Impact of the Computer System User When Creating Cyber Defense Strategies

被引:1
|
作者
Colvett, C. Daniel [1 ]
Petty, Mikel D. [1 ]
Bland, John A. [1 ]
Maxwell, Katia P. [2 ]
Rosenhoover, Marshall [1 ]
机构
[1] Univ Alabama, Huntsville, AL 35899 USA
[2] Athens State Univ, Athens, AL USA
来源
ACMSE 2022: PROCEEDINGS OF THE 2022 ACM SOUTHEAST CONFERENCE | 2022年
关键词
Cybersecurity; Petri Nets; Reinforcement Learning; PNPSC;
D O I
10.1145/3476883.3520208
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Petri nets with Players, Strategies, and Costs (PNPSC) is an extension of Petri nets that can model cyberattacks and defenses. Previous work has created PNPSC nets for cyberattack patterns based on the MITRE Common Attack Pattern Enumeration and Classification (CAPEC) database. The previous PNPSC nets modeled two players, the attacker and defender, but did not account for the computer system user. This research enhances previously developed PNPSC nets by adding representation for the computer system user. The research also builds on previous work in which cyber defense strategies were generated and improved with an epsilon-greedy reinforcement learning algorithm. The results show that including a representation for computer system users impacts the strategies developed by the defender, who must now balance computer system usability with computer system security.
引用
收藏
页码:74 / 81
页数:8
相关论文
共 50 条
  • [21] Lucid: A visualization and broadcast system for cyber defense competitions
    Turner, Claude
    Yan, Jie
    Richards, Dwight
    O'Brien, Pamela
    Odubiyi, Jide
    Brown, Quincy
    [J]. ACM Inroads, 2015, 6 (02) : 70 - 76
  • [22] Game Control of Attack and Defense in Cyber Physical System
    Cai, Xiaobo
    Wang, Baijuan
    Cao, Zhiyong
    Zhang, Haitao
    Han, Ke
    Chen, Min
    Xu, Jiajun
    Zi, Caifei
    Wu, Wendou
    [J]. 2020 INTERNATIONAL CONFERENCE ON IDENTIFICATION, INFORMATION AND KNOWLEDGE IN THE INTERNET OF THINGS (IIKI2020), 2021, 187 : 488 - 494
  • [23] Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits
    Hausken, Kjell
    Welburn, Jonathan W.
    [J]. INFORMATION SYSTEMS FRONTIERS, 2021, 23 (06) : 1609 - 1620
  • [24] Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits
    Kjell Hausken
    Jonathan W. Welburn
    [J]. Information Systems Frontiers, 2021, 23 : 1609 - 1620
  • [25] Towards Automated Verification of Active Cyber Defense Strategies on Software Defined Networks
    Alsaleh, Mohammed Noraden
    Al-Shaer, Ehab
    [J]. PROCEEDINGS OF THE 2016 ACM WORKSHOP ON AUTOMATED DECISION MAKING FOR ACTIVE CYBER DEFENSE (SAFECONFIG'16), 2016, : 23 - 29
  • [26] Defense Strategies for Integrated Energy Cyber Physical Systems Considering Joint Attacks
    Gu, Danyan
    Hong, Lucheng
    Yu, Qiangqiang
    Hua, Liang
    [J]. 2024 THE 7TH INTERNATIONAL CONFERENCE ON ENERGY, ELECTRICAL AND POWER ENGINEERING, CEEPE 2024, 2024, : 1494 - 1499
  • [27] Perverse Effects in Defense of Computer Systems: When More Is Less
    Wolff, Josephine
    [J]. JOURNAL OF MANAGEMENT INFORMATION SYSTEMS, 2016, 33 (02) : 597 - 620
  • [28] Perverse Effects in Defense of Computer Systems: When More Is Less
    Wolff, Josephine
    [J]. PROCEEDINGS OF THE 49TH ANNUAL HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES (HICSS 2016), 2016, : 4823 - 4831
  • [29] User behavior on an interactive computer system
    Boies, SJ
    [J]. IBM SYSTEMS JOURNAL, 1999, 38 (2-3) : 162 - 179
  • [30] The instrumentalised user: human, computer, system
    Kushner, Scott
    [J]. INTERNET HISTORIES, 2021, 5 (02): : 154 - 170
12345