ACC Working papers K. G. Vamvoudakis, J. P. Hespanha. Cooperative Q-learning for Rejection of Persistent Adversarial Inputs in Complex Networks. in preparation for Journal of Machine Learning Research, 2014.
U.S. Army Research, Development and Engineering Command. Cyber Security CRA Overview
U.S. Army Research, Development and Engineering Command Cyber Security CRA Overview Dr. Ananthram Swami, ST Network Science 18FEB 2014 Cyber Security Collaborative Research Alliance A Collaborative Venture
More informationBOOLEAN CONSENSUS FOR SOCIETIES OF ROBOTS
Workshop on New frontiers of Robotics - Interdep. Research Center E. Piaggio June 2-22, 22 - Pisa (Italy) BOOLEAN CONSENSUS FOR SOCIETIES OF ROBOTS Adriano Fagiolini DIEETCAM, College of Engineering, University
More informationMotivation. Motivation. Can a software agent learn to play Backgammon by itself? Machine Learning. Reinforcement Learning
Motivation Machine Learning Can a software agent learn to play Backgammon by itself? Reinforcement Learning Prof. Dr. Martin Riedmiller AG Maschinelles Lernen und Natürlichsprachliche Systeme Institut
More informationCyber-Physical Security in Power Networks
Cyber-Physical Security in Power Networks Fabio Pasqualetti Florian Dörfler Francesco Bullo Center for Control, Dynamical Systems & Computation University of California at Santa Barbara http://motion.me.ucsb.edu
More informationAn Overview of Knowledge Discovery Database and Data mining Techniques
An Overview of Knowledge Discovery Database and Data mining Techniques Priyadharsini.C 1, Dr. Antony Selvadoss Thanamani 2 M.Phil, Department of Computer Science, NGM College, Pollachi, Coimbatore, Tamilnadu,
More informationIntrusion Detection via Machine Learning for SCADA System Protection
Intrusion Detection via Machine Learning for SCADA System Protection S.L.P. Yasakethu Department of Computing, University of Surrey, Guildford, GU2 7XH, UK. s.l.yasakethu@surrey.ac.uk J. Jiang Department
More informationIntrusion Detection: Game Theory, Stochastic Processes and Data Mining
Intrusion Detection: Game Theory, Stochastic Processes and Data Mining Joseph Spring 7COM1028 Secure Systems Programming 1 Discussion Points Introduction Firewalls Intrusion Detection Schemes Models Stochastic
More informationNetwork Security A Decision and Game-Theoretic Approach
Network Security A Decision and Game-Theoretic Approach Tansu Alpcan Deutsche Telekom Laboratories, Technical University of Berlin, Germany and Tamer Ba ar University of Illinois at Urbana-Champaign, USA
More informationSecurity Risk Management via Dynamic Games with Learning
Security Risk Management via Dynamic Games with Learning Praveen Bommannavar Management Science & Engineering Stanford University Stanford, California 94305 Email: bommanna@stanford.edu Tansu Alpcan Deutsche
More informationDecentralized Utility-based Sensor Network Design
Decentralized Utility-based Sensor Network Design Narayanan Sadagopan and Bhaskar Krishnamachari University of Southern California, Los Angeles, CA 90089-0781, USA narayans@cs.usc.edu, bkrishna@usc.edu
More informationReliability Guarantees in Automata Based Scheduling for Embedded Control Software
1 Reliability Guarantees in Automata Based Scheduling for Embedded Control Software Santhosh Prabhu, Aritra Hazra, Pallab Dasgupta Department of CSE, IIT Kharagpur West Bengal, India - 721302. Email: {santhosh.prabhu,
More informationSecurity and Vulnerability of Cyber-Physical Infrastructure Networks: A Control-Theoretic Approach
C H A P T E R 1 Security and Vulnerability of Cyber-Physical Infrastructure Networks: A Control-Theoretic Approach Mengran Xue, Sandip Roy, Yan Wan, Sajal K. Das 1.1. INTRODUCTION The purpose of this chapter
More informationNeuro-Dynamic Programming An Overview
1 Neuro-Dynamic Programming An Overview Dimitri Bertsekas Dept. of Electrical Engineering and Computer Science M.I.T. September 2006 2 BELLMAN AND THE DUAL CURSES Dynamic Programming (DP) is very broadly
More informationNetwork Mission Assurance
Network Mission Assurance Michael F. Junod, Patrick A. Muckelbauer, PhD, Todd C. Hughes, PhD, Julius M. Etzl, and James E. Denny Lockheed Martin Advanced Technology Laboratories Camden, NJ 08102 {mjunod,pmuckelb,thughes,jetzl,jdenny}@atl.lmco.com
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationCourse Syllabus For Operations Management. Management Information Systems
