Overcoming Barriers to Empirical Cyber Research

We give an idiosyncratic overview of applications of topology to cyber research, spanning the analysis of variables/assignments and control flow in computer programs, a brief sketch of topological data analysis in one dimension, and the use of sheaves to analyze wireless networks. The text is from a chapter in the forthcoming book Mathematics in Cyber Research, to be published by Taylor and Francis.

The cyber landscape is inherently complex. Although cyber-attacks of varying magnitude are frequently observed every day, many cyber-related crimes still go underreported. The data collected from these observations may be insufficient, incomplete, or even overwhelming. Using statistical methods, more useful information may be inferred from this type of data. This chapter introduces fundamental topics on statistical methods that relate to cyber research. Statistical methods play several essential roles in cyber research. Statistical methods ensure data are correctly collected and summarized to answer a specific question of interest. Through descriptive statistics, raw observation data can be transformed into common knowledge. Reasoning with large data sets can be overwhelming. With inferential statistics, the characteristics of more massive data sets can be gained from smaller data samples. In order to cope with cyber-related threats, which are often unknown, the concept of resilience is adapted and applied to cyber research. Through these methods, research in cyber resilience benefits from research in statistical methods. The application of statistical methods to modeling, analyzing, interpreting, and presenting information from diverse channels of cyber research hopes to aid in overcoming new cyber threats.

Cyber security is a high-ranking national priority that is only likely to grow as we become more dependent on cyber systems. From a research perspective, currently available work often focuses solely on technological aspects of cyber, acknowledging the human in passing, if at all. In recent years, the Human Factors community has begun to address human-centered issues in cyber operations, but in comparison to technological communities, we have only begun to scratch the surface. Even with publications on cyber human factors gaining momentum, there still exists a major gap in the field between understanding of the domain and currently available research meant to address relevant issues. The purpose for this panel is to continue to expand the role of human factors in cyber research by introducing the community to current work being done, and to facilitate collaborations to drive future research. We have assembled a panel of scientists across multiple specializations in the human factors community to have an open discussion regarding how to leverage previous human factors research and current work in cyber operations to continue to push the bounds of the field.

National security agencies are increasingly concerned about cyber threats to Industrial Control Systems (ICS). For this reason, the detection and mitigation of cyber-attacks on ICS, as well as addressing the consequences of these attacks, are extensively researched. This paper describes the efforts of the cyber research team at Binghamton University that created an experimental cyber research testbed, designed as a power station equipped with low-watt electric machinery and industrial control and sensory systems, common in modern ICS. This paper presents a comprehensive study of time delay injection attacks on networked control systems, in which an attacker injects extra time delays into the feedback and forward channels of control systems. These attacks enable the adversary to interfere with the control system and create system instability, causing anomalous operational regimes and potentially forcing the system to crash. A technology based on an online recursive estimation of network time delays is proposed and validated by simulation studies and experiments on the testbed to mitigate any time delay injection attacks.

In the ancient world, artisans laboured with stone to represent humankind in God's likeness. In a postmodern age, visions of individual rather than universal truths are now the norm, yet contemporary digital artists continue to enhance, epitomize, and iconize in the name of art, turning the ordinary - the proverbial lump of clay - into the extraordinary. As we move further into the 21 st century, artificial intelligence and other advanced digital technologies are poised to become the next tools for transforming the everyday into new aesthetic ideals. Currently, cyber researchers speak confidently about a near future in which computers will surpass the intelligence of their creators, and anticipate a time when man and machine will ultimately merge through bio-technology into cyborg. Futurists argue that the human body is already a machine and that the cyborg will simply become the next step along the road of human evolution, in the same way that the ubiquitous smartphone currently extends our McLuhan-esque reach. Building on my previous work exploring ideal form in an alphanumeric age (Tucker 2011, 37) and incorporating a qualitative survey of the literature, as well as interviews with prominent digital artists and cyber researchers, this paper examines how the dawning of the cyborg age will challenge us to rethink art. As the artist and the shiny, perfect object become one, the age-old quest for ideal form will be rearticulated. Art and life will no longer imitate each other but, instead, co-exist in a state of oneness, as genetic, mechanical and bio-engineering provide a first flickering glimpse at immortality. This paper argues whether, in the future, the question but is it art? will need to be reframed as but are we art?

