Yunchuan Guo

Cyber Attacks Prediction Model Based on Bayesian Network

Cyber attacks prediction is an important part of risk management. Existing cyber attacks prediction methods did not fully consider the specific environment factors of the target network, which may make the results deviate from the true situation. In this paper, we propose a cyber attacks prediction model based on Bayesian network. We use attack graphs to represent all the vulnerabilities and possible attack paths. Then we capture the using environment factors using Bayesian network model. Cyber attacks predictions are performed on the constructed Bayesian network. Experimental analysis shows that our method gets more accurate results.

A game-theoretic approach to advertisement dissemination in ephemeral networks

In ephemeral networks, disseminating advertisements faces two dilemmatic problems: on the one hand, disseminators own the limited resources and have privacy concerns, thus, often preferring to avoid disseminating advertisements without enough incentives; Even if advertisements are disseminated, their dissemination accuracy is lower. On the other hand, false advertisements may flood in ephemeral networks if too many incentives but no punishments are given. Thus, it is a challenge to design an effective scheme to guarantee rational disseminators have sufficient impetus to forward true advertisements to the interested consumers and report false advertisements, despite facing the limitation of resources and the risk of privacy leakage. To solve this problem, in this paper, a bargaining-based scheme is proposed to motive disseminators to forward the true advertisements to the interested node and a semi-grim policy is designed for punishing the disseminators who releases and disseminates false advertisements. Acknowledging the assumption of incomplete information, a repeated dissemination game is proposed to help disseminators to decide whether to forward advertisements or report false advertisements. Simulation results demonstrate that our scheme not only provides disseminators a strong impetus to disseminate the advertisements with higher dissemination accuracy, but also effectively prevents disseminators from forwarding false advertisements.

Spatiotemporal Access Model Based on Reputation for the Sensing Layer of the IoT

Access control is a key technology in providing security in the Internet of Things (IoT). The mainstream security approach proposed for the sensing layer of the IoT concentrates only on authentication while ignoring the more general models. Unreliable communications and resource constraints make the traditional access control techniques barely meet the requirements of the sensing layer of the IoT. In this paper, we propose a model that combines space and time with reputation to control access to the information within the sensing layer of the IoT. This model is called spatiotemporal access control based on reputation (STRAC). STRAC uses a lattice-based approach to decrease the size of policy bases. To solve the problem caused by unreliable communications, we propose both nondeterministic authorizations and stochastic authorizations. To more precisely manage the reputation of nodes, we propose two new mechanisms to update the reputation of nodes. These new approaches are the authority-based update mechanism (AUM) and the election-based update mechanism (EUM). We show how the model checker UPPAAL can be used to analyze the spatiotemporal access control model of an application. Finally, we also implement a prototype system to demonstrate the efficiency of our model.

A Cluster-Based Multilevel Security Model for Wireless Sensor Networks

Wireless sensor network is one of the fundamental components of the Internet of Things. With the growing use of wireless sensor networks in commercial and military, data security is a critical problem in these applications. Considerable security works have been studied. However, the majority of these works based on the scenarios that the sensitivities of data in the networks are in the same. In this paper, we present a cluster-based multilevel security model that enforces information flow from low security level to high security level. The design of the model is motivated by the observation that sensor nodes in numerous applications have different security clearances. In these scenarios, it is not enough for just protecting the data at a single level. The multilevel security mechanism is needed to prevent the information flow from high level nodes to low level nodes. We give the formal description of the model and present a scheme to achieve it. In our model, sensor nodes are grouped into different clusters. In each cluster, the security clearance of sensor nodes must not be higher than the security clearance of the cluster head. We use cryptography techniques to enforce the information flow policy of this model. The higher level nodes can derive the keys of lower level nodes and use the derived key to get the information from lower-level nodes. abstract environment.

Simulation Analysis of Probabilistic Timing Covert Channels

It is very important to analyze the bandwidth and transmission error rate in the study of probabilistic timing covert channels. For the purpose, a simulation system of probabilistic timing covert channels has been set up in the paper. The simulation results show that (1) the bandwidth and the transmission error rate of probabilistic timing covert channels are closely related to the hardware/software environment, probability factor, time factor and/or coding methods as well as scheduling times; (2) the approximate transmission error rate can be measured with the central limit theorem; (3) it is not accurate to estimate the amount of information leakage based on weak probabilistic bisimulation; and (4) in probabilistic timing covert channels, there exist some characteristics which are different from non-deterministic covert channels.

