skip to main content
10.1145/3411496.3421225acmconferencesArticle/Chapter ViewAbstractPublication PagesicseConference Proceedingsconference-collections
research-article
Public Access

The Cybersecurity Dynamics Way of Thinking and Landscape

Published: 09 November 2020 Publication History

Abstract

The Cybersecurity Dynamics framework offers an approach to systematically understanding, characterizing, quantifying and managing cybersecurity from a holistic perspective. The framework looks into cyberspace through the dynamics lens because environments in cyberspace often evolve with time (e.g., software vulnerabilities, attack capabilities, defense capabilities, and cybersecurity states). The dynamics lens offers a unique viewpoint, which guides the modeling of the various situations which evolve with respect to cybersecurity. This type of evolution is driven by attackers, defenders, and users of related systems and is manifested by their attack/defense/use activities. Since its inception in 2014, there has been significant progress in characterizing and taming various kinds of cybersecurity dynamics. In this paper we discuss the landscape and way-of-thinking that guide the Cybersecurity Dynamics model, including two killer applications and the technical barriers that serve as outstanding open problems for future research.

References

[1]
R. Anderson and R. May. 1991. Infectious Diseases of Humans. Oxford University Press.
[2]
N. Bailey. 1975. The Mathematical Theory of Infectious Diseases and Its Applications.2nd Edition. Griffin, London.
[3]
A. Barrat, M. Barthlemy, and A. Vespignani. 2008. Dynamical Processes on Complex Networks.Cambridge University Press.
[4]
Nathaniel Boggs, Senyao Du, and SalvatoreJ. Stolfo. [n.d.]. Measuring Drive-by Download Defense in Depth. In Proc. RAID'14. 172--191.
[5]
John Boyd. 28 June 1995. The Essence of Winning and Losing.
[6]
N. Carlini and D. Wagner. 2017. Towards Evaluating the Robustness of Neural Networks. In IEEE Symposium on Security and Privacy. 39--57.
[7]
J. Charlton, P. Du, J. Cho, and S. Xu. 2018. Measuring Relative Accuracy of Malware Detectors in the Absence of Ground Truth. In IEEE MILCOM.
[8]
H. Chen, J. Cho, and S. Xu. 2018a. Quantifying the security effectiveness of firewalls and DMZs. In Proc. HoTSoS'2018. 9:1--9:11.
[9]
H. Chen, J. Cho, and S. Xu. 2018b. Quantifying the security effectiveness of network diversity. In Proc. HoTSoS'2018. 24:1.
[10]
H. Chen, M. Pendleton, L. Njilla, and S. Xu. 2020. A Survey on Ethereum Systems Security: Vulnerabilities, Attacks, and Defenses. ACM Comput. Surv., Vol. 53, 3 (2020), 67:1--67:43.
[11]
L. Chen, S. Hou, Y. Ye, and S. Xu. 2018c. DroidEye: Fortifying Security of Learning-based Classifier against Adversarial Android Malware Attacks. In Proc. 2018 IEEE/ACM ASONAM. 782--789.
[12]
Y. Chen, Z. Huang, S. Xu, and Y. Lai. 2015. Spatiotemporal patterns and predictability of cyberattacks. PLoS One, Vol. 10, 5 (05 2015), e0124472.
[13]
Y. Cheng, J. Deng, J. Li, S. DeLoach, A. Singhal, and X. Ou. 2014. Metrics of Security. In Cyber Defense and Situational Awareness. 263--295.
[14]
J. Cho, P. Hurley, and S. Xu. 2016. Metrics and Measurement of Trustworthy Systems. In IEEE Military Communication Conference (MILCOM 2016).
[15]
J. Cho, S. Xu, P. Hurley, M. Mackay, T. Benjamin, and M. Beaumont. 2019. STRAM: Measuring the Trustworthiness of Computer-Based Systems. ACM Comput. Surv., Vol. 51, 6 (2019), 128:1--128:47.
[16]
INFOSEC Research Council. 2007. Hard Problem List. http://www.infosec-research.org/docs_public/20051130-IRC-HPL-FINAL.pdf.