For Operations Management and Management Information Systems Department School Year First Year First Year First Year Second year Second year Second year Third year Third year Third year Third year Third
More informationFormulations of Model Predictive Control. Dipartimento di Elettronica e Informazione
Formulations of Model Predictive Control Riccardo Scattolini Riccardo Scattolini Dipartimento di Elettronica e Informazione Impulse and step response models 2 At the beginning of the 80, the early formulations
More informationCS Master Level Courses and Areas COURSE DESCRIPTIONS. CSCI 521 Real-Time Systems. CSCI 522 High Performance Computing
CS Master Level Courses and Areas The graduate courses offered may change over time, in response to new developments in computer science and the interests of faculty and students; the list of graduate
More informationThe Scientific Data Mining Process
Chapter 4 The Scientific Data Mining Process When I use a word, Humpty Dumpty said, in rather a scornful tone, it means just what I choose it to mean neither more nor less. Lewis Carroll [87, p. 214] In
More informationFunctional Optimization Models for Active Queue Management
Functional Optimization Models for Active Queue Management Yixin Chen Department of Computer Science and Engineering Washington University in St Louis 1 Brookings Drive St Louis, MO 63130, USA chen@cse.wustl.edu
More informationIndex Terms Cloud Storage Services, data integrity, dependable distributed storage, data dynamics, Cloud Computing.
Volume 3, Issue 5, May 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Privacy - Preserving
More informationANTALYA INTERNATIONAL UNIVERSITY INDUSTRIAL ENGINEERING COURSE DESCRIPTIONS
ANTALYA INTERNATIONAL UNIVERSITY INDUSTRIAL ENGINEERING COURSE DESCRIPTIONS CORE COURSES MATH 101 - Calculus I Trigonometric functions and their basic properties. Inverse trigonometric functions. Logarithmic
More informationA Sarsa based Autonomous Stock Trading Agent
A Sarsa based Autonomous Stock Trading Agent Achal Augustine The University of Texas at Austin Department of Computer Science Austin, TX 78712 USA achal@cs.utexas.edu Abstract This paper describes an autonomous
More informationEnhancing Wireless Security with Physical Layer Network Cooperation
Enhancing Wireless Security with Physical Layer Network Cooperation Amitav Mukherjee, Ali Fakoorian, A. Lee Swindlehurst University of California Irvine The Physical Layer Outline Background Game Theory
More informationHow To Use Neural Networks In Data Mining
International Journal of Electronics and Computer Science Engineering 1449 Available Online at www.ijecse.org ISSN- 2277-1956 Neural Networks in Data Mining Priyanka Gaur Department of Information and
More informationDDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR
Journal homepage: www.mjret.in DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR Maharudra V. Phalke, Atul D. Khude,Ganesh T. Bodkhe, Sudam A. Chole Information Technology, PVPIT Bhavdhan Pune,India maharudra90@gmail.com,
More informationTechniques for Supporting Prediction of Security Breaches in. Critical Cloud Infrastructures Using Bayesian Network and. Markov Decision Process
Techniques for Supporting Prediction of Security Breaches in Critical Cloud Infrastructures Using Bayesian Network and Markov Decision Process by Vinjith Nagaraja A Thesis Presentation in Partial Fulfillment
More informationBig Data - Lecture 1 Optimization reminders
Big Data - Lecture 1 Optimization reminders S. Gadat Toulouse, Octobre 2014 Big Data - Lecture 1 Optimization reminders S. Gadat Toulouse, Octobre 2014 Schedule Introduction Major issues Examples Mathematics
More informationWeb-Based Economic Optimization Tools for Reducing Operating Costs
Web-Based Economic Tools for Reducing Operating Costs Authors: Keywords: Abstract: Jeffery Williams Power & Water Solutions, Inc. David Egelston Power & Water Solutions, Inc. Browsers, Economics, Linear
More informationCompact Representations and Approximations for Compuation in Games
Compact Representations and Approximations for Compuation in Games Kevin Swersky April 23, 2008 Abstract Compact representations have recently been developed as a way of both encoding the strategic interactions
More informationAgent Applications in Network Security Monitoring
Agent Applications in Network Security Monitoring Martin Rehak, Department of Cybernetics, CTU in Prague Tato prezentace je spolufinancována Evropským sociálním fondem a státním rozpočtem České republiky.
