Dynamical model for individual defence against cyber epidemic attacks
Authors: 
Dingyu Yan, Feng Liu, Yaqin Zhang, Kun JiaAuthors Info & Claims
Dingyu Yan, Feng Liu, Yaqin Zhang, Kun JiaAuthors Info & ClaimsPages 541 - 551
Abstract
When facing the on‐going cyber epidemic threats, individuals usually set up cyber defences to protect their own devices. In general, the individual‐level cyber defence is considered to mitigate the cyber threat to some extent. However, few previous studies focus on the interaction between individual‐level defence and cyber epidemic attack from the perspective of dynamics. In this study, the authors propose a two‐way dynamical framework by coupling the individual defence model with the cyber epidemic model to study the interaction between the network security situation and individual‐level defence decision. A new individual‐based heterogeneous model for cyber epidemic attacks is established to emphasise the individual heterogeneity in defence strategy. In the meanwhile, a Markov decision process is used to characterise the defence decision in the individual defence decision model. The theoretical and numerical results illustrate that the individual‐level defence can dampen the cyber epidemic attack, but the current network security situation, in turn, influences the individual defence decision. Moreover, they obtain a glimpse of the network security situation and the individual defence with respect to different cyber epidemic scenarios.
7 References
[1]
Chen, Q., Bridges, R.A.: ‘Automated behavioral analysis of malware: a case study of Wannacry ransomware’. IEEE Int. Conf. on Machine Learning and Applications, Cancun, Mexico, 2017, pp. 454–460
[2]
Ernst and Young : ‘Global information security survey 2015’, 2016. Available at http://www.ey.com/Publication/vwLUAssets/ey‐global‐information‐security‐survey‐2015/$FILE/ey‐global‐information‐security‐survey‐2015.pdf
[3]
A. Comparatives : ‘It security survey 2017’, 2017. Available at https://www.av‐comparatives.org/wp‐content/uploads/2017/01/security_survey2017_en.pdf
[4]
Castillo‐Chavez, C., Brauer, F.: ‘Mathematical models in population biology and epidemiology’ (Springer, New York, 2012)
[5]
Nowzari, C., Preciado, V.M., Pappas, G.J.: ‘Analysis and control of epidemics: a survey of spreading processes on complex networks’, IEEE Control Syst., 2016, 36, (1), pp. 26–46
[6]
Pastor‐Satorras, R., Vespignani, A.: ‘Epidemic spreading in scale‐free networks’, Phys. Rev. Lett., 2001, 86, (14), p. 3200
[7]
Van Mieghem, P., Omic, J., Kooij, R.: ‘Virus spread in networks’, IEEE/ACM Trans. Netw., 2009, 17, (1), pp. 1–14
[8]
Tambe, M.: ‘Security and game theory: algorithms, deployed systems, lessons learned’ (Cambridge University Press, Cambridge, UK, 2011)
[9]
Pita, J., John, R., Maheswaran, R. et al: ‘A robust approach to addressing human adversaries in security games’. Proc. 20th European Conf. on Artificial Intelligence, Montpellier, France, 2012, pp. 660–665
[10]
Yang, R., Kiekintveld, C., Ordóñez, F. et al: ‘Improving resource allocation strategies against human adversaries in security games: an extended study’, Artif. Intell., 2013, 195, pp. 440–469
[11]
Anderson, R.M., May, R.M., Anderson, B.: ‘Infectious diseases of humans: dynamics and control’, Wiley Online Library, vol. 28, 1992
[12]
Pastor‐Satorras, R., Castellano, C., Van Mieghem, P. et al: ‘Epidemic processes in complex networks’, Rev. Mod. Phys., 2015, 87, (3), p. 925
[13]
Kephart, J.O., White, S.R.: ‘Directed‐graph epidemiological models of computer viruses’. 1991 IEEE Computer Society Symp. on Research in Security and Privacy Proc., Oakland, USA, 1991, pp. 343–359
[14]
Wang, Y., Chakrabarti, D., Wang, C. et al: ‘Epidemic spreading in real networks: an eigenvalue viewpoint’. IEEE Proc. 22nd Int. Symp. on Reliable Distributed Systems, Florence, Italy, 2003, pp. 25–34
[15]
Chakrabarti, D., Wang, Y., Wang, C. et al: ‘Epidemic thresholds in real networks’, ACM Trans. Inf. Syst. Secur. (TISSEC), 2008, 10, (4), p. 1
[16]
Xu, S., Lu, W., Xu, L.: ‘Push‐and pull‐based epidemic spreading in networks: thresholds and deeper insights’, ACM Trans. Auton. Adapt. Syst. (TAAS), 2012, 7, (3), p. 32
[17]
Cai, G.L., Wang, B.S., Wei, H.U. et al: ‘Moving target defense: state of the art and characteristics’, Front. Inf. Technol. Electron. Eng., 2016, 17, (11), pp. 1122–1153
[18]
Jafarian, J.H., Al‐Shaer, E., Duan, Q.: ‘Openflow random host mutation: transparent moving target defense using software defined networking’. The Workshop on Hot Topics in Software Defined Networks, Helsinki, Finland, 2012, pp. 127–132
[19]
Luo, Y.B., Wang, B.S., Wang, X.F. et al: ‘RPAH: random port and address hopping for thwarting internal and external adversaries’. IEEE Trustcom/Bigdatase/ISPA, Helsinki, Finland, 2015, pp. 263–270
[20]