[17]
G. Da, M. Xu, and S. Xu. 2014. A New Approach to Modeling and Analyzing Security of Networked Systems. In Proc. HotSoS'14. 6:1--6:12.
[18]
W. Dai, P. Parker, H. Jin, and S. Xu. 2012. Enhancing Data Trustworthiness via Assured Digital Signing. IEEE TDSC, Vol. 9, 6 (2012), 838--851.
[19]
Y. Desmedt and Y. Frankel. 1989. Threshold cryptosystems. In Crypto. 307--315.
[20]
X. Ding, G. Tsudik, and S. Xu. 2004. Leak-Free Group Signatures with Immediate Revocation. In Proc. ICDCS. 608--615.
[21]
Y. Dodis, J. Katz, S. Xu, and M. Yung. 2002. Key-Insulated Public Key Cryptosystems. In Proc. EUROCRYPT. 65--82.
[22]
Y. Dodis, J. Katz, S. Xu, and M. Yung. 2003. Strong Key-Insulated Signature Schemes. In Public Key Cryptography (PKC'03). 130--144.
[23]
Y. Dodis, W. Luo, S. Xu, and M. Yung. 2012. Key-insulated symmetric key cryptography and mitigating attacks against cryptographic cloud software. In Proc. ASIACCS'12.
[24]
P. Du, Z. Sun, H. Chen, J. H. Cho, and S. Xu. 2018. Statistical Estimation of Malware Detection Metrics in the Absence of Ground Truth. IEEE T-IFS, Vol. 13, 12 (2018), 2965--2980.
[25]
X. Fang, M. Xu, S. Xu, and P. Zhao. 2019. A deep learning framework for predicting cyber attacks rates. EURASIP J. Information Security, Vol. 2019 (2019), 5.
[26]
Z. Fang, M. Xu, S. Xu, and T. Hu. 2020. Framework for Predicting Data Breach Risk: Leveraging Dependence to Cope with Sparsity. manuscript (2020).
[27]
E. Ficke, K. Schweitzer, R. Bateman, and S. Xu. 2018. Characterizing the Effectiveness of Network-Based Intrusion Detection Systems. In MILCOM. 76--81.
[28]
E. Ficke, K. Schweitzer, R. Bateman, and S. Xu. 2019. Analyzing Root Causes of Intrusion Detection False-Negatives: Methodology and Case Study. In MILCOM.
[29]
A. Ganesh, L. Massoulie, and D. Towsley. 2005. The Effect of Network Topology on the Spread of Epidemics. In Proceedings of IEEE Infocom 2005.
[30]
Richard Garcia-Lebron, David J Myers, Shouhuai Xu, and Jie Sun. 2019. Node diversification in complex networks by decentralized colouring. Journal of Complex Networks, Vol. 7, 4 (5 2019), 554--563.
[31]
S. Goldwasser and S. Micali. 1982. Probabilistic Encryption and How to Play Mental Poker Keeping Secret All Partial Information. In ACM STOC. 365--377.
[32]
S. Goldwasser, S. Micali, and C. Rackoff. 1985. The knowledge complexity of interactive proof-systems. In ACM STOC. 291--304.
[33]
G. Grieco, G. Grinblat, L. Uzal, S. Rawat, J. Feist, and L. Mounier. 2016. Toward large-scale vulnerability discovery using machine learning. In ACM CODASPY. 85--96.
[34]
L. Guan, J. Lin, B. Luo, J. Jing, and J. Wang. 2015. Protecting Private Keys Against Memory Disclosure Attacks Using Hardware Transactional Memory. In IEEE Symposium on Security and Privacy. 3--19.
[35]
Y. Han, W. Lu, and S. Xu. 2014. Characterizing the Power of Moving Target Defense via Cyber Epidemic Dynamics. In HotSoS. 1--12.
[36]
Yujuan Han, Wenlian Lu, and Shouhuai Xu. 2020. Preventive and Reactive Cyber Defense Dynamics with Ergodic Time-dependent Parameters Is Globally Attractive. CoRR, Vol. abs/2001.07958 (2020).
[37]
K. Harrison and S. Xu. 2007. Protecting Cryptographic Keys from Memory Disclosures. In IEEE/IFIP DSN'07. 137--143.
[38]
C. Herley and P. C. v. Oorschot. 2017. SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit. In 2017 IEEE Symposium on Security and Privacy (SP). 99--120.
[39]
A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk, and M. Yung. 1997. Proactive public key and signature schemes. In Proc. ACM CCS. 100--110.
[40]