More informationA Robustness Simulation Method of Project Schedule based on the Monte Carlo Method
Send Orders for Reprints to reprints@benthamscience.ae 254 The Open Cybernetics & Systemics Journal, 2014, 8, 254-258 Open Access A Robustness Simulation Method of Project Schedule based on the Monte Carlo
More informationLinear Threshold Units
Linear Threshold Units w x hx (... w n x n w We assume that each feature x j and each weight w j is a real number (we will relax this later) We will study three different algorithms for learning linear
More informationComputer Science MS Course Descriptions
Computer Science MS Course Descriptions CSc I0400: Operating Systems Underlying theoretical structure of operating systems; input-output and storage systems, data management and processing; assembly and
More informationNetwork Security Landscape
Cole p01.tex V3-07/28/2009 3:46pm Page 1 Network Security Landscape COPYRIGHTED MATERIAL IN THIS PART Chapter 1 State of Network Security Chapter 2 New Approaches to Cyber Security Chapter 3 Interfacing
More informationHow will the programme be delivered (e.g. inter-institutional, summerschools, lectures, placement, rotations, on-line etc.):
Titles of Programme: Hamilton Hamilton Institute Institute Structured PhD Structured PhD Minimum 30 credits. 15 of Programme which must be obtained from Generic/Transferable skills modules and 15 from
More informationSECURITY RISK ANALYSIS AND EVALUATION OF INTEGRATING CUSTOMER ENERGY MANAGEMENT SYSTEMS INTO SMART DISTRIBUTION GRIDS
SECURITY RISK ANALYSIS AND EVALUATION OF INTEGRATING CUSTOMER ENERGY MANAGEMENT SYSTEMS INTO SMART DISTRIBUTION GRIDS Christian HÄGERLING Fabian M. KURTZ Christian WIETFELD TU Dortmund University Germany
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationEnsuring Security in Cloud with Multi-Level IDS and Log Management System
Ensuring Security in Cloud with Multi-Level IDS and Log Management System 1 Prema Jain, 2 Ashwin Kumar PG Scholar, Mangalore Institute of Technology & Engineering, Moodbidri, Karnataka1, Assistant Professor,
More informationA Network Flow Approach in Cloud Computing
1 A Network Flow Approach in Cloud Computing Soheil Feizi, Amy Zhang, Muriel Médard RLE at MIT Abstract In this paper, by using network flow principles, we propose algorithms to address various challenges
More informationA Model-based Methodology for Developing Secure VoIP Systems
A Model-based Methodology for Developing Secure VoIP Systems Juan C Pelaez, Ph. D. November 24, 200 VoIP overview What is VoIP? Why use VoIP? Strong effect on global communications VoIP will replace PSTN
More informationOptimal linear-quadratic control
Optimal linear-quadratic control Martin Ellison 1 Motivation The lectures so far have described a general method - value function iterations - for solving dynamic programming problems. However, one problem
More informationA Game Theoretical Framework on Intrusion Detection in Heterogeneous Networks Lin Chen, Member, IEEE, and Jean Leneutre
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL 4, NO 2, JUNE 2009 165 A Game Theoretical Framework on Intrusion Detection in Heterogeneous Networks Lin Chen, Member, IEEE, and Jean Leneutre
More informationSCOPE. September 25, 2014, 0930 EDT
National Protection and Programs Directorate Office of Cyber and Infrastructure Analysis (OCIA) Critical Infrastructure Security and Resilience Note Critical Infrastructure Security and Resilience Note:
More informationİZMİR INSTITUTE OF TECHNOLOGY GRADUATE SCHOOL OF ENGINEERING AND SCIENCES DEPARTMENT OF COMPUTER ENGINEERING DOCTORAL PROGRAM IN COMPUTER ENGINEERING
