A journal of IEEE and CAA , publishes high-quality papers in English on original theoretical/experimental research and development in all areas of automation
Volume 8 Issue 2
Feb.  2021

IEEE/CAA Journal of Automatica Sinica

  • JCR Impact Factor: 15.3, Top 1 (SCI Q1)
    CiteScore: 23.5, Top 2% (Q1)
    Google Scholar h5-index: 77, TOP 5
Turn off MathJax
Article Contents
Zhaofeng Liu, Ren Zheng, Wenlian Lu and Shouhuai Xu, "Using Event-Based Method to Estimate Cybersecurity Equilibrium," IEEE/CAA J. Autom. Sinica, vol. 8, no. 2, pp. 455-467, Feb. 2021. doi: 10.1109/JAS.2020.1003527
Citation: Zhaofeng Liu, Ren Zheng, Wenlian Lu and Shouhuai Xu, "Using Event-Based Method to Estimate Cybersecurity Equilibrium," IEEE/CAA J. Autom. Sinica, vol. 8, no. 2, pp. 455-467, Feb. 2021. doi: 10.1109/JAS.2020.1003527

Using Event-Based Method to Estimate Cybersecurity Equilibrium

doi: 10.1109/JAS.2020.1003527
Funds:  This work was supported in part by the National Natural Sciences Foundation of China (62072111)
More Information
  • Estimating the global state of a networked system is an important problem in many application domains. The classical approach to tackling this problem is the periodic (observation) method, which is inefficient because it often observes states at a very high frequency. This inefficiency has motivated the idea of event-based method, which leverages the evolution dynamics in question and makes observations only when some rules are triggered (i.e., only when certain conditions hold). This paper initiates the investigation of using the event-based method to estimate the equilibrium in the new application domain of cybersecurity, where equilibrium is an important metric that has no closed-form solutions. More specifically, the paper presents an event-based method for estimating cybersecurity equilibrium in the preventive and reactive cyber defense dynamics, which has been proven globally convergent. The presented study proves that the estimated equilibrium from our trigger rule i) indeed converges to the equilibrium of the dynamics and ii) is Zeno-free, which assures the usefulness of the event-based method. Numerical examples show that the event-based method can reduce 98% of the observation cost incurred by the periodic method. In order to use the event-based method in practice, this paper investigates how to bridge the gap between i) the continuous state in the dynamics model, which is dubbed probability-state because it measures the probability that a node is in the secure or compromised state, and ii) the discrete state that is often encountered in practice, dubbed sample-state because it is sampled from some nodes. This bridge may be of independent value because probability-state models have been widely used to approximate exponentially-many discrete state systems.

     