H. Hethcote. 2000. The Mathematics of Infectious Diseases. SIAM Rev., Vol. 42, 4 (2000), 599--653.
[41]
J. Homer, S. Zhang, X. Ou, D. Schmidt, Y. Du, S. Rajagopalan, and A. Singhal. 2013. Aggregating vulnerability metrics in enterprise networks using attack graphs. J. Comput. Secur., Vol. 21, 4 (2013), 561--597.
[42]
K. Hoover. 2010. Idealizing Reduction: The Microfoundations of Macroeconomics. Erkenntnis, Vol. 73 (2010), 329--347. Issue 3.
[43]
E. Hutchins, M. Cloppert, and R. Amin. 2011. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. In International Conference on Information Warfare and Security.
[44]
G. Itkis and L. Reyzin. 2002. SiBIR: Signer-Base Intrusion-Resilient Signatures. In Crypto'02. 499--514.
[45]
A. Kantchelian, M. Tschantz, S. Afroz, B. Miller, V. Shankar, R. Bachwani, A. Joseph, and J. Tygar. 2015. Better Malware Ground Truth: Techniques for Weighting Anti-Virus Vendor Labels. In Proc. AISec. 45--56.
[46]
J. Kephart and S. White. 1991. Directed-Graph Epidemiological Models of Computer Viruses. In IEEE Symposium on Security and Privacy. 343--361.
[47]
J. Kephart and S. White. 1993. Measuring and Modeling Computer Virus Prevalence. In IEEE Symposium on Security and Privacy. 2--15.
[48]
W. Kermack and A. McKendrick. 1927. A Contribution to the Mathematical Theory of Epidemics. Proc. of Roy. Soc. Lond. A, Vol. 115 (1927), 700--721.
[49]
Seulbae Kim, Seunghoon Woo, Heejo Lee, and Hakjoo Oh. 2017. VUDDY: a scalable approach for vulnerable code clone discovery. In Proceedings of 2017 IEEE Symposium on Security and Privacy, San Jose, CA, USA. 595--614.
[50]
Alexander Kott. 2014. Towards Fundamental Science of Cyber Security. Springer New York, New York, NY, 1--13.
[51]
Alexander Kott. 2018. Challenges and Characteristics of Intelligent Autonomy for Internet of Battle Things in Highly Adversarial Environments. In 2018 AAAI Spring Symposia. AAAI Press.
[52]
Alexander Kott and Ethan Stump. 2019. Intelligent Autonomous Things on the Battlefield. CoRR, Vol. abs/1902.10086 (2019).
[53]
A. Kott and P. Thé ron. 2020. Doers, Not Watchers: Intelligent Autonomous Agents Are a Path to Cyber Resilience. IEEE Secur. Priv., Vol. 18, 3 (2020), 62--66.
[54]
D. Li, Q. Li, Y. Ye, and S. Xu. 2020 a. Enhancing Deep Neural Networks Against Adversarial Malware Examples. CoRR, Vol. abs/2004.07919 (2020).
[55]
D. Li, Q. Li, Y. Ye, and S. Xu. 2020 b. SoK: Arms Race in Adversarial Malware Detection. CoRR, Vol. abs/2005.11671 (2020).
[56]
X. Li, P. Parker, and S. Xu. 2007. Towards Quantifying the (In)Security of Networked Systems. In 21st IEEE International Conference on Advanced Information Networking and Applications (AINA'07). 420--427.
[57]
Xiaohu Li, Paul Parker, and Shouhuai Xu. 2011. A Stochastic Model for Quantitative Security Analyses of Networked Systems. IEEE Transactions on Dependable and Secure Computing, Vol. 8, 1 (2011), 28--43.
[58]
Zhen Li, Deqing Zou, Shouhuai Xu, Zhaoxuan Chen, Yawei Zhu, and Hai Jin. 2020 c. VulDeeLocator: A Deep Learning-based Fine-grained Vulnerability Detector. CoRR, Vol. abs/2001.02350 (2020).
[59]
Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Hanchao Qi, and Jie Hu. 2016. VulPecker: an automated vulnerability detection system based on code similarity analysis. In Proceedings of the 32nd Annual Conference on Computer Security Applications, Los Angeles, CA, USA. 201--213.
[60]
Z. Li, D. Zou, S. Xu, H. Jin, Y. Zhu, Z. Chen, S. Wang, and J. Wang. 2018a. SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities. CoRR, Vol. abs/1807.06756 (2018).
[61]
