-
Quantitative Measurement of Cyber Resilience: Modeling and Experimentation
Authors:
Michael J. Weisman,
Alexander Kott,
Jason E. Ellis,
Brian J. Murphy,
Travis W. Parker,
Sidney Smith,
Joachim Vandekerckhove
Abstract:
Cyber resilience is the ability of a system to resist and recover from a cyber attack, thereby restoring the system's functionality. Effective design and development of a cyber resilient system requires experimental methods and tools for quantitative measuring of cyber resilience. This paper describes an experimental method and test bed for obtaining resilience-relevant data as a system (in our ca…
▽ More
Cyber resilience is the ability of a system to resist and recover from a cyber attack, thereby restoring the system's functionality. Effective design and development of a cyber resilient system requires experimental methods and tools for quantitative measuring of cyber resilience. This paper describes an experimental method and test bed for obtaining resilience-relevant data as a system (in our case -- a truck) traverses its route, in repeatable, systematic experiments. We model a truck equipped with an autonomous cyber-defense system and which also includes inherent physical resilience features. When attacked by malware, this ensemble of cyber-physical features (i.e., "bonware") strives to resist and recover from the performance degradation caused by the malware's attack. We propose parsimonious mathematical models to aid in quantifying systems' resilience to cyber attacks. Using the models, we identify quantitative characteristics obtainable from experimental data, and show that these characteristics can serve as useful quantitative measures of cyber resilience.
△ Less
Submitted 28 March, 2023;
originally announced March 2023.
-
An Experimentation Infrastructure for Quantitative Measurements of Cyber Resilience
Authors:
Jason E. Ellis,
Travis W. Parker,
Joachim Vandekerckhove,
Brian J. Murphy,
Sidney Smith,
Alexander Kott,
Michael J. Weisman
Abstract:
The vulnerability of cyber-physical systems to cyber attack is well known, and the requirement to build cyber resilience into these systems has been firmly established. The key challenge this paper addresses is that maturing this discipline requires the development of techniques, tools, and processes for objectively, rigorously, and quantitatively measuring the attributes of cyber resilience. Rese…
▽ More
The vulnerability of cyber-physical systems to cyber attack is well known, and the requirement to build cyber resilience into these systems has been firmly established. The key challenge this paper addresses is that maturing this discipline requires the development of techniques, tools, and processes for objectively, rigorously, and quantitatively measuring the attributes of cyber resilience. Researchers and program managers need to be able to determine if the implementation of a resilience solution actually increases the resilience of the system. In previous work, a table top exercise was conducted using a notional heavy vehicle on a fictitious military mission while under a cyber attack. While this exercise provided some useful data, more and higher fidelity data is required to refine the measurement methodology. This paper details the efforts made to construct a cost-effective experimentation infrastructure to provide such data. It also presents a case study using some of the data generated by the infrastructure.
△ Less
Submitted 15 February, 2023;
originally announced February 2023.
-
Piecewise Linear and Stochastic Models for the Analysis of Cyber Resilience
Authors:
Michael J. Weisman,
Alexander Kott,
Joachim Vandekerckhove
Abstract:
We model a vehicle equipped with an autonomous cyber-defense system in addition to its inherent physical resilience features. When attacked, this ensemble of cyber-physical features (i.e., ``bonware'') strives to resist and recover from the performance degradation caused by the malware's attack. We model the underlying differential equations governing such attacks for piecewise linear characteriza…
▽ More
We model a vehicle equipped with an autonomous cyber-defense system in addition to its inherent physical resilience features. When attacked, this ensemble of cyber-physical features (i.e., ``bonware'') strives to resist and recover from the performance degradation caused by the malware's attack. We model the underlying differential equations governing such attacks for piecewise linear characterizations of malware and bonware, develop a discrete time stochastic model, and show that averages of instantiations of the stochastic model approximate solutions to the continuous differential equation. We develop a theory and methodology for approximating the parameters associated with these equations.
△ Less
Submitted 16 February, 2023; v1 submitted 9 February, 2023;
originally announced February 2023.