İZMİR INSTITUTE OF TECHNOLOGY GRADUATE SCHOOL OF ENGINEERING AND SCIENCES DEPARTMENT OF COMPUTER ENGINEERING DOCTORAL PROGRAM IN COMPUTER ENGINEERING Core Courses CENG 590 CENG 600 CENG 8XX Seminar (0-2)
More informationOptimization Problems in Infrastructure Security
Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1 Optimization Problems in Infrastructure Security Evangelos Kranakis Carleton University School of Computer Science Ottawa,
More informationMSCA 31000 Introduction to Statistical Concepts
MSCA 31000 Introduction to Statistical Concepts This course provides general exposure to basic statistical concepts that are necessary for students to understand the content presented in more advanced
More informationIBM SECURITY QRADAR INCIDENT FORENSICS
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
More informationBackground: State Estimation
State Estimation Cyber Security of the Smart Grid Dr. Deepa Kundur Background: State Estimation University of Toronto Dr. Deepa Kundur (University of Toronto) Cyber Security of the Smart Grid 1 / 81 Dr.
More informationThe Big Data Paradigm Shift. Insight Through Automation
The Big Data Paradigm Shift Insight Through Automation Agenda The Problem Emcien s Solution: Algorithms solve data related business problems How Does the Technology Work? Case Studies 2013 Emcien, Inc.
More informationOperations Research and Knowledge Modeling in Data Mining
Operations Research and Knowledge Modeling in Data Mining Masato KODA Graduate School of Systems and Information Engineering University of Tsukuba, Tsukuba Science City, Japan 305-8573 koda@sk.tsukuba.ac.jp
More informationExample 4.1 (nonlinear pendulum dynamics with friction) Figure 4.1: Pendulum. asin. k, a, and b. We study stability of the origin x
Lecture 4. LaSalle s Invariance Principle We begin with a motivating eample. Eample 4.1 (nonlinear pendulum dynamics with friction) Figure 4.1: Pendulum Dynamics of a pendulum with friction can be written
More informationPFP Technology White Paper
PFP Technology White Paper Summary PFP Cybersecurity solution is an intrusion detection solution based on observing tiny patterns on the processor power consumption. PFP is capable of detecting intrusions
More informationA Brief Introduction to Property Testing
A Brief Introduction to Property Testing Oded Goldreich Abstract. This short article provides a brief description of the main issues that underly the study of property testing. It is meant to serve as
More informationThales Communications Perspectives to the Future Internet 2 nd June 2010 - Luxembourg
Thales Communications Perspectives to the Future Internet 2 nd June 2010 - Luxembourg Challenges of Future Internet Internet as a starting point Was defined for asynchronous services (web pages, file transfer
More informationNetwork Security Validation Using Game Theory
Network Security Validation Using Game Theory Vicky Papadopoulou and Andreas Gregoriades Computer Science and Engineering Dep., European University Cyprus, Cyprus {v.papadopoulou,a.gregoriades}@euc.ac.cy
More informationEquilibrium computation: Part 1
Equilibrium computation: Part 1 Nicola Gatti 1 Troels Bjerre Sorensen 2 1 Politecnico di Milano, Italy 2 Duke University, USA Nicola Gatti and Troels Bjerre Sørensen ( Politecnico di Milano, Italy, Equilibrium
More informationCONTROL SYSTEMS, ROBOTICS AND AUTOMATION Vol. XVI - Fault Accomodation Using Model Predictive Methods - Jovan D. Bošković and Raman K.
