Preventive and Reactive Cyber Defense Dynamics Is Globally Stable

  title={Preventive and Reactive Cyber Defense Dynamics Is Globally Stable},
  author={Ren Zheng and Wenlian Lu and Shouhuai Xu},
  journal={IEEE Transactions on Network Science and Engineering},
The recently proposed cybersecurity dynamics approach aims to understand cybersecurity from a holistic perspective by modeling the evolution of the global cybersecurity state. These models describe the interactions between the various kinds of cyber attacks and the various kinds of cyber defenses that take place in complex networks. In this paper, we study a particular kind of cybersecurity dynamics caused by the interactions between two classes of attacks (called push-based attacks and pull… 

Figures and Tables from this paper

Unified Preventive and Reactive Cyber Defense Dynamics Is Still Globally Convergent

This paper unify the aforementioned class of preventive and reactive cyber defense dynamics models and the closely related class of <inline-formula> <tex-math notation="LaTeX">$N$ </tex- Math>-intertwined epidemic models into a single framework and characterize the convergence speed of the unified dynamics.

The Cybersecurity Dynamics Way of Thinking and Landscape

The landscape and way-of-thinking that guide the Cybersecurity Dynamics model are discussed, including two killer applications and the technical barriers that serve as outstanding open problems for future research.

Using Event-Based Method to Estimate Cybersecurity Equilibrium

An event-based method for estimating cybersecurity equilibrium in the preventive and reactive cyber defense dynamics, which has been proven globally convergent, is presented and it is proved that the estimated equilibrium from the trigger rule indeed converges to the equilibrium of the dynamics.

Metrics Towards Measuring Cyber Agility

The first metric framework for measuring cyber agility in terms of the effectiveness of the dynamic evolution of cyber attacks and defenses is proposed, which is generic and applicable to transform any relevant, quantitative, and/or conventional static security metrics into dynamic metrics to capture dynamics of system behaviors.

Security Evaluation of the Cyber Networks Under Advanced Persistent Threats

This paper addresses the issue of evaluating the security of the cyber networks under APTs with a dynamic model capturing the APT-based cyber-attack-defense processes and suggests a new security metric known as the equilibrium security.

Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity

  • Shouhuai Xu
  • Computer Science
    Proactive and Dynamic Network Defense
  • 2019
This chapter systematically introduces and review the Cybersecurity Dynamics foundation for the Science of Cybersecurity, and outlines a research roadmap towards the ultimate research goal, and identified technical barriers that poses challenges to reach the goal.

A Heuristic Method for Network Modification Against Cyber Epidemic Attacks

  • Dingyu YanF. Liu
  • Computer Science
    2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
  • 2019
This paper provides a heuristic method for network modification against the cyber epidemic attack based on theoretical security conditions of the cyber dynamical system and demonstrates that the model can effectively resist multiple cyber epidemic attacks.

Proactive Security for Safety and Sustainability of Mission Critical Systems

This work develops a formal model to proactively ensure safety and sustainability of mission critical systems by deploying a network of observer agents to supervise and generate observation data related to attacks under execution which will be analyzed by a central defense agent.

Quantifying Cybersecurity Effectiveness of Dynamic Network Diversity

A systematic framework for modeling and quantifying the cybersecurity effectiveness of network diversity, including a suite of cybersecurity metrics is proposed and the surprising result that proactive diversity is effective under very special circumstances, but reactive-adaptive diversity is much more effective in most cases is drawn.

Characterizing the Optimal Attack Strategy Decision in Cyber Epidemic Attacks with Limited Resources

A new dynamical framework is proposed by coupling the adversary’s strategy decision model to the cyber epidemic model and it is found that the selective attack strategy can help the adversary accumulate more attack resource compared to the random attack strategy.



Active cyber defense dynamics exhibiting rich phenomena

To the best of the knowledge, this is the first study that shows that active cyber defense dynamics (or more generally, cybersecurity dynamics) can exhibit the bifurcation and chaos phenomena.

A Stochastic Model of Active Cyber Defense Dynamics

This paper proposes a novel Markov process model that is native to the interaction between cyber attack and active cyber defense, and simplifies it, via mean-field approximation, as a dynamical systemmodel that is amenable to analysis.

Cyber Epidemic Models with Dependences

This work introduces the idea of copulas into cyber epidemic models for accommodating the dependences between the cyber attack events, and investigates the epidemic equilibrium thresholds as well as the bounds for both equilibrium and nonequilibrium infection probabilities.

A Stochastic Model for Quantitative Security Analyses of Networked Systems

A stochastic model for quantifying security of networked systems is presented, which captures two aspects of a networked system: the strength of deployed security mechanisms such as intrusion detection systems and the underlying vulnerability graph, which reflects how attacks may proceed.

A new approach to modeling and analyzing security of networked systems

The approach is inspired by the shock model and random environment techniques in the Theory of Reliability, while accommodating security ingredients, and is the first that can accommodate a certain degree of adaptiveness of attacks.

Global dynamics of epidemic spread over complex networks

Conditions under which the second fixed point attracts all non-origin points are given and it is shown that for random Erdös-Rényi graphs this happens with high probability.

A Stochastic Model of Multivirus Dynamics

This paper proposes and analyzes a general model of multivirus spreading dynamics in arbitrary networks, where multiple viruses attempt to infect computers while possibly combating against each other because, for example, they are controlled by multiple botmasters.

An Extended Stochastic Model for Quantitative Security Analysis of Networked Systems

This paper substantially weaken these assumptions while offering, in addition to the same types of analytical results as in [Li et al. 11], methods for obtaining the desired security quantities in practice.

Stability properties of infection diffusion dynamics over directed networks

It is proved that the endemic state is GAS in strongly connected networks when the graph is weakly connected, providing conditions for the existence, uniqueness, and global asymptotic stability of weak and strong endemic states.

The N-intertwined SIS epidemic network model

The N-intertwined virus spread model of the SIS-type is introduced as a promising and analytically tractable model of which the steady-state behavior is fairly completely determined and much insight can be gained that is hidden in the exact Markov model.