Top

Published in:

2014 | OriginalPaper | Chapter

Towards Fundamental Science of Cyber Security

Author : Alexander Kott

Published in: Network Science and Cybersecurity

Publisher: Springer New York

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Terms like “Science of Cyber” or “Cyber Science” have been appearing in literature with growing frequency, and influential organizations initiated research initiatives toward developing such a science even though it is not clearly defined. We propose to define the domain of the science of cyber security by noting the most salient artifact within cyber security—malicious software—and defining the domain as comprised of phenomena that involve malicious software (as well as legitimate software and protocols used maliciously) used to compel a computing device or a network of computing devices to perform actions desired by the perpetrator of malicious software (the attacker) and generally contrary to the intent (the policy) of the legitimate owner or operator (the defender) of the computing device(s). We further define the science of cyber security as the study of relations—preferably expressed as theoretically-grounded models—between attributes, structures and dynamics of: violations of cyber security policy; the network of computing devices under attack; the defenders’ tools and techniques; and the attackers’ tools and techniques where malicious software plays the central role. We offer a simple formalism of these key objects within cyber science and systematically derive a classification of primary problem classes within cyber science.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

next chapter Bridging the Semantic Gap: Human Factors in Anomaly-Based Intrusion Detection Systems

Z.J. Lemnios, Testimony before the United States house of representatives committee on armed services, Subcommittee on Emerging Threats and Capabilities (2011), http://www.acq.osd.mil/chieftechnologist/publications/docs/ASDRE_Testimony_2011.pdf. Accessed 1 Mar 2011

T. Longstaff, Barriers to achieving a science of cybersecurity, Next Wave 19(4), (2012), http://www.nsa.gov/research/tnw/tnw194/article5.shtml

JASON, The science of cyber security. Report JSR-10-102, MITRE, McLean VA (2010), http://www.fas.org/irp/agency/dod/jason/cyber.pdf

National Science and Technology Council, Trustworthy cyberspace: strategic plan for the federal cybersecurity research and development program (2011), http://www.nitrd.gov/fileupload/files/Fed_Cybersecurity_RD_Strategic_Plan_2011.pdf

J. Willis, Defining a field: content, theory, and research issues. Contemporary Issues in Technology and Teacher Education [Online serial] 1(1) (2000), http://www.citejournal.org/vol1/iss1/seminal/article1.htm

H. Bostrom, et al., On the definition of information fusion as a field of research, in Technical Report (University of Skovde, School of Humanities and Informatics, Skovde, Sweden 2007), http://www.his.se/PageFiles/18815/Information%20Fusion%20Definition.pdf

F.B. Schneider, Blueprint for a science of cybersecurity. Next Wave 19(2), 27–57 (2012)

J. Bau, J.C. Mitchell, Security modeling and analysis. Secur. Priv. IEEE 9(3), 18–25 (2011)

R. Frigg, Models in science, Stanford Encyclopedia of Philosophy, 2012, http://plato.stanford.edu/entries/models-science/

10.

Nancy Cartwright, How the Laws of Physics Lie (Oxford University Press, Oxford, 1983)CrossRef

11.

Patrick Suppes, Representation and Invariance of Scientific Structures (CSLI Publications, Stanford, 2002)MATH

12.

L. Ge, H. Liu, D. Zhang; W. Yu, R. Hardy, R. Reschly, On effective sampling techniques for host-based intrusion detection in MANET, Military Communications Conference – MILCOM 2012 (2012)

13.

S. Jajodia, A.K. Ghosh, V. Swarup, C. Wang, X.S. Wang (eds.), Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Advances in Information Security, vol. 54 (Springer, Berlin, 2011)

14.

S. Jajodia, A.K. Ghosh, V.S. Subrahmanian, V. Swarup, C. Wang, X.S. Wang (eds.), Moving Target Defense: Application of Game Theory & Adversarial Modeling, Advances in Information Security, vol. 100 (Springer, Berlin, 2013)

15.

H. Bojinov et al., Address space randomization for mobile devices, in Proceedings of Fourth ACM Conference on Wireless Network Security, 2011, pp. 127–138

16.

E.G. Barrantes et al., Randomized instruction set emulation. ACM Trans. Inf. Syst. Secur. 8(1), 3–30 (2005)CrossRef

17.

S. Boyd, G. Kc, M. Locasto, A. Keromytis, V. Prevelakis, On the general applicability of instruction-set randomization’. IEEE Trans. Dependable Secure Comput. 7(3), 255–270 (2010)CrossRef

18.

D. Torrieri, S. Zhu, S. Jajodia, Cyber Maneuver Against External Adversaries and Compromised Nodes, Moving Target Defense – Advances in Information Security, vol. 100 (Springer, New York, 2013), pp. 87–96

19.

K. Dempsey, et al., Information Security Continuous Monitoring ISCM_ for Federal Information Systems and Organizations (NIST Special Publication, Gaithersburg, MD, 2011), pp. 800–137

20.

A. Kott, C. Arnold, Promises and challenges of continuous monitoring and risk scoring. IEEE Priv. Secur. 11(1), 90–93 (2013)

21.

W. Jensen, Directions in Security Metrics Research, National Institute of Standards and Technology, (NISTIR 7564), Apr 2009

22.

N. Bartol et al., Measuring cyber security and information assurance: a state of the art report, Defense Technical Information Center, May 2009

23.

R.P. Lippman, et al., Continuous security metrics for prevalent network threats: introduction and first four metrics, Technical Report ESCTR- 2010-090, MIT, May 2012

24.

H. Cam, PeerShield: determining control and resilience criticality of collaborative cyber assets in networks, in Proceedings of SPIE 8408, Cyber Sensing 2012, 840808 (1 May 2012)

25.

J.P. Anderson, Computer Security Threat Monitoring and Surveillance (James P. Anderson Co., Fort Washington, 1980)

26.

Stefan Axelsson, The base-rate fallacy and the difficulty of intrusion detection. ACM Trans. Inf. Syst. Secur. 3(3), 186–205 (2000)MathSciNetCrossRef

27.

Animesh Patcha, Jung-Min Park, An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007)CrossRef

28.

M. McNeese, Perspectives on the role of cognition in cyber security, in Proceedings of the Human Factors and Ergonomics Society 56th Annual Meeting, vol. 56, 2012, p. 268

29.

M. Boyce, K. Duma, L. Hettinger, T. Malone, D. Wilson, J. Lockett-Reynolds, Human performance in cyber security: a research agenda. in Proceedings of the Human Factors and Ergonomics Society 55th Annual Meeting, vol. 55, 2011, p. 1115

30.

R.E. Harang, W.J. Glodek, Identification of anomalous network security token usage via clustering and density estimation, in 46th Annual Conference on Information Sciences and Systems (CISS), 21–23 Mar 2012, pp.1–6

Title: Towards Fundamental Science of Cyber Security
Author: Alexander Kott
Publisher: Springer New York
Book: Network Science and Cybersecurity
Print ISBN: 978-1-4614-7596-5

Electronic ISBN: 978-1-4614-7597-2

Copyright Year: 2014
DOI: https://doi.org/10.1007/978-1-4614-7597-2_1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner