Macro-modeling And Analysis Of Cyber Attacks

Cyber attacks have become significant risks in modern society.The at-tacks are more complex than before and able to rapidly propagate in multiple networks,e.g.,social networks and computer networks.The research on cy-ber attacks needs to be developed to analyze complex attack behavior.From a big-picture view,this thesis discusses following problems in cyber attacks:the long-term impact of diverse relationships in social networks on cyber attacks,the complex infection-healing process in large-scale networks,and the latest re-mote control technology in new cyber attacks.Based on the unique characters of different attack behaviors,a series of models are proposed to model cyber attacks by employing appropriate theories and models.To be specific,the game theory is applied to model the social network attack process;the Markov pro-cess and epidemic model are employed to capture the propagation process;the machine learning method is used to detect the remote control traffic.The main contributions of this thesis can be summarized as follows,· This thesis proposes infinitely repeated games to capture the interactions between a message publisher(i.e.,a potential attacker),and the adminis-trator to suppress social attack messages in online social networks.Critical conditions,under which the publisher can be disincentivized to send any forged messages,are identified in the absence and presence of misclassifi-cation on genuine messages.Closed-form expressions are established for the maximum number of forged messages of an attacker in the absence and presence of misclassification on genuine messages.· This thesis proposes a new approach to modeling the propagation pro-cess across non-trivial networks,which is able to leverage the modeling accuracy and complexity,hence enhancing modeling scalability to large networks.A discrete-time absorbing Markov process of epidemic model is first developed based on the adjacency matrix of the network.After asymptotically accurate bounds of the extinction rate are derived,a prac-tical way,which estimates the extinction rate in a large network with the extinction rate in a small network,is proposed and then numerically vali-dated.· This thesis proposes a group-based propagation model to analyze the prop-agation process in large-scale networks while preserving accuracy.The network nodes are divided into groups according to their degree and con-nectivity.A continuous-time Markov SIS model is developed.The prop-agation threshold is derived based on the spectral radius of the collapsed adj acency matrix by applying the stability analysis on the proposed model.Simulation results validate the model accuracy and the analytical epidemic threshold.· This thesis proposes a novel feature,i.e.,the independent access,to de-scribe the Command and Control(C&C)network traffic of Advanced Persistent Threat(APT)which remains low and slow.Based on the in-dependent access feature of APT network traffic,concurrent domains in the domain name service are selected to detect APT domains from DNS records.The proposed traffic features and detection process are then val-idated in public dataset.