FAULT ACCOMMODATION USING MODEL PREDICTIVE METHODS Scientific Systems Company, Inc., Woburn, Massachusetts, USA. Keywords: Fault accommodation, Model Predictive Control (MPC), Failure Detection, Identification
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationThe Predictive Data Mining Revolution in Scorecards:
January 13, 2013 StatSoft White Paper The Predictive Data Mining Revolution in Scorecards: Accurate Risk Scoring via Ensemble Models Summary Predictive modeling methods, based on machine learning algorithms
More informationA Game Theoretic Model to Handle Network Intrusions over Multiple Packets
A Game Theoretic Model to Handle Network Intrusions over Multiple Packets Mona Mehrandish, Chadi M. Assi, and Mourad Debbabi Concordia Institute for Information Systems Engineering Concordia University,
More information6.254 : Game Theory with Engineering Applications Lecture 1: Introduction
6.254 : Game Theory with Engineering Applications Lecture 1: Introduction Asu Ozdaglar MIT February 2, 2010 1 Introduction Optimization Theory: Optimize a single objective over a decision variable x R
More informationPALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management
PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationCommunication and Embedded Systems: Towards a Smart Grid. Radu Stoleru, Alex Sprintson, Narasimha Reddy, and P. R. Kumar
Communication and Embedded Systems: Towards a Smart Grid Radu Stoleru, Alex Sprintson, Narasimha Reddy, and P. R. Kumar Alex Sprintson Smart grid communication Key enabling technology Collecting data Control
More information2011 Cyber Security and the Advanced Persistent Threat A Holistic View
2011 Cyber and the Advanced Persistent Threat A Holistic View Thomas Varney Cybersecurity & Privacy BM Global Business Services 1 31/10/11 Agenda The Threat We Face A View to Addressing the Four Big Problem
More informationReal-Time Systems Versus Cyber-Physical Systems: Where is the Difference?
Real-Time Systems Versus Cyber-Physical Systems: Where is the Difference? Samarjit Chakraborty www.rcs.ei.tum.de TU Munich, Germany Joint work with Dip Goswami*, Reinhard Schneider #, Alejandro Masrur
More informationGerard Mc Nulty Systems Optimisation Ltd gmcnulty@iol.ie/0876697867 BA.,B.A.I.,C.Eng.,F.I.E.I
Gerard Mc Nulty Systems Optimisation Ltd gmcnulty@iol.ie/0876697867 BA.,B.A.I.,C.Eng.,F.I.E.I Data is Important because it: Helps in Corporate Aims Basis of Business Decisions Engineering Decisions Energy
More informationImplementing Large-Scale Autonomic Server Monitoring Using Process Query Systems. Christopher Roblee Vincent Berk George Cybenko
Implementing Large-Scale Autonomic Server Monitoring Using Process Query Systems Christopher Roblee Vincent Berk George Cybenko These slides are based on the paper Implementing Large-Scale Autonomic Server
More informationGETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"
GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats
More informationTracking Groups of Pedestrians in Video Sequences
