Publications

Abstract not provided.

Information security is a top priority in government and industry because high consequence cyber incidents continue with regularity. The blue teamers that protect cyber systems cannot stop or even know about all these incidents, so they must take measures to tolerate these incursions in addition to preventing and detecting them. We propose dynamically compartmentalizing subject networks into collaboration zones and limiting the communication between these zones. In this article, we demonstrate this technique's effect on the attacker and the defender for various parameter settings using discrete-time simulation. Based on our results, we conclude that dynamic cyber zone defense is a viable intrusion tolerance technique and should be considered for technology transfer.

Attacks authored by state sponsored actors, criminal outfits, ideological enclaves and recreational hackers continue to trouble public and private cyber systems. In order to create and/or maintain an advantage over their adversaries, cyber defenders must pursue novel ways to detect, attribute and respond to offensive operations. Linkography is a topic that has been explored for decades that has found recent application to cyber security. Given the huge amounts of data available for cyber security applications of linkography, we favor semi-automated techniques to exploit this concept. In this paper, we propose a human supervised algorithm that will refine the abstractions used for this bulk approach to linkography. We found this algorithm resulted in automatically generated linkographs with higher accuracies than those derived from static abstractions. These findings suggest that linkography in general and abstraction refinement in particular are viable tools for cyber security practitioners.

Abstract not provided.

Attacks on cyber systems continue to plague public and private sector enterprises. While cyber zone defense is an appealing strategy to prevent, disrupt and tolerate these attacks, existing approaches assign hosts to zones based on their function (for example, printer zones and sensor zones) or place in the architecture (for example, corporate zones and demilitarized zones). This leaves the large number of human-operated commodity workstations within an enterprise unaddressed. We propose a dynamic zoning algorithm which periodically or asynchronously assigns hosts to zones based on peer requests made by their human operators. The proposed algorithm runs quickly on basic hardware for a large enterprise, and the zone statistics converge to values that match what simple mathematical models predict. We conclude that dynamic cyber zone defense calls for additional research and is a candidate for technology transfer.

Attacks on cyber systems continue to plague public and private sector enterprises. While cyber zone defense is an appealing strategy to prevent, disrupt and tolerate these attacks, existing approaches assign hosts to zones based on their function (for example, printer zones and sensor zones) or place in the architecture (for example, corporate zones and demilitarized zones). This leaves the large number of human-operated commodity workstations within an enterprise unaddressed. We propose a dynamic zoning algorithm which periodically or asynchronously assigns hosts to zones based on peer requests made by their human operators. The proposed algorithm runs quickly on basic hardware for a large enterprise, and the zone statistics converge to values that match what simple mathematical models predict. We conclude that dynamic cyber zone defense calls for additional research and is a candidate for technology transfer.