Z. Li, D. Zou, S. Xu, X. Ou, H. Jin, S. Wang, Z. Deng, and Y. Zhong. 2018b. VulDeePecker: A Deep Learning-Based System for Vulnerability Detection. In Proc. NDSS'18.
[62]
T. Liggett. 1985. Interacting Particle Systems. Springer.
[63]
Zongzong Lin, Wenlian Lu, and Shouhuai Xu. 2019. Unified Preventive and Reactive Cyber Defense Dynamics Is Still Globally Convergent. IEEE/ACM Trans. Netw., Vol. 27, 3 (2019), 1098--1111.
[64]
W. Lu, S. Xu, and X. Yi. 2013. Optimizing Active Cyber Defense Dynamics. In Proc. GameSec'13. 206--225.
[65]
M. Lucia, A. Newcomb, and A. Kott. 2019. Features and Operation of an Autonomous Agent for Cyber Defense. CoRR, Vol. abs/1905.05253 (2019).
[66]
T. Malkin, D. Micciancio, and S. Miner. 2002. Efficient Generic Forward-Secure Signatures with an Unbounded Number Of Time Periods. In Proc. EUROCRYPT 2002 (Lecture Notes in Computer Science). 400--417.
[67]
A. McKendrick. 1926. Applications of Mathematics to Medical Problems. Proc. of Edin. Math. Soceity, Vol. 14 (1926), 98--130.
[68]
J. Mireles, E. Ficke, J. Cho, P. Hurley, and S. Xu. 2019. Metrics Towards Measuring Cyber Agility. IEEE T-IFS, Vol. 14, 12 (2019), 3217--3232.
[69]
A. Mohaisen and O. Alrawi. 2014. AV-Meter: An Evaluation of Antivirus Scans and Labels. In Proc. DIMVA. 112--131.
[70]
Jose Morales, Shouhuai Xu, and Ravi Sandhu. 2012. Analyzing Malware Detection Efficiency with Multiple Anti-Malware Programs. In Proc. CyberSecurity.
[71]
Y. Moreno, R. Pastor-Satorras, and A. Vespignani. 2002. Epidemic Outbreaks in Complex Heterogeneous Networks. European Physical Journal B, Vol. 26 (2002), 521--529.
[72]
S. Neuhaus, T. Zimmermann, C. Holler, and A. Zeller. 2007. Predicting vulnerable software components. In Proceedings of 2007 ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA. 529--540.
[73]
M. Newman. 2003. The structure and function of complex networks. SIAM Rev., Vol. 45 (2003), 167.
[74]
David Nicol, Bill Sanders, Jonathan Katz, Bill Scherlis, Tudor Dumitra, Laurie Williams, and Munindar P. Singh. [n.d.]. The Science of Security 5 Hard Problems (August 2015). http://cps-vo.org/node/21590.
[75]
David M. Nicol, William H. Sanders, and Kishor S. Trivedi. 2004. Model-Based Evaluation: From Dependability to Security. IEEE Trans. Dependable Sec. Comput., Vol. 1, 1 (2004), 48--65.
[76]
Steven Noel and Sushil Jajodia. 2017. A Suite of Metrics for Network Attack Graph Analytics. Springer International Publishing, Cham, 141--176.
[77]
Cameron Nowzari, Victor M. Preciado, and George J. Pappas. 2016. Analysis and Control of Epidemics: A Survey of Spreading Processes on Complex Networks. IEEE Control Systems, Vol. 36, 1 (2016), 26--46.
[78]
U.S. National Institute of Standards and Technology. April 16, 2018. Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1). https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
[79]
P. Parker and. Xu. 2009. A Method for Safekeeping Cryptographic Keys from Memory Disclosure Attacks. In Proc. INTRUST'09. 39--59.
[80]
R. Pastor-Satorras and A. Vespignani. 2001. Epidemic Dynamics and Endemic States in Complex Networks. Physical Review E, Vol. 63 (2001), 066117.
[81]
R. Pastor-Satorras and A. Vespignani. 2002. Epidemic Dynamics in Finite Size Scale-free Networks. Physical Review E, Vol. 65 (2002), 035108.
[82]
M. Pendleton, R. Garcia-Lebron, J. Cho, and S. Xu. 2016. A Survey on Systems Security Metrics. ACM Comput. Surv., Vol. 49, 4 (2016), 62:1--62:35.
[83]
Chen Peng, Maochao Xu, Shouhuai Xu, and Taizhong Hu. 2017. Modeling and predicting extreme cyber attack rates via marked point processes. Journal of Applied Statistics, Vol. 44, 14 (2017), 2534--2563.