Tracking Groups of Pedestrians in Video Sequences Jorge S. Marques Pedro M. Jorge Arnaldo J. Abrantes J. M. Lemos IST / ISR ISEL / IST ISEL INESC-ID / IST Lisbon, Portugal Lisbon, Portugal Lisbon, Portugal
More informationQuantifying Seasonal Variation in Cloud Cover with Predictive Models
Quantifying Seasonal Variation in Cloud Cover with Predictive Models Ashok N. Srivastava, Ph.D. ashok@email.arc.nasa.gov Deputy Area Lead, Discovery and Systems Health Group Leader, Intelligent Data Understanding
More informationSystem Aware Cyber Security
System Aware Cyber Security Application of Dynamic System Models and State Estimation Technology to the Cyber Security of Physical Systems Barry M. Horowitz, Kate Pierce University of Virginia April, 2012
More informationGame-Theoretic Analysis of Attack and Defense in Cyber-Physical Network Infrastructures
Proceedings of the Industrial and Systems Engineering Research Conference G. Lim and J.W. Herrmann, eds. Game-Theoretic Analysis of Attack and Defense in Cyber-Physical Network Infrastructures Fei He,
More informationOptimization Under Uncertainty in Online Trading Agents
Optimization Under Uncertainty in Online Trading Agents Michael Benisch Department of Computer Science Brown University, Box 1910 Providence, RI 02912 mbenisch@cs.brown.edu Abstract Reasoning about uncertainty
More informationChange Management in Enterprise IT Systems: Process Modeling and Capacity-optimal Scheduling
Change Management in Enterprise IT Systems: Process Modeling and Capacity-optimal Scheduling Praveen K. Muthusamy, Koushik Kar, Sambit Sahu, Prashant Pradhan and Saswati Sarkar Rensselaer Polytechnic Institute
More informationMETHODOLOGICAL CONSIDERATIONS OF DRIVE SYSTEM SIMULATION, WHEN COUPLING FINITE ELEMENT MACHINE MODELS WITH THE CIRCUIT SIMULATOR MODELS OF CONVERTERS.
SEDM 24 June 16th - 18th, CPRI (Italy) METHODOLOGICL CONSIDERTIONS OF DRIVE SYSTEM SIMULTION, WHEN COUPLING FINITE ELEMENT MCHINE MODELS WITH THE CIRCUIT SIMULTOR MODELS OF CONVERTERS. Áron Szûcs BB Electrical
More informationINTRUSION PREVENTION AND EXPERT SYSTEMS
INTRUSION PREVENTION AND EXPERT SYSTEMS By Avi Chesla avic@v-secure.com Introduction Over the past few years, the market has developed new expectations from the security industry, especially from the intrusion
More informationExpanding the CASEsim Framework to Facilitate Load Balancing of Social Network Simulations
Expanding the CASEsim Framework to Facilitate Load Balancing of Social Network Simulations Amara Keller, Martin Kelly, Aaron Todd 4 June 2010 Abstract This research has two components, both involving the
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationSecurity Optimization of Dynamic Networks with Probabilistic Graph Modeling and Linear Programming
1 Security Optimization of Dynamic Networks with Probabilistic Graph Modeling and Linear Programming Hussain M.J. Almohri, Member, IEEE, Layne T. Watson Fellow, IEEE, Danfeng (Daphne) Yao, Member, IEEE
More informationSecure Way of Storing Data in Cloud Using Third Party Auditor
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 12, Issue 4 (Jul. - Aug. 2013), PP 69-74 Secure Way of Storing Data in Cloud Using Third Party Auditor 1 Miss.
