Publications

Cruz, Gerardo C.; Damany, Akshay D.; Hood, Lisa G.

Abstract not provided.

Pinar, Ali P.; Tarman, Thomas D.; Swiler, Laura P.; Gearhart, Jared L.; Hart, Derek H.; Vugrin, Eric D.; Cruz, Gerardo C.; Arguello, Bryan A.; Geraci, Gianluca G.; Debusschere, Bert D.; Hanson, Seth T.; Outkin, Alexander V.; Thorpe, Jamie T.; Hart, William E.; Sahakian, Meghan A.; Gabert, Kasimir G.; Glatter, Casey J.; Johnson, Emma S.; Punla-Green, She?ifa P.

This report summarizes the activities performed as part of the Science and Engineering of Cybersecurity by Uncertainty quantification and Rigorous Experimentation (SECURE) Grand Challenge LDRD project. We provide an overview of the research done in this project, including work on cyber emulation, uncertainty quantification, and optimization. We present examples of integrated analyses performed on two case studies: a network scanning/detection study and a malware command and control study. We highlight the importance of experimental workflows and list references of papers and presentations developed under this project. We outline lessons learned and suggestions for future work.

Pinar, Ali P.; Tarman, Thomas D.; Swiler, Laura P.; Gearhart, Jared L.; Hart, Derek H.; Vugrin, Eric D.; Cruz, Gerardo C.; Arguello, Bryan A.; Geraci, Gianluca G.; Debusschere, Bert D.; Hanson, Seth T.; Outkin, Alexander V.; Thorpe, Jamie T.; Hart, William E.; Sahakian, Meghan A.; Gabert, Kasimir G.; Glatter, Casey J.; Johnson, Emma S.; Punla-Green, She?ifa P.

Abstract not provided.

ACM International Conference Proceeding Series

Tarman, Thomas D.; Rollins, Trevor; Swiler, Laura P.; Cruz, Gerardo C.; Vugrin, Eric D.; Huang, Hao; Sahu, Abhijeet; Wlazlo, Patrick; Goulart, Ana; Davis, Kate

Cyber testbeds provide an important mechanism for experimentally evaluating cyber security performance. However, as an experimental discipline, reproducible cyber experimentation is essential to assure valid, unbiased results. Even minor differences in setup, configuration, and testbed components can have an impact on the experiments, and thus, reproducibility of results. This paper documents a case study in reproducing an earlier emulation study, with the reproduced emulation experiment conducted by a different research group on a different testbed. We describe lessons learned as a result of this process, both in terms of the reproducibility of the original study and in terms of the different testbed technologies used by both groups. This paper also addresses the question of how to compare results between two groups' experiments, identifying candidate metrics for comparison and quantifying the results in this reproduction study.

Tarman, Thomas D.; Swiler, Laura P.; Vugrin, Eric D.; Rollins, Trevor R.; Cruz, Gerardo C.; Huang, Hao H.; Sahu, Abhijeet S.; Wlazlo, Patrick W.; Goulart, Ana G.; Davis, Kate D.

Abstract not provided.

Tarman, Thomas D.; Swiler, Laura P.; Cruz, Gerardo C.; Vugrin, Eric D.; Rollins, Trevor R.; Huang, Hao H.; Sahu, Abhijeet S.; Wlazlo, Patrick W.; Goulart, Ana G.; Davis, Kate D.

Abstract not provided.

Vugrin, Eric D.; Cruz, Gerardo C.; Reedy, Christian R.; Tarman, Thomas D.; Pinar, Ali P.

Abstract not provided.

Vugrin, Eric D.; Cruz, Gerardo C.; Reedy, Christian R.; Tarman, Thomas D.; Pinar, Ali P.

Abstract not provided.

Proceedings - 2019 Resilience Week, RWS 2019

Castillo, Anya; Arguello, Bryan A.; Cruz, Gerardo C.; Swiler, Laura

In this paper we report preliminary results from the novel coupling of cyber-physical emulation and interdiction optimization to better understand the impact of a CrashOverride malware attack on a notional electric system. We conduct cyber experiments where CrashOverride issues commands to remote terminal units (RTUs) that are controlling substations within a power control area. We identify worst-case loss of load outcomes with cyber interdiction optimization; the proposed approach is a bilevel formulation that incorporates RTU mappings to controllable loads, transmission lines, and generators in the upper-level (attacker model), and a DC optimal power flow (DCOPF) in the lower-level (defender model). Overall, our preliminary results indicate that the interdiction optimization can guide the design of experiments instead of performing a 'full factorial' approach. Likewise, for systems where there are important dependencies between SCADA/ICS controls and power grid operations, the cyber-physical emulations should drive improved parameterization and surrogate models that are applied in scalable optimization techniques.

Vugrin, Eric D.; Cruz, Gerardo C.; Reedy, Christian R.; Tarman, Thomas D.; Outkin, Alexander V.; Urias, Vincent U.

Abstract not provided.

Cruz, Gerardo C.

Abstract not provided.

Cruz, Gerardo C.; Outkin, Alexander V.; Tarman, Thomas D.; Urias, Vincent U.; Vugrin, Eric D.

Abstract not provided.

Field, Richard V.; Cruz, Gerardo C.; Quach, Tu-Thach Q.; Wendt, Jeremy D.

Abstract not provided.

Wendt, Jeremy D.; Quach, Tu-Thach Q.; Zage, David J.; Field, Richard V.; Wells, Randall W.; Soundarajan, Sucheta S.; Cruz, Gerardo C.

The Data Inferencing on Semantic Graphs project (DISeG) was a two-year investigation of inferencing techniques (focusing on belief propagation) to social graphs with a focus on semantic graphs (also called multi-layer graphs). While working this problem, we developed a new directed version of inferencing we call Directed Propagation (Chapters 2 and 4), identified new semantic graph sampling problems (Chapter 3).