[84]
Chen Peng, Maochao Xu, Shouhuai Xu, and Taizhong Hu. 2018. Modeling multivariate cybersecurity risks. Journal of Applied Statistics, Vol. 0, 0 (2018), 1--23.
[85]
A. Ramos, M. Lazar, R. H. Filho, and J. J. P. C. Rodrigues. 2017. Model-Based Quantitative Network Security Metrics: A Survey. IEEE Communications Surveys Tutorials, Vol. 19, 4 (2017), 2704--2734.
[86]
Rosana Montanez Rodriguez, Edward Golob, and Shouhuai Xu. 2020. Human Cognition through the Lens of Social Engineering Cyberattacks. CoRR (to appear in Frontiers in Psychology-Cognition), Vol. abs/2007.04932 (2020).
[87]
A. Roque, K. Bush, and C. Degni. 2016. Security is about control: insights from cybernetics. In Proc. HotSoS. 17--24.
[88]
Fred Schneider. 2011. Blueprint for a Science of Cybersecurity. Technical Report. Cornell University.
[89]
National Science and Technology Council. 2011. Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program. https://www.nitrd.gov/SUBCOMMITTEE/csia/Fed_Cybersecurity_RD_Strategic_Plan_2011.pdf.
[90]
Claude E. Shannon. 1949. Communication theory of secrecy systems. Bell Syst. Tech. J., Vol. 28, 4 (1949), 656--715.
[91]
J. Spring, T. Moore, and D. Pym. 2017. Practicing a Science of Security: A Philosophy of Science Perspective. In Proc. NSPW. 1--18.
[92]
Salvatore J. Stolfo, Steven M. Bellovin, and David Evans. 2011. Measuring Security. IEEE Security & Privacy, Vol. 9, 3 (2011), 60--65.
[93]
Blake Strom. 2018. ATT&CK 101: Cyber Threat Intelligence. https://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/attck-101
[94]
P. Thé ron and A. Kott. 2019. When Autonomous Intelligent Goodware Will Fight Autonomous Intelligent Malware: A Possible Future of Cyber Defense. In IEEE MILCOM. 1--7.
[95]
P. Thé ron, A. Kott, M. Drasar, K. Rzadca, B. Leblanc, M. Pihelgas, L. Mancini, and F. Gaspari. 2020. Reference Architecture of an Autonomous Agent for Cyber Defense of Complex Military Systems. In Adaptive Autonomous Secure Cyber Systems. Springer, 1--21.
[96]
Piet Van Mieghem, Jasmina Omic, and Robert Kooij. 2009. Virus spread in networks. IEEE/ACM Trans. Netw., Vol. 17, 1 (Feb. 2009), 1--14.
[97]
L. Wang, S. Jajodia, and A. Singhal. 2017b. Network Security Metrics. Springer.
[98]
L. Wang, S. Jajodia, A. Singhal, P. Cheng, and S. Noel. 2014. k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities. IEEE TDSC, Vol. 11, 1 (2014), 30--44.
[99]
Q. Wang, W. Guo, K. Zhang, A. Ororbia II, X. Xing, X. Liu, and C. Giles. 2017a. Adversary Resistant Deep Neural Networks with an Application to Malware Detection. In ACM KDD. 1145--1153.
[100]
Y. Wang, D. Chakrabarti, C. Wang, and C. Faloutsos. 2003. Epidemic Spreading in Real Networks: An Eigenvalue Viewpoint. In IEEE SRDS'03. 25--34.
[101]
L. Xu, L. Chen, Z. Gao, X. Fan, K. Doan, S. Xu, and W. Shi. 2019. KCRS: A Blockchain-Based Key Compromise Resilient Signature System. In International Conference on Blockchain and Trustworthy Systems (BlockSys). 226--239.
[102]
L. Xu, Z. Zhan, S. Xu, and K. Ye. 2013. Cross-layer detection of malicious websites. In ACM CODASPY. 141--152.
[103]
L. Xu, Z. Zhan, S. Xu, and K. Ye. 2014b. An Evasion and Counter-Evasion Study in Malicious Websites Detection. In IEEE CNS. 265--273.
[104]
Maochao Xu, Gaofeng Da, and Shouhuai Xu. 2015a. Cyber Epidemic Models with Dependences. Internet Mathematics, Vol. 11, 1 (2015), 62--92.
[105]
M. Xu, L. Hua, and S. Xu. 2017. A Vine Copula Model for Predicting the Effectiveness of Cyber Defense Early-Warning. Technometrics, Vol. 59, 4 (2017), 508--520.
[106]