-
Mathematical Modeling of Cyber Resilience
Authors:
Alexander Kott,
Michael J. Weisman,
Joachim Vandekerckhove
Abstract:
We identify quantitative characteristics of responses to cyber compromises that can be learned from repeatable, systematic experiments. We model a vehicle equipped with an autonomous cyber-defense system and which also has some inherent physical resilience features. When attacked by malware, this ensemble of cyber-physical features (i.e., "bonware") strives to resist and recover from the performan…
▽ More
We identify quantitative characteristics of responses to cyber compromises that can be learned from repeatable, systematic experiments. We model a vehicle equipped with an autonomous cyber-defense system and which also has some inherent physical resilience features. When attacked by malware, this ensemble of cyber-physical features (i.e., "bonware") strives to resist and recover from the performance degradation caused by the malware's attack. We propose parsimonious continuous models, and develop stochastic models to aid in quantifying systems' resilience to cyber attacks.
△ Less
Submitted 27 February, 2023; v1 submitted 8 February, 2023;
originally announced February 2023.
-
Generating Practical Adversarial Network Traffic Flows Using NIDSGAN
Authors:
Bolor-Erdene Zolbayar,
Ryan Sheatsley,
Patrick McDaniel,
Michael J. Weisman,
Sencun Zhu,
Shitong Zhu,
Srikanth Krishnamurthy
Abstract:
Network intrusion detection systems (NIDS) are an essential defense for computer networks and the hosts within them. Machine learning (ML) nowadays predominantly serves as the basis for NIDS decision making, where models are tuned to reduce false alarms, increase detection rates, and detect known and unknown attacks. At the same time, ML models have been found to be vulnerable to adversarial examp…
▽ More
Network intrusion detection systems (NIDS) are an essential defense for computer networks and the hosts within them. Machine learning (ML) nowadays predominantly serves as the basis for NIDS decision making, where models are tuned to reduce false alarms, increase detection rates, and detect known and unknown attacks. At the same time, ML models have been found to be vulnerable to adversarial examples that undermine the downstream task. In this work, we ask the practical question of whether real-world ML-based NIDS can be circumvented by crafted adversarial flows, and if so, how can they be created. We develop the generative adversarial network (GAN)-based attack algorithm NIDSGAN and evaluate its effectiveness against realistic ML-based NIDS. Two main challenges arise for generating adversarial network traffic flows: (1) the network features must obey the constraints of the domain (i.e., represent realistic network behavior), and (2) the adversary must learn the decision behavior of the target NIDS without knowing its model internals (e.g., architecture and meta-parameters) and training data. Despite these challenges, the NIDSGAN algorithm generates highly realistic adversarial traffic flows that evade ML-based NIDS. We evaluate our attack algorithm against two state-of-the-art DNN-based NIDS in whitebox, blackbox, and restricted-blackbox threat models and achieve success rates which are on average 99%, 85%, and 70%, respectively. We also show that our attack algorithm can evade NIDS based on classical ML models including logistic regression, SVM, decision trees and KNNs, with a success rate of 70% on average. Our results demonstrate that deploying ML-based NIDS without careful defensive strategies against adversarial flows may (and arguably likely will) lead to future compromises.
△ Less
Submitted 13 March, 2022;
originally announced March 2022.
-
On the Robustness of Domain Constraints
Authors:
Ryan Sheatsley,
Blaine Hoak,
Eric Pauley,
Yohan Beugin,
Michael J. Weisman,
Patrick McDaniel
Abstract:
Machine learning is vulnerable to adversarial examples-inputs designed to cause models to perform poorly. However, it is unclear if adversarial examples represent realistic inputs in the modeled domains. Diverse domains such as networks and phishing have domain constraints-complex relationships between features that an adversary must satisfy for an attack to be realized (in addition to any adversa…
▽ More
Machine learning is vulnerable to adversarial examples-inputs designed to cause models to perform poorly. However, it is unclear if adversarial examples represent realistic inputs in the modeled domains. Diverse domains such as networks and phishing have domain constraints-complex relationships between features that an adversary must satisfy for an attack to be realized (in addition to any adversary-specific goals). In this paper, we explore how domain constraints limit adversarial capabilities and how adversaries can adapt their strategies to create realistic (constraint-compliant) examples. In this, we develop techniques to learn domain constraints from data, and show how the learned constraints can be integrated into the adversarial crafting process. We evaluate the efficacy of our approach in network intrusion and phishing datasets and find: (1) up to 82% of adversarial examples produced by state-of-the-art crafting algorithms violate domain constraints, (2) domain constraints are robust to adversarial examples; enforcing constraints yields an increase in model accuracy by up to 34%. We observe not only that adversaries must alter inputs to satisfy domain constraints, but that these constraints make the generation of valid adversarial examples far more challenging.
