Jin B. Hong

University of Western Australia | UWA

The dynamicity of today’s networks has created uncertainties for security administrators about the defense options to deploy. In this paper, we consider the administrator’s challenge of selecting and deploying the best set of heterogeneous security hardening solutions for dynamic networks given multiple constraints (such as fixed budget, availabili...

Cloud computing has become widely adopted by businesses for hosting applications with improved performance at a fraction of the operational costs and complexity. The rise of cloud applications has been coupled with an increase in security threat vectors and vulnerabilities. In this paper, we propose a new security assessment and enforcement tool fo...

The satisfaction of a software requirement is commonly stated as a Boolean value, that is, a security requirement is either satisfied (true) or not (false). However, a discrete Boolean value to measure the satisfaction level of a security requirement by deployed mechanisms is not very useful. Rather, it would be more effective if we could quantify...

Model-based evaluation in cybersecurity has a long history. Attack Graphs (AGs) and Attack Trees (ATs) were the earlier developed graphical security models for cybersecurity analysis. However, they have limitations (e.g., scalability problem, state-space explosion problem, etc.) and lack the ability to capture other security features (e.g., counter...

Moving Target Defense (MTD) is a defensive strategy to thwart adversaries by continuously shifting the attack surface. The MTD techniques can be applied to the cloud computing to make the cloud more unpredictable, hence more difficult to exploit. There are many MTD techniques proposed, and various metrics are used to measure their effectiveness. Ho...

There have been many efforts to detect rumors using various machine learning (ML) models, but there is still a lack of understanding of their performance against different rumor topics and available features, resulting in a significant performance degrade against completely new and unseen (unknown) rumors. To address this issue, we investigate the...

Security metrics present the security level of a system or a network in both qualitative and quantitative ways. In general, security metrics are used to assess the security level of a system and to achieve security goals. There are a lot of security metrics for security analysis, but there is no systematic classification of security metrics that ar...

Software defined networking (SDN) has been adopted in many application domains as it provides functionalities to dynamically control the network flow more robust and more economical compared to the traditional networks. In order to strengthen the security of the SDN against cyber attacks, many security solutions have been proposed. However, those s...

Graphical Security Models (GSMs), such as an Attack Graph, are used to assess the security of networks, but they are often limited to assess the security of the given network state (i.e., a snapshot at the current time). To address this issue, we develop a GSM named Time-independent Hierarchical Attack Representation Model (TI-HARM), which analyses...

Software Defined Networking (SDN) extends capabilities of existing networks by providing various functionalities, such as flexible networking controls. However, there are many security threat vectors in SDN, including existing and emerging ones arising from new functionalities, that may hinder the use of SDN. To tackle this problem, many countermea...

A computer-implemented method for monitoring the security of a computing network which includes a plurality of hosts and a plurality of edges which link connected hosts . The method comprises capturing and storing first and second network state information at first and second times respectively. The method comprises comparing the first and second n...

Hardening the dynamic networks is a very challenging task due to their complexity and dynamicity. Moreover, there may be multi-objectives to satisfy, while containing the solutions within the constraints (e.g., fixed budget, availability of countermeasures, performance degradation, non-patchable vulnerabilities, etc). In this paper, we propose a s...

Cloud computing has been adopted widely, providing on-demand computing resources to improve perfornance and reduce the operational costs. However, these new functionalities also bring new ways to exploit the cloud computing environment. To assess the security of the cloud, graphical security models can be used, such as Attack Graphs and Attack Tree...

When a vulnerability is discovered in a system, some key questions often asked by the security analyst are what threat(s) does it pose, what attacks may exploit it, and which parts of the system it affects. Answers to those questions provide the necessary information for the security assessment and to implement effective countermeasures. In the clo...

Existing security risk evaluation approaches (e.g., asset-based) do not consider specific security requirements of individual cloud computing clients in the security risk evaluation. In this paper, we propose a threat-specific risk evaluation approach that uses various security attributes of the cloud (e.g., vulnerability information, the probabili...

Moving Target Defense (MTD) is a proactive security solution, which can be utilized by cloud computing in order to thwart cyber attacks. Many MTD techniques have been proposed, but there is still a lack of systematic evaluation methods for assessing the effectiveness of the proposed MTD techniques, especially when multiple MTD techniques are to be...

Moving Target Defense (MTD) utilizes granularity, flexibility and elasticity properties of emerging networking technologies in order to continuously change the attack surface. There are many different MTD techniques proposed in the past decade to thwart cyberattacks. Due to the diverse range of different MTD techniques, it is of paramount importanc...

It is difficult to assess the security of modern networks because they are usually dynamic with configuration changes (such as changes in topology, firewall rules, etc). Graphical security models (e.g., Attack Graphs and Attack Trees) are widely used to systematically analyse the security posture of network systems using security metrics. However,...

Emerging networking technologies, such as cloud and Software Defined Networking, provide flexibility, elasticity and functionalities to change the network configurations over time. However, changes also impose unpredictable security postures at different times, creating difficulties to the security assessment of the network. To address this issue,...

It is important to assess the cost benefits of IT security investments. Typically, this is done by manual risk assessment process. In this paper, we propose an approach to automate this using graphical security models (GSMs). GSMs have been used to assess the security of networked systems using various security metrics. Most of the existing GSMs as...