Okhravi, H., Comella, A., Robinson, E. et al: ‘Creating a cyber moving target for critical infrastructure applications’, Int. J. Crit. Infrastruct. Prot., 2012, 5, (1), pp. 30–39
[21]
Giuffrida, C., Kuijsten, A., Tanenbaum, A.S.: ‘Enhanced operating system security through efficient and fine‐grained address space randomization’. Proc. Usenix Security Symp., Bellevue, USA, 2012, p. 40
[22]
Jackson, T., Salamat, B., Homescu, A. et al: ‘Compiler‐generated software diversity’, Adv. Inf. Secur., 2011, 54, pp. 77–98
[23]
Okhravi, H., Hobson, T., Bigelow, D. et al: ‘Finding focus in the blur of moving‐target techniques’, IEEE Secur. Priv., 2014, 12, (2), pp. 16–26
[24]
Han, Y., Lu, W., Xu, S.: ‘Characterizing the power of moving target defense via cyber epidemic dynamics’. Proc. 2014 Symp. and Bootcamp on the Science of Security, Raleigh, USA, 2014, p. 10
[25]
Maleki, H., Valizadeh, S., Koch, W. et al: ‘Markov modeling of moving target defense games’. Proc. 2016 ACM Workshop on Moving Target Defense, Vienna, Austria, 2016, pp. 81–92
[26]
Vadlamudi, S.G., Sengupta, S., Taguinod, M. et al: ‘Moving target defense for web applications using Bayesian Stackelberg games’. Proc. 2016 Int. Conf. on Autonomous Agents & Multiagent Systems, Singapore, 2016, pp. 1377–1378
[27]
Campbell, R.M., Padayachee, K., Masombuka, T.: ‘A survey of honeypot research: trends and opportunities’. 10th Int. Conf. for Internet Technology and Secured Transactions (ICITST), London, UK, 2015, pp. 208–212
[28]
Fan, W., Du, Z., Fernández, D. et al: ‘Enabling an anatomic view to investigate honeypot systems: a survey’, IEEE Syst. J., 2017, PP, (99), pp. 1–14
[29]
Nawrocki, M., Wählisch, M., Schmidt, T.C. et al: ‘A survey on honeypot software and data analysis’, 2016, arXiv preprint arXiv:1608.06249
[30]
Wang, Z., Andrews, M.A., Wu, Z.‐X. et al: ‘Coupled disease–behavior dynamics on complex networks: a review’, Phys. Life Rev., 2015, 15, pp. 1–29
[31]
Fu, F., Rosenbloom, D.I., Wang, L. et al: ‘Imitation dynamics of vaccination behaviour on social networks’, Proc. Biol. Sci., 2011, 278, (1702), p. 42
[32]
Zhang, H.‐F., Yang, Z., Wu, Z.‐X. et al: ‘Braess's paradox in epidemic game: better condition results in less payoff’, Sci. Rep., 2013, 3, p. 3292
[33]
Kiss, I.Z., Cassell, J., Recker, M. et al: ‘The impact of information transmission on epidemic outbreaks’, Math. Biosci., 2010, 225, (1), pp. 1–10
[34]
Preciado, V.M., Zargham, M., Enyioha, C. et al: ‘Optimal vaccine allocation to control epidemic outbreaks in arbitrary networks’. 2013 IEEE 52nd Annual Conf. on Decision and Control (CDC), Florence, Italy, 2013, pp. 7486–7491
[35]
Van Mieghem, P.: ‘Performance analysis of complex networks and systems’ (Cambridge University Press, Cambridge, UK, 2014)
[36]
Theys, J.: ‘Joint spectral radius: theory and approximations’. PhD dissertation, Universite Catholique de Louvain, 2005
[37]
Cohen, J.E.: ‘Random evolutions and the spectral radius of a non‐negative matrix’, Math. Proc. Camb. Philos. Soc., 1979, 86, (2), pp. 345–350
[38]
Stavova, V., Matyas, V., Just, M. et al: ‘Factors influencing the purchase of security software for mobile devices – case study’, Infocommun. J., 2017, 9, (1), pp. 18–23
[39]
A. Comparatives : ‘Review of free antivirus software 2017’, 2017, Available at https://www.av‐comparatives.org/tests/review‐of‐free‐antivirus‐software‐2017/
Recommendations
Automatic control method of DDoS defense policy through the monitoring of system resource
AICT'11: Proceedings of the 2nd international conference on Applied informatics and computing theoryIn these day, we obtain various information through internet services and the distributed denial-of-service (DDoS) attacks for threatening the services are socially and economically serious threats. Recently, the attacks that occurred in July 2009 ...
A methodological review on attack and defense strategies in cyber warfare
Cyberspace is an integration of cyber physical system components that integrates computation, networking, physical processes, embedded computers and network monitors which uses feedback loops for controlling the processes where the computations are ...
Reinforcement Learning for Adaptive Cyber Defense Against Zero-Day Attacks
Adversarial and Uncertain Reasoning for Adaptive Cyber DefenseAbstractIn this chapter, we leverage reinforcement learning as a unified framework to design effective adaptive cyber defenses against zero-day attacks. Reinforcement learning is an integration of control theory and machine learning. A salient feature of ...
Comments
Information & Contributors
Information
Published In
© 2020 The Institution of Engineering and Technology.
Publisher
John Wiley & Sons, Inc.
United States
Publication History
Published: 01 November 2019
Author Tags
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 06 Nov 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in