M. Xu, K. M. Schweitzer, R. M. Bateman, and S. Xu. 2018. Modeling and Predicting Cyber Hacking Breaches. IEEE T-IFS, Vol. 13, 11 (2018), 2856--2871.
[107]
M. Xu and S. Xu. 2012. An Extended Stochastic Model for Quantitative Security Analysis of Networked Systems. Internet Mathematics, Vol. 8, 3 (2012), 288--320.
[108]
Shouhuai Xu. 2007. On the security of group communication schemes. Journal of Computer Security, Vol. 15, 1 (2007), 129--169.
[109]
Shouhuai Xu. 2008. Collaborative Attack vs. Collaborative Defense. In Proc. CollaborateCom. 217--228.
[110]
Shouhuai Xu. 2014a. Cybersecurity Dynamics. In Proc. HotSoS'14. 14:1--14:2.
[111]
S. Xu. 2014b. Emergent Behavior in Cybersecurity. In Proc. HotSoS. 13:1--13:2.
[112]
Shouhuai Xu. 2019. Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity. In Proactive and Dynamic Network Defense. 1--31.
[113]
S. Xu, X. Li, T. Parker, and X. Wang. 2011. Exploiting Trust-Based Social Networks for Distributed Protection of Sensitive Data. IEEE T-IFS, Vol. 6, 1 (2011), 39--52.
[114]
Shouhuai Xu, Wenlian Lu, and Hualun Li. 2015b. A Stochastic Model of Active Cyber Defense Dynamics. Internet Mathematics, Vol. 11, 1 (2015), 23--61.
[115]
S. Xu, W. Lu, and L. Xu. 2012a. Push- and pull-based epidemic spreading in networks: Thresholds and deeper insights. ACM TAAS, Vol. 7, 3 (2012).
[116]
S. Xu, W. Lu, L. Xu, and Z. Zhan. 2014a. Adaptive Epidemic Dynamics in Networks: Thresholds and Control. ACM TAAS, Vol. 8, 4 (2014).
[117]
S. Xu, W. Lu, and. Zhan. 2012b. A Stochastic Model of Multivirus Dynamics. IEEE Transactions on Dependable and Secure Computing, Vol. 9, 1 (2012), 30--45.
[118]
S. Xu and M. Yung. 2009. Expecting the Unexpected: Towards Robust Credential Infrastructure. In Financial Crypto. 201--221.
[119]
W. Xu, Y. Qi, and D. Evans. 2016. Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers. In NDSS.
[120]
F. Yamaguchi, M. Lottmann, and K. Rieck. 2012. Generalized vulnerability extrapolation using abstract syntax trees. In ACSAC. 359--368.
[121]
F. Yamaguchi, C. Wressnegger, H. Gascon, and K. Rieck. 2013. Chucky: exposing missing checks in source code for vulnerability discovery. In ACM CCS. 499--510.
[122]
L. Yang, P. Li, X. Yang, and Y. Tang. 2018a. A risk management approach to defending against the advanced persistent threat. IEEE TDSC (2018), 1--1.
[123]
L. Yang, X. Yang, and Y. Tang. 2018b. A Bi-Virus Competing Spreading Model with Generic Infection Rates. IEEE Trans. Netw. Sci. Eng., Vol. 5, 1 (2018), 2--13.
[124]
Z. Zhan, M. Xu, and S. Xu. 2013. Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study. IEEE T-IFS, Vol. 8, 11 (2013).
[125]
Z. Zhan, M. Xu, and S. Xu. 2014. A Characterization of Cybersecurity Posture from Network Telescope Data. In Proc. InTrust. 105--126.
[126]
Zhenxin Zhan, Maochao Xu, and Shouhuai Xu. 2015. Predicting Cyber Attack Rates With Extreme Values. IEEE Transactions on Information Forensics and Security, Vol. 10, 8 (2015), 1666--1677.
[127]
M. Zhang, L. Wang, S. Jajodia, A. Singhal, and M. Albanese. 2016. Network Diversity: A Security Metric for Evaluating the Resilience of Networks Against Zero-Day Attacks. IEEE Trans. Inf. Forensics Secur., Vol. 11, 5 (2016), 1071--1086.
[128]
R. Zheng, W. Lu, and S. Xu. 2015. Active Cyber Defense Dynamics Exhibiting Rich Phenomena. In Proc. HotSoS.
[129]
R. Zheng, W. Lu, and S. Xu. 2018. Preventive and Reactive Cyber Defense Dynamics Is Globally Stable. IEEE TNSE, Vol. 5, 2 (2018), 156--170.
[130]
D. Zou, S. Wang, S. Xu, Z. Li, and H. Jin. 2020. μVulDeePecker: A Deep Learning-Based System for Multiclass Vulnerability Detection. IEEE TDSC (2020).