Research ProblemCyber attacks are targeting the cloud computing systems, where enterprises, governments, and individuals are outsourcing their storage and computational resources for improved scalability and dynamic management of their data. However, the different types of cyber attacks, as well as the different attack goals, create difficulties pr...

Moving Target Defense (MTD) is an emerging security solution based on continuously changing attack surface thus makes it unpredictable for attackers. Cloud computing could leverage such MTD approaches to prevent its resources and services being compromised from an increasing number of attacks. Most of the existing MTD methods so far have focused on...

This paper presents and discusses the current state of Graphical Security Models (GrSM), in terms of four GrSM phases: (i) generation, (ii) representation, (iii) evaluation, and (iv) modification. Although many studies focused on improving the usability, efficiency, and functionality of GrSMs (e.g., by using various model types and evaluation techn...

The Internet of Things (IoT) contains a large number of heterogeneous devices with a variety of vulnerabilities. As the vulnerabilities can be exploited by the attackers to break into the system, it is of vital importance to patch all vulnerabilities. However, some vulnerabilities are impossible to patch (e.g., forever-day vulnerabilities). In orde...

Manual vulnerability discovery and exploit development on an executable are very challenging tasks for developers. Therefore, the automation of those tasks is becoming interesting in the field of software security. In this paper, we implement an approach of automated exploit generation for firmware of embedded systems by extending an existing dynam...

Security metrics present the security level of a system or a network in both qualitative and quantitative ways. In general, security metrics are used to assess the security level of a system and to achieve security goals. There are a lot of security metrics for security analysis, but there is no systematic classification of security metrics that is...

The Internet of Things (IoT) is enabling innovative applications in various domains. Due to its heterogeneous and wide-scale structure, it introduces many new security issues. To address this problem, we propose a framework for modeling and assessing the security of the IoT and provide a formal definition of the framework. Generally, the framework...

Dynamic networks can be characterised by many factors such as changes (e.g., vulnerability change, update of applications and services, topology changes). It is of vital importance to assess the security of such dynamic networks in order to improve the security of them. One way to assess the security is to use a graphical security model. However, t...

Security models, such as an Attack Graph (AG), are widely adopted to assess the security of networked systems, such as utilizing various security metrics and providing a cost-effective network hardening solution. There are various methods of generating these models, but the scalability problem exists for single-layered graph-based security models w...

Software Defined Network (SDN) is an emerging paradigm for flexible network design and implementation. Availability metric of SDNs is critically demanding further studies. This paper aims to propose hierarchical models to assess the availability of SDNs. We incorporate various failure modes and recovery behaviors in the SDN including (i) link failu...

The introduction of a Software-Defined Network (SDN) provides a better functionality and usability over the traditionally static networks. The SDN separates controllers and networking peripherals onto the Control and Data Planes respectively. However, this separation creates new vulnerabilities between the planes. To address this problem, we propos...

Security of virtual network systems, such as Cloud computing systems, is important to users and administrators. One of the major issues with Cloud security is detecting intrusions to provide time-efficient and cost-effective countermeasures. Cyber-attacks involve series of exploiting vulnerabilities in virtual machines, which could potentially caus...

Cyber crime is a developing concern, where criminals are targeting valuable assets and critical infrastructures within networked systems, causing a severe socio-economic impact on enterprises and individuals. Adopting Moving Target Defense (MTD) helps thwart cyber attacks by continuously changing the attack surface. There are numerous MTD technique...

Moving Target Defense (MTD) changes the attack surface of a system that confuses intruders to thwart attacks. Various MTD techniques are developed to enhance the security of a networked system, but the effectiveness of these techniques is not well assessed. Security models (e.g., Attack Graphs (AGs)) provide formal methods of assessing security, bu...

Computing a prioritized set of vulnerabilities to patch is important for system administrators to determine the order of vulnerabilities to be patched that are more critical to the network security. One way to assess and analyze security to find vulnerabilities to be patched is to use attack representation models (ARMs). However, security solutions...

Attack representation models (ARMs) (such as attack graphs, attack trees) can be used to model and assess security of a networked system. To do this, one must generate an ARM. However, generation and evaluation of the ARM suffer from a scalability problem when the size of the networked system is very large (e.g., 10,000 computer hosts in the networ...

Attack graphs (AGs) have been widely used for security analysis. The construction of the graph-based attack models including the AG have been studied, but the security evaluation considering the full attack paths cannot be computed using existing attack models due to the scalability problem. To solve this, we propose to use hierarchical attack repr...

Automated construction methods of attack graphs (AGs) and their improved attack representation models (ARMs) have been proposed, but the AG has a state space explosion when analysing the security of very large sized networked systems. Instead, attack trees (ATs) and their improved ARMs can be used (e.g., Defense Trees, Protection Trees, Attack Resp...

Network security can be analysed using attack representation models (ARMs) (e.g., Attack Graphs (AGs) and Attack Trees (ATs)). One can analyse the network security by computing all possible attack scenarios, but it suffers from a scalability problem. We propose centrality based network security analysis by ranking important hosts based on network c...

Attack models can be used to assess network security. Purely graph based attack representation models (e.g., attack graphs) have a state-space explosion problem. Purely tree-based models (e.g., attack trees) cannot capture the path information explicitly. Moreover, the complex relationship between the host and the vulnerability information in attac...