Publications

Abstract not provided.

Abstract not provided.

Protecting against multi-step attacks of uncertain start times and duration forces the defenders into indefinite, always ongoing, resource-intensive response. To allocate resources effectively, the defender must analyze and respond to an uncertain stream of potentially undetected multiple multi-step attacks and take measures of attack and response intensity over time into account. Such response requires estimation of overall attack success metrics and evaluating effect of defender strategies and actions associated with specific attack steps on overall attack metrics. We present a novel game-theoretic approach GPLADD to attack metrics estimation and demonstrate it on attack data derived from MITRE's ATT&CK Framework and other sources. In GPLADD, the time to complete attack steps is explicit; the attack dynamics emerges from attack graph and attacker-defender capabilities and strategies and therefore reflects 'physics' of attacks. The time the attacker takes to complete an attack step is drawn from a probability distribution determined by attacker and defender strategies and capabilities. This makes time a physical constraint on attack success parameters and enables comparing different defender resource allocation strategies across different attacks. We solve for attack success metrics by approximating attacker-defender games as discrete-time Markov chains and show evaluation of return on detection investments associated with different attack steps. We apply GPLADD to MITRE's APT3 data from ATT&CK Framework and show that there are substantial and un-intuitive differences in estimated real-world vendor performance against a simplified APT3 attack. We focus on metrics that reflect attack difficulty versus attacker ability to remain hidden in the system after gaining control. This enables practical defender optimization and resource allocation against multi-step attacks.

Abstract not provided.

Abstract not provided.

The Z Machine at Sandia National Laboratories is a pulsed power facility for high-energy density physics experiments that can shock materials to extreme temperatures and pressures through a focused energy release of up to ∼ 25 MJ in < 100 nanoseconds. It has been in operation for more than two decades and conducts up to ∼ 100 experiments, or “shots,” per year. Based on a set of 74 known shot times from 2018, we determined that Z Machine shots produce detectable ∼ 3–17 Hz ground motion 12 km away at the Albuquerque Seismological Laboratory, New Mexico (ANMO), borehole seismograph, with peak signal at ∼ 7 Hz. The known shot waveforms were used to create a three-component template, leading to the detection of 2339 Z Machine shots since 1998 through single-station cross-correlation. Local seismic magnitude estimates range from local magnitude (ML) -2 to -1.3 and indicate that only a small fraction of the shot energy is transmitted by seismic phases observable at 12 km distance. The most recent major facility renovation, which was intended to decrease mechanical dissipation, is associated with an abrupt decrease in observed seismic amplitudes at ANMO despite stable maximum shot energy. The highly repetitive impulsive sources are well suited to coda-wave interferometry to investigate time-dependent velocity structures. Relative velocity variations (dv/v) show an annual cycle with amplitude of ∼ 0.2%. Local minima are observed in the late spring, and dv/v increases through the summer monsoon rainfall, possibly reflecting patchy saturation as rainfall infiltrates near the eastern edge of the Albuquerque basin. The cumulative results demonstrate that forensic seismology can provide insight into long-term operation of facilities such as pulsed-power laboratories, and that their recurring signals may be valuable for studies of time-dependent structure.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.