Cited By

View all
  • (2025)Preventive Self-defense Under Cyber Epidemic Attacks: A Dynamical PerspectiveArabian Journal for Science and Engineering10.1007/s13369-024-09887-6Online publication date: 13-Jan-2025
  • (2024)Internet-Based Social Engineering Psychology, Attacks, and Defenses: A SurveyProceedings of the IEEE10.1109/JPROC.2024.3379855112:3(210-246)Online publication date: Mar-2024
  • (2024)Characterizing Privacy Risks in Healthcare IoT SystemsSecure and Resilient Digital Transformation of Healthcare10.1007/978-3-031-55829-0_4(51-68)Online publication date: 16-Mar-2024
  • Show More Cited By

Index Terms

  1. The Cybersecurity Dynamics Way of Thinking and Landscape

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    MTD'20: Proceedings of the 7th ACM Workshop on Moving Target Defense
    November 2020
    96 pages
    ISBN:9781450380850
    DOI:10.1145/3411496
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 09 November 2020

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. cyber defense decision-making
    2. cyber defense ooda loop
    3. cyber defense orchestration
    4. cybersecurity dynamics
    5. cybersecurity foundation
    6. cybersecurity metrics
    7. cybersecurity quantification
    8. cybersecurity risk management
    9. science of cybersecurity

    Qualifiers

    • Research-article

    Funding Sources

    Conference

    CCS '20
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 40 of 92 submissions, 43%

    Upcoming Conference

    ICSE 2025

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)330
    • Downloads (Last 6 weeks)38
    Reflects downloads up to 20 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2025)Preventive Self-defense Under Cyber Epidemic Attacks: A Dynamical PerspectiveArabian Journal for Science and Engineering10.1007/s13369-024-09887-6Online publication date: 13-Jan-2025
    • (2024)Internet-Based Social Engineering Psychology, Attacks, and Defenses: A SurveyProceedings of the IEEE10.1109/JPROC.2024.3379855112:3(210-246)Online publication date: Mar-2024
    • (2024)Characterizing Privacy Risks in Healthcare IoT SystemsSecure and Resilient Digital Transformation of Healthcare10.1007/978-3-031-55829-0_4(51-68)Online publication date: 16-Mar-2024
    • (2023)Complexity Science and Cyber Operations: A Literature SurveyComplex System Modeling and Simulation10.23919/CSMS.2023.00183:4(327-342)Online publication date: Dec-2023
    • (2023)A Review on Information Security Risk Assessment of Smart Systems: Risk Landscape, Challenges, and Prospective Methods2023 10th International Conference on ICT for Smart Society (ICISS)10.1109/ICISS59129.2023.10291306(1-6)Online publication date: 6-Sep-2023
    • (2023)Towards Automated Cyber Range Design: Characterizing and Matching Demands to Supplies2023 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR57506.2023.10224940(329-334)Online publication date: 31-Jul-2023
    • (2023)Cyber Attacks Against Enterprise Networks: Characterization, Modeling and ForecastingScience of Cyber Security10.1007/978-3-031-45933-7_4(60-81)Online publication date: 21-Nov-2023
    • (2023)Optimally Blending Honeypots into Production Networks: Hardness and AlgorithmsScience of Cyber Security10.1007/978-3-031-45933-7_17(285-304)Online publication date: 21-Nov-2023
    • (2023)AICA Development ChallengesAutonomous Intelligent Cyber Defense Agent (AICA)10.1007/978-3-031-29269-9_18(367-394)Online publication date: 3-Jun-2023
    • (2022)Quantifying Cybersecurity Effectiveness of Dynamic Network DiversityIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.310751419:6(3804-3821)Online publication date: 1-Nov-2022
    • Show More Cited By

    View Options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Login options

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media