More informationA Web-based Interactive Data Visualization System for Outlier Subspace Analysis
A Web-based Interactive Data Visualization System for Outlier Subspace Analysis Dong Liu, Qigang Gao Computer Science Dalhousie University Halifax, NS, B3H 1W5 Canada dongl@cs.dal.ca qggao@cs.dal.ca Hai
More informationMeasuring the Performance of an Agent
25 Measuring the Performance of an Agent The rational agent that we are aiming at should be successful in the task it is performing To assess the success we need to have a performance measure What is rational
More informationCyber-Physical Systems: Some Food for Thought
Cyber-Physical Systems: Some Food for Thought Ness B. Shroff Electrical and Computer Engineering & Computer Science and Engineering E-mail: shroff.11@osu.edu What is CPS? By NSF: engineered systems that
More informationKalman Filter Applied to a Active Queue Management Problem
IOSR Journal of Electrical and Electronics Engineering (IOSR-JEEE) e-issn: 2278-1676,p-ISSN: 2320-3331, Volume 9, Issue 4 Ver. III (Jul Aug. 2014), PP 23-27 Jyoti Pandey 1 and Prof. Aashih Hiradhar 2 Department
More informationCombating a new generation of cybercriminal with in-depth security monitoring
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
More informationSEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID
SEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID ZBIGNIEW KALBARCZYK EMAIL: KALBARCZ@ILLINOIS.EDU UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN JANUARY 2014
More informationCHAPTER 1 INTRODUCTION
CHAPTER 1 INTRODUCTION Power systems form the largest man made complex system. It basically consists of generating sources, transmission network and distribution centers. Secure and economic operation
More informationMin/Max Inventory Planning for Military Logistics
21st International Congress on Modelling and Simulation, Gold Coast, Australia, 29 Nov to 4 Dec 2015 www.mssanz.org.au/modsim2015 Min/Max Inventory Planning for Military Logistics S. Shekh Defence Science
More informationECON 459 Game Theory. Lecture Notes Auctions. Luca Anderlini Spring 2015
ECON 459 Game Theory Lecture Notes Auctions Luca Anderlini Spring 2015 These notes have been used before. If you can still spot any errors or have any suggestions for improvement, please let me know. 1
More informationCompetitive Analysis of On line Randomized Call Control in Cellular Networks
Competitive Analysis of On line Randomized Call Control in Cellular Networks Ioannis Caragiannis Christos Kaklamanis Evi Papaioannou Abstract In this paper we address an important communication issue arising
More informationInternational Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015
RESEARCH ARTICLE OPEN ACCESS Data Mining Technology for Efficient Network Security Management Ankit Naik [1], S.W. Ahmad [2] Student [1], Assistant Professor [2] Department of Computer Science and Engineering
More informationDetection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup
Network Anomaly Detection A Machine Learning Perspective Dhruba Kumar Bhattacharyya Jugal Kumar KaKta»C) CRC Press J Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor
More informationCore Courses Seminar (0-2) Non-credit Ph.D. Thesis (0-1) Non-credit Special Studies (8-0) Non-credit. Elective Courses
İZMİR INSTITUTE OF TECHNOLOGY GRADUATE SCHOOL OF ENGINEERING AND SCIENCES DEPARTMENT OF COMPUTER ENGINEERING JOINT DOCTORAL PROGRAM IN COMPUTER SCIENCE AND ENGINEERING Core Courses CENG 590 CENG 600 CENG
More informationCSC2420 Fall 2012: Algorithm Design, Analysis and Theory
CSC2420 Fall 2012: Algorithm Design, Analysis and Theory Allan Borodin November 15, 2012; Lecture 10 1 / 27 Randomized online bipartite matching and the adwords problem. We briefly return to online algorithms
More informationA Mathematical Programming Solution to the Mars Express Memory Dumping Problem
A Mathematical Programming Solution to the Mars Express Memory Dumping Problem Giovanni Righini and Emanuele Tresoldi Dipartimento di Tecnologie dell Informazione Università degli Studi di Milano Via Bramante
More informationMSCA 31000 Introduction to Statistical Concepts
MSCA 31000 Introduction to Statistical Concepts This course provides general exposure to basic statistical concepts that are necessary for students to understand the content presented in more advanced
More informationSteve Lusk Alex Amirnovin Tim Collins
Steve Lusk Alex Amirnovin Tim Collins ViaSat Inc. Cyber-intrusion Auto-response and Policy Management System (CAPMS) Cybersecurity for Energy Delivery Systems Peer Review August 5-6, 2014 Summary: Cyber-intrusion
More informationMEng, BSc Computer Science with Artificial Intelligence
School of Computing FACULTY OF ENGINEERING MEng, BSc Computer Science with Artificial Intelligence Year 1 COMP1212 Computer Processor Effective programming depends on understanding not only how to give
More information