  • loading
  • [1]
    K. J. Åström and B. Bernhardsson, “Comparison of periodic and event based sampling for first-order stochastic systems,” IFAC Proc. Vol., vol. 32, no. 2, pp. 5006–5011, Jul. 1999. doi: 10.1016/S1474-6670(17)56852-4
    [2]
    K. E. Åarzén, “A simple event-based PID controller,” IFAC Proc. Vol., vol. 32, no. 2, pp. 8687–8692, Jul. 1999. doi: 10.1016/S1474-6670(17)57482-0
    [3]
    K. H. Johansson, M. Egerstedt, J. Lygeros, and S. Sastry, “On the regularization of zeno hybrid automata,” Syst. Control Lett., vol. 38, no. 3, pp. 141–150, Oct. 1999. doi: 10.1016/S0167-6911(99)00059-6
    [4]
    R. Zheng, W. L. Lu, and S. H. Xu, “Preventive and reactive cyber defense dynamics is globally stable,” IEEE Trans. Netw. Sci. Eng., vol. 5, no. 2, pp. 156–170, Apr. 2018. doi: 10.1109/TNSE.2017.2734904
    [5]
    S. H. Xu, “Cybersecurity dynamics,” in Proc. Symp. and Bootcamp on the Science of Security, Raleigh, USA, 2014, pp. 14.
    [6]
    S. H. Xu, “Cybersecurity dynamics: A foundation for the science of cybersecurity,” in Proactive and Dynamic Network Defense, C. Wang and Z. Lu, Eds. Cham, Switzerland: Springer, 2019, pp. 1–31.
    [7]
    K. J. Astrom and B. M. Bernhardsson, “Comparison of riemann and lebesgue sampling for first order stochastic systems,” in Proc. 41st IEEE Conf. Decision and Control, Las Vegas, USA, 2002, pp. 2011–2016.
    [8]
    P. Tabuada, “Event-triggered real-time scheduling of stabilizing control tasks,” IEEE Trans. Autom. Control, vol. 52, no. 9, pp. 1680–1685, Sep. 2007. doi: 10.1109/TAC.2007.904277
    [9]
    W. P. M. H. Heemels, K. H. Johansson, and P. Tabuada, “An introduction to event-triggered and self-triggered control,” in Proc. 51st IEEE Conf. Decision and Control, Maui, USA, 2012, pp. 3270–3285.
    [10]
    D. R. Ding, Z. D. Wang, and Q. L. Han, “A set-membership approach to event-triggered filtering for general nonlinear systems over sensor networks,” IEEE Trans. Autom. Control, vol. 65, no. 4, pp. 1792–1799, Apr. 2020. doi: 10.1109/TAC.2019.2934389
    [11]
    E. Johannesson, T. Henningsson, and A. Cervin, “Sporadic control of first-order linear stochastic systems,” in Hybrid Systems: Computation and Control, A. Bemporad, A. Bicchi, and G. Buttazzo, Eds. Berlin, Heidelberg, Germany: Springer, 2007, pp. 301–314.
    [12]
    X. F. Wang and M. D. Lemmon, “Event-triggering in distributed networked control systems,” IEEE Trans. Autom. Control, vol. 56, no. 3, pp. 586–601, Mar. 2011. doi: 10.1109/TAC.2010.2057951
    [13]
    D. V. Dimarogonas, E. Frazzoli, and K. H. Johansson, “Distributed event-triggered control for multi-agent systems,” IEEE Trans. Autom. Control, vol. 57, no. 5, pp. 1291–1297, May 2012. doi: 10.1109/TAC.2011.2174666
    [14]
    G. S. Seyboth, D. V. Dimarogonas, and K. H. Johansson, “Event-based broadcasting for multi-agent average consensus,” Automatica, vol. 49, no. 1, pp. 245–252, Jan. 2013. doi: 10.1016/j.automatica.2012.08.042
    [15]
    W. L. Lu, Y. J. Han, and T. P. Chen, “Pinning networks of coupled dynamical systems with Markovian switching couplings and event-triggered diffusions,” J. Franklin Inst., vol. 352, no. 9, pp. 3526–3545, Sep. 2015. doi: 10.1016/j.jfranklin.2015.01.022
    [16]
    Y. J. Han, W. L. Lu, and T. P. Chen, “Consensus analysis of networks with time-varying topology and event-triggered diffusions,” Neural Netw., vol. 71, pp. 196–203, Nov. 2015. doi: 10.1016/j.neunet.2015.08.008
    [17]
    W. L. Lu, Y. J. Han, and T. P. Chen, “Synchronization in networks of linearly coupled dynamical systems via event-triggered diffusions,” IEEE Trans. Neural Netw. Learn. Syst., vol. 26, no. 12, pp. 3060–3069, Dec. 2015. doi: 10.1109/TNNLS.2015.2402691
    [18]
    R. Zheng, X. L. Yi, W. L. Lu, and T. P. Chen, “Stability of analytic neural networks with event-triggered synaptic feedbacks,” IEEE Trans. Neural Netw. Learn. Syst., vol. 27, no. 2, pp. 483–494, Feb. 2016. doi: 10.1109/TNNLS.2015.2488903
    [19]
    W. L. Lu, R. Zheng, and T. P. Chen, “Centralized and decentralized global outer-synchronization of asymmetric recurrent time-varying neural network by data-sampling,” Neural Netw., vol. 75, pp. 22–31, Mar. 2016. doi: 10.1016/j.neunet.2015.11.006
    [20]