△ Less
Submitted 7 November, 2021; v1 submitted 18 May, 2021;
originally announced May 2021.
-
Adversarial Examples in Constrained Domains
Authors:
Ryan Sheatsley,
Nicolas Papernot,
Michael Weisman,
Gunjan Verma,
Patrick McDaniel
Abstract:
Machine learning algorithms have been shown to be vulnerable to adversarial manipulation through systematic modification of inputs (e.g., adversarial examples) in domains such as image recognition. Under the default threat model, the adversary exploits the unconstrained nature of images; each feature (pixel) is fully under control of the adversary. However, it is not clear how these attacks transl…
▽ More
Machine learning algorithms have been shown to be vulnerable to adversarial manipulation through systematic modification of inputs (e.g., adversarial examples) in domains such as image recognition. Under the default threat model, the adversary exploits the unconstrained nature of images; each feature (pixel) is fully under control of the adversary. However, it is not clear how these attacks translate to constrained domains that limit which and how features can be modified by the adversary (e.g., network intrusion detection). In this paper, we explore whether constrained domains are less vulnerable than unconstrained domains to adversarial example generation algorithms. We create an algorithm for generating adversarial sketches: targeted universal perturbation vectors which encode feature saliency within the envelope of domain constraints. To assess how these algorithms perform, we evaluate them in constrained (e.g., network intrusion detection) and unconstrained (e.g., image recognition) domains. The results demonstrate that our approaches generate misclassification rates in constrained domains that were comparable to those of unconstrained domains (greater than 95%). Our investigation shows that the narrow attack surface exposed by constrained domains is still sufficiently large to craft successful adversarial examples; and thus, constraints do not appear to make a domain robust. Indeed, with as little as five randomly selected features, one can still generate adversarial examples.
△ Less
Submitted 9 September, 2022; v1 submitted 2 November, 2020;
originally announced November 2020.
-
Git Blame Who?: Stylistic Authorship Attribution of Small, Incomplete Source Code Fragments
Authors:
Edwin Dauber,
Aylin Caliskan,
Richard Harang,
Gregory Shearer,
Michael Weisman,
Frederica Nelson,
Rachel Greenstadt
Abstract:
Program authorship attribution has implications for the privacy of programmers who wish to contribute code anonymously. While previous work has shown that complete files that are individually authored can be attributed, we show here for the first time that accounts belonging to open source contributors containing short, incomplete, and typically uncompilable fragments can also be effectively attri…
▽ More
Program authorship attribution has implications for the privacy of programmers who wish to contribute code anonymously. While previous work has shown that complete files that are individually authored can be attributed, we show here for the first time that accounts belonging to open source contributors containing short, incomplete, and typically uncompilable fragments can also be effectively attributed.
We propose a technique for authorship attribution of contributor accounts containing small source code samples, such as those that can be obtained from version control systems or other direct comparison of sequential versions. We show that while application of previous methods to individual small source code samples yields an accuracy of about 73% for 106 programmers as a baseline, by ensembling and averaging the classification probabilities of a sufficiently large set of samples belonging to the same author we achieve 99% accuracy for assigning the set of samples to the correct author. Through these results, we demonstrate that attribution is an important threat to privacy for programmers even in real-world collaborative environments such as GitHub. Additionally, we propose the use of calibration curves to identify samples by unknown and previously unencountered authors in the open world setting. We show that we can also use these calibration curves in the case that we do not have linking information and thus are forced to classify individual samples directly. This is because the calibration curves allow us to identify which samples are more likely to have been correctly attributed. Using such a curve can help an analyst choose a cut-off point which will prevent most misclassifications, at the cost of causing the rejection of some of the more dubious correct attributions.
△ Less
Submitted 25 July, 2019; v1 submitted 19 January, 2017;
originally announced January 2017.