Identifying the Propagation Sources of Stealth Worms.

Worm virus can spread in various ways with great destructive power, which poses a great threat to network security. One example is the WannaCry worm in May 2017. By identifying the sources of worms, we can better understand the causation of risks, and then implement better security measures. However, the current available detection system may not be able to fully detect the existing threats when the worms with the stealth characteristics do not show any abnormal behaviors. This paper makes two key contributions toward the challenging problem of identifying the propagation sources: (1) A modified algorithm of observed results based on Bayes rule has been proposed, which can modify the results of possible missed nodes, so as to improve the accuracy of identifying the propagation sources. (2) We have applied the method of branch and bound, effectively reduced the traversal space and improved the efficiency of the algorithm by calculating the upper and lower bounds of the infection probability of nodes. Through the experiment simulation in the real network, we verified the accuracy and high efficiency of the algorithm for tracing the sources of worms.

Incentive Mechanism for Cooperative Intrusion Detection: An Evolutionary Game Approach

In Mobile Ad-Hoc Networks, cooperative intrusion detection is efficient and scalable to massively parallel attacks. However, due to concerns of privacy leak-age and resource costs, if without enough incentives, most mobile nodes are often selfish and disinterested in helping others to detect an intrusion event, thus an ef-ficient incentive mechanism is required. In this paper, we formulate the incentive mechanism for cooperative intrusion detection as an evolutionary game and achieve an optimal solution to help nodes decide whether to participate in detec-tion or not. Our proposed mechanism can deal with the problems that cooperative nodes do not own complete knowledge about other nodes. We develop a game algorithm to maximize nodes utility. Simulations demonstrate that our strategy can efficiently incentivize potential nodes to cooperate.

Security Measurement for Unknown Threats Based on Attack Preferences

Security measurement matters to every stakeholder in network security. It provides security practitioners the exact security awareness. However, most of the works are not applicable to the unknown threat. What is more, existing efforts on security metric mainly focus on the ease of certain attack from a theoretical point of view, ignoring the “likelihood of exploitation.” To help administrator have a better understanding, we analyze the behavior of attackers who exploit the zero-day vulnerabilities and predict their attack timing. Based on the prediction, we propose a method of security measurement. In detail, we compute the optimal attack timing from the perspective of attacker, using a long-term game to estimate the risk of being found and then choose the optimal timing based on the risk and profit. We design a learning strategy to model the information sharing mechanism among multiattackers and use spatial structure to model the long-term process. After calculating the Nash equilibrium for each subgame, we consider the likelihood of being attacked for each node as the security metric result. The experiment results show the efficiency of our approach.

A Novel Threat-Driven Data Collection Method for Resource-Constrained Networks

Real-time devices monitoring is a fundamental task of network security. When networks are threatened by cyberattacks, we need accurate monitoring data for timely detecting and disposing network threats. However, in resource-constrained networks, due to limitation of device processing capacity or network bandwidth, it is usually difficult to collect monitoring information precisely and efficiently. To address this problem, we propose a novel threat-driven data collection method. Our method firstly analyses features of the existing or potential network threats, then chooses devices that most probably be affected by the threats, and finally selects data items consistent to the threat features for those screened target collection devices. Experiment results prove that our threat-driven data collection method not only improves the collection efficiency with a satisfying data accuracy, but also reduces devices resource cost of gathering monitoring data, making it suitable for security management in resource-constrained networks.

Optimally Selecting the Timing of Zero-Day Attack via Spatial Evolutionary Game

Zero-day attacks pose a serious threat to the government agencies and companies. To get better protection of the internet infrastructure, it is very important for the defenders to analyze the behavior of attackers who exploit the zero-day vulnerabilities and predict their attack timing. For attackers, when to exploit the zero-day vulnerability means a tough tradeoff between profit and risk: If the attackers exploit too soon, they may get limited profits; too late, they may suffer the higher risk of being found before the attack. To help defenders make a better prediction, this paper computes the optimal timing from the perspective of attackers. We use an evolutionary game to estimate the risk of being found and then chooses the optimal timing based on the risk and profit. In detail, we design a learning strategy to deal with individual differences among multi-attackers, and use spatial structure to model the evolutionary process. The experiment results show the efficiency of this approach.