    X. H. Li, T. Parker, and S. H. Xu, “Towards quantifying the (in)security of networked systems,” in Proc. 21st Int. Conf. Advanced Information Networking and Applications, Niagara Falls, Canada, 2007, pp. 420–427.
    [21]
    A. G. M’Kendrick, “Applications of mathematics to medical problems,” Proc. Edinb. Math. Soc., vol. 44, pp. 98–130, Feb. 1925. doi: 10.1017/S0013091500034428
    [22]
    W. O. Kermack and A. G. McKendrick, “A contribution to the mathematical theory of epidemics,” Proc. Roy. Soc. A:Math.,Phys. Eng. Sci., vol. 115, no. 772, pp. 700–721, Aug. 1927.
    [23]
    N. T. J. Bailey, The Mathematical Theory of Infectious Diseases and Its Applications. 2nd ed. London, UK: Hodder Arnold, 1975.
    [24]
    R. M. Anderson and R. M. May, Infectious Diseases of Humans. Oxford, UK: Oxford University Press, 1991.
    [25]
    H. W. Hethcote, “The mathematics of infectious diseases,” SIAM Rev., vol. 42, no. 4, pp. 599–653, Jan. 2000. doi: 10.1137/S0036144500371907
    [26]
    J. O. Kephart and S. R. White, “Directed-graph epidemiological models of computer viruses,” in Proc. IEEE Computer Society Symp. Research in Security and Privacy, Oakland, USA, 1991, pp. 343–359.
    [27]
    J. O. Kephart and S. R. White, “Measuring and modeling computer virus prevalence,” in Proc. IEEE Computer Society Symp. Research in Security and Privacy, Oakland, USA, 1993, pp. 2–15.
    [28]
    R. Pastor-Satorras and A. Vespignani, “Epidemic dynamics and endemic states in complex networks,” Phys. Rev. E, vol. 63, pp. 066117, May 2001. doi: 10.1103/PhysRevE.63.066117
    [29]
    Y. Moreno, R. Pastor-Satorras, and A. Vespignani, “Epidemic outbreaks in complex heterogeneous networks,” Eur. Phys. J. B, vol. 26, no. 4, pp. 521–529, Apr. 2002.
    [30]
    R. Pastor-Satorras and A. Vespignani, “Epidemic dynamics in finite size scale-free networks,” Phys. Rev. E, vol. 65, pp. 035108, Mar. 2002. doi: 10.1103/PhysRevE.65.035108
    [31]
    M. E. J. Newman, “The structure and function of complex networks,” SIAM Rev., vol. 45, no. 2, pp. 167–256, Jan. 2003. doi: 10.1137/S003614450342480
    [32]
    A. Barrat, M. Barthélemy, and A. Vespignani, Dynamical Processes on Complex Networks. Cambridge, UK: Cambridge University Press, 2008.
    [33]
    Y. Wang, D. Chakrabarti, C. X. Wang, and C. Faloutsos, “Epidemic spreading in real networks: An eigenvalue viewpoint,” in Proc. 22nd IEEE Int. Symp. Reliable Distributed Systems, Florence, Italy, 2003, pp. 25–34.
    [34]
    A. Ganesh, L. Massoulie, and D. Towsley, “The effect of network topology on the spread of epidemics,” in Proc. 24th IEEE Annu. Joint Conf. IEEE Computer and Communications Societies, Miami, USA, 2005, pp. 1455–1466.
    [35]
    D. Chakrabarti, Y. Wang, C. X. Wang, J. Leskovec, and C. Faloutsos, “Epidemic thresholds in real networks,” ACM Trans. Inf. Syst. Secur., vol. 10, no. 4, pp. 13, Jan. 2008.
    [36]
    P. Van Mieghem, J. Omic, and R. Kooij, “Virus spread in networks,” IEEE/ACM Trans. Netw., vol. 17, no. 1, pp. 1–14, Feb. 2009. doi: 10.1109/TNET.2008.925623
    [37]
    T. M. Liggett, Interacting Particle Systems. New York: USA: Springer, 1985.
    [38]
    K. D. Hoover, “Idealizing reduction: The microfoundations of macroeconomics,” Erkenntnis, vol. 73, no. 3, pp. 329–347, Nov. 2010. doi: 10.1007/s10670-010-9235-1
    [39]
    Y. J. Han, W. L. Lu, and S. H. Xu, “Preventive and reactive cyber defense dynamics with ergodic time-dependent parameters is globally attractive,” arXiv: 2001.07958, Jan. 2020.
    [40]
    Z. Z. Lin, W. L. Lu, and S. H. Xu, “Unified preventive and reactive cyber defense dynamics is still globally convergent,” IEEE/ACM Trans. Netw., vol. 27, no. 3, pp. 1098–1111, Jun. 2019. doi: 10.1109/TNET.2019.2912847
    [41]
    M. C. Xu, G. F. Da, and S. H. Xu, “Cyber epidemic models with dependences,” Internet Math., vol. 11, no. 1, pp. 62–92, Jan. 2015. doi: 10.1080/15427951.2014.902407
    [42]
    S. H. Xu, “Emergent behavior in cybersecurity,” in Proc. Symp. and Bootcamp on the Science of Security, Raleigh, USA, 2014, pp. 13.
    [43]
    Y. J. Han, W. L. Lu, and S. H. Xu, “Characterizing the power of moving target defense via cyber epidemic dynamics,” in Proc. Symp. and Bootcamp on the Science of Security, Raleigh, USA, 2014, pp. 10.
    [44]
    G. F. Da, M. C. Xu, and S. H. Xu, “A new approach to modeling and analyzing security of networked systems,” in Proc. Symp. and Bootcamp on the Science of Security, Raleigh, USA, 2014, pp. 6.
