Shambhu Upadhyaya’s research while affiliated with SUNY Ulster and other places

The current study examines the relationship between the need for control, the Dark Triad personality traits, and hacking intent. We surveyed 523 individuals using a scenario design and investigated the role of both primary and secondary control as antecedents to Machiavellianism, psychopathy, and narcissism leading to both white- (i.e., ethical) and black-hat hacking interest. Our findings suggest that primary control is a significant antecedent to all three dark personality traits such that a higher intrinsic need for control is positively associated with Machiavellianism, narcissism, and psychopathy. Secondary control, however, has comparatively different effects on dark personality traits, demonstrating a negative effect only on psychopathy. Both Machiavellianism and psychopathy predicted both white- and black-hat hacking interests along with the perceived probability of apprehension. Overall, our findings suggest that primary control drives all three dark personality traits, yet only two of the three dark personality traits – Machiavellianism and psychopathy – are related to hacking interest.

Recently, ransomware attacks have become widespread and are causing unprecedented damage to cyber-physical systems. Although there are various types of ransomware, this paper focuses on a generic version and analyzes it using game theory. When attacked, victims are often faced with the dilemma of deciding whether or not to pay a ransom. To assist victims in making this decision, we develop a game-theoretic model that examines the attack environment and determines the conditions under which the defender has an advantage in neutralizing the attack. We introduce two new parameters to the game model to aid in decision-making when confronted with a ransomware attack. Additionally, we present game models that depict both rational and irrational attacker behavior. We perform a sensitivity analysis on the game model in cases where the attacker behaves rationally, and demonstrate the impact of the parameters on the decision-making process and equilibrium strategies. Ultimately, we explore how the model’s outcomes can assist defenders in designing an effective defense system to prevent and mitigate future attacks of a similar nature. This also, prepares the ground for analysis of more advanced form of malware. KeywordsCryptographyComputer securityCybersecurityGame theoryRansomware

Deception has been proposed in the literature as an effective defense mechanism to address Advanced Persistent Threats (APT). However, administering deception in a cost-effective manner requires a good understanding of the attack landscape. The attacks mounted by APT groups are highly diverse and sophisticated in nature and can render traditional signature based intrusion detection systems useless. This necessitates the development of behavior oriented defense mechanisms. In this paper, we develop Decepticon (Deception-based countermeasure), a Hidden Markov Model based framework where the indicators of compromise (IoC) are used as the observable features to aid in detection. This theoretical framework also includes several models to represent the spread of APTs in a computer system. The presented framework can be used to select an appropriate deception script when faced with APTs or other similar malware and trigger an appropriate defensive response. The effectiveness of the models in a networked system is illustrated by considering a real APT type ransomware.

The migration to electronic health records (EHR) in the healthcare industry has raised issues with respect to security and privacy. One issue that has become a concern for healthcare providers, insurance companies, and pharmacies is patient health information (PHI) leaks because PHI leaks can lead to violation of privacy laws, which protect the privacy of individuals’ identifiable health information, potentially resulting in a healthcare crisis. This study explores the issue of PHI leaks from an access control viewpoint. We utilize access control policies and PHI leak scenarios derived from semi structured interviews with four healthcare practitioners and use the lens of activity theory to articulate the design of an access control model for detecting and mitigating PHI leaks. Subsequently, we follow up with a prototype as a proof of concept.

Insider attacks are one of the most dangerous threats to an organization. Unfortunately, they are very difficult to foresee, detect, and defend against due to the trust and responsibilities placed on the employees. In this article, we first define the notion of user intent and construct a model for a common scenario that poses a very high risk for sensitive data stored in the organization’s database. We show that the complexity of identifying pseudo-intents of a user in this scenario is coNP-Complete, and launching a harvester insider attack within the boundaries of the defined threat model takes linear time while a targeted threat model is an NP-Complete problem. We also discuss the general defense mechanisms against the modeled threats and show that countering the harvester insider attack takes quadratic time while countering the targeted insider attack can take linear to quadratic time, depending on the strategy chosen. We analyze the adversarial behavior and show that launching an attack with minimum risk is also an NP-Complete problem. Finally, we perform timing experiments with the defense mechanisms on SQL query workloads collected from a national bank to test the feasibility of using these systems in real time.