    [45]
    S. H. Xu, W. L. Lu, L. Xu, and Z. X. Zhan, “Adaptive epidemic dynamics in networks: Thresholds and control,” ACM Trans. Auton. Adapt. Syst., vol. 8, no. 4, pp. 19, Jan. 2014.
    [46]
    S. H. Xu, W. L. Lu, and Z. X. Zhan, “A stochastic model of multivirus dynamics,” IEEE Trans. Depend. Secure Comput., vol. 9, no. 1, pp. 30–45, Jan.–Feb. 2012. doi: 10.1109/TDSC.2011.33
    [47]
    M. C. Xu and S. H. Xu, “An extended stochastic model for quantitative security analysis of networked systems,” Internet Math., vol. 8, no. 3, pp. 288–320, Jul. 2012.
    [48]
    S. H. Xu, W. L. Lu, and L. Xu, “Push- and pull-based epidemic spreading in networks: Thresholds and deeper insights,” ACM Trans. Auton. Adapt. Syst., vol. 7, no. 3, pp. 32, Oct. 2012.
    [49]
    S. H. Xu, “The cybersecurity dynamics way of thinking and landscape,” in Proc. 7th ACM Workshop on Moving Target Defense (ACM MTD’2020), Orlando, USA, pp. 69–80, Nov. 2020.
    [50]
    X. H. Li, P. Parker, and S. H. Xu, “A stochastic model for quantitative security analyses of networked systems,” IEEE Trans. Depend. Secure Comput., vol. 8, no. 1, pp. 28–43, Jan.–Feb. 2011. doi: 10.1109/TDSC.2008.75
    [51]
    J. D. Mireles, E. Ficke, J. H. Cho, P. Hurley, and S. H. Xu, “Metrics towards measuring cyber agility,” IEEE Trans. Inf. Foren. Secur., vol. 14, no. 12, pp. 3217–3232, Dec. 2019. doi: 10.1109/TIFS.2019.2912551
    [52]
    J. H. Cho, S. H. Xu, P. M. Hurley, M. Mackay, T. Benjamin, and M. Beaumont, “STRAM: Measuring the trustworthiness of computer-based systems,” ACM Comput. Surv., vol. 51, no. 6, pp. 128, Feb. 2019.
    [53]
    M. Pendleton, R. Garcia-Lebron, J. H. Cho, and S. H. Xu, “A survey on systems security metrics,” ACM Comput. Surv., vol. 49, no. 4, pp. 62, Dec. 2016.
    [54]
    H. S. Chen, J. H. Cho, and S. H. Xu, “Quantifying the security effectiveness of network diversity: Poster,” in Proc. 5th Annu. Symp. and Bootcamp on Hot Topics in the Science of Security, Raleigh, USA, 2018, pp. 24.
    [55]
    H. S. Chen, J. H. Cho, and S. H. Xu, “Quantifying the security effectiveness of firewalls and DMZs,” in Proc. 5th Annu. Symp. and Bootcamp on Hot Topics in the Science of Security, Raleigh, USA, 2018, pp. 9.
    [56]
    R. Zheng, W. L. Lu, and S. H. Xu, “Active cyber defense dynamics exhibiting rich phenomena,” in Proc. Symp. and Bootcamp on the Science of Security, Urbana, USA, 2015, pp. 2.
    [57]
    S. H. Xu, W. L. Lu, and H. L. Li, “A stochastic model of active cyber defense dynamics,” Internet Math., vol. 11, no. 1, pp. 23–61, Jan. 2015. doi: 10.1080/15427951.2013.830583
    [58]
    W. L. Lu, S. H. Xu, and X. L. Yi, “Optimizing active cyber defense,” in Proc. 4th Int. Conf. Decision and Game Theory for Security, Fort Worth, USA, 2013, pp. 206–225.
    [59]
    A. Sard, “The measure of the critical values of differentiable maps,” Bull. Am. Math. Soc., vol. 48, no. 12, pp. 883–890, 1999.

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(7)  / Tables(1)

    Article Metrics

    Article views (1350) PDF downloads(59) Cited by()

    Highlights

    • The paper presents an event-based method for estimating cybersecurity equilibrium in the preventive and reactive cyber defense dynamics, which has been proven globally convergent. The present study proves that the estimated equilibrium from our trigger rule (i) indeed converges to the equilibrium of the dynamics and (ii) is Zeno-free, which assures the usefulness of the event-based method.
    • Numerical examples show that the event-based method can reduce 98\% of the observation cost incurred by the periodic method.
    • In order to use the event-based method in practice, this paper investigates how to bridge the gap between (i) the continuous state in the dynamics model, which is dubbed probability-state because it measures the probability that a node is in the secure or compromised state, and (ii) the discrete state that is often encountered in practice, dubbed sample-state because it is sampled from some nodes. This bridge may be of independent value because probability-state models have been widely used to approximate exponentially-many discrete state systems.

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return