Investigating cyber conflict is enormously difficult. The domain is complex, quality data are sparse, international affairs are shrouded in secrecy, and despite its seeming ubiquity, cyber power has only recently entered the battlefield. In the face of these challenges, we must rise to meet the challenges of cybersecurity research by deploying creative methods that collect verifiable and probatory data, and which allow for predictive models of cyber behavior. Against this backdrop, our special issue offers a vision of cybersecurity research that embraces a culture of rigorous inquiry based on theoretically robust, and policy relevant investigation. We highlight two key features. First, research at the intersection of cybersecurity and political science must incorporate the human dimension of cyber conflict. A human security approach to cybersecurity places people as the primary objects of security and recognizes that individual-level analyses can shed light on macro-level trends. Second, cyber research must adopt rigorous, empirical methods. We embrace a broad tent of empirical data collection techniques – spanning qualitative and quantitative, experimental, and observational research. What is integral is that all scholarship abides by the highest standards of replicability and falsifiability. The articles contained in this special issue collectively form a proof of concept that expands the horizons of cybersecurity research from a substantive viewpoint (adding a human dimension to the prevalent military/strategic analyses), and from a methodological perspective (propounding the importance of empirical scrutiny). Together, these 10 pieces of scholarship collectively affirm that there is now a critical mass of substantively diverse and empirically rigorous research in the field of cybersecurity, and that we as a community are capable of making bold, theoretically grounded, and empirically tested claims that verify how cyber power is or is not altering the nature of peace, conflict and international relations.

Cyber Influence and Cognitive Threats

The presence of intrusion attack traces in network traffic pattern seems to be major threatening to cyber community. During a decade, many preventive and detection measures have had been developed to overcome these illicit activities but the evolution of zero-day exploits which has common behavior as intrusion traces find difficult to resolve the critics presence in network traffic patterns. The other critics faced by preventive and detection measures are majority of intrusion traces resembles as normal behavior in network traffic pattern analysis. Contemporary preventive or detective measures have been evolved either as neither one-hand approach nor hybrid approaches. Objective of this paper is to elaborate discuss the detection and preventive measures evolved still and their flaws incurred in their approaches. Also, suggesting the new meta-heuristics algorithm called as 'Grey Wolf Optimizer approach and its working attitude towards the fittest solution resolved from critics. Also, discuss the effectiveness of utilizing this new meta-heuristics approach in designing the efficient intrusion detection model by extensively compare with other methodologies with an intent to find prominent solution which will be effectively used by cyber Researchers in future.

Despite growing attention to cyber risks in research and practice, quantitative cyber risk assessments remain limited, mainly due to a lack of reliable data. This analysis leverages sparse historical data to quantify the financial impact of cyber incidents at the enterprise level. For this purpose, an operational risk database—which has not been previously used in cyber research—was examined to model and predict the likelihood, severity and time dependence of a company’s cyber risk exposure. The proposed model can predict a negative time correlation, indicating that individual cyber exposure is increasing if no cyber loss has been reported in previous years, and vice versa. The results suggest that the probability of a cyber incident correlates with the subindustry, with the insurance sector being particularly exposed. The predicted financial losses from a cyber incident are less extreme than cited in recent investigations. The study confirms that cyber risks are heavy-tailed, jeopardising business operations and profitability.

Probability theory provides the tools necessary to quantify notions of uncertainty and random variability. This chapter explores some basics of probability theory in the context of cyber research. Fundamental concepts such as sample spaces, events, probability axioms, and conditional probability are introduced. The notion of a random variable is discussed, and details of several widely used discrete and continuous random variables are presented, including probability distribution functions for each. Modeling applications and illustrating cyber-related examples are provided for many of these distributions. Expectation and variance are defined and briefly explained. The chapter concludes with an overview of some probability models used in cyber research, including ideas such as Bayes Rule, Markov chains, and information entropy. Each of these ideas is accompanied by relevant examples pertaining to various risks in the cyber domain. References for further study are suggested, and appendices are included with summary tables of important distributions and Normal distribution probabilities.

Cyber operations offer a unique environment in which the lines between cognition and technology are constantly blurred. Within the greater research community, current work often focuses solely on the technology, often only acknowledging the human in passing, if at all. More recently, the Human Factors community has begun to address human-centered issues in cyber operations, but in comparison to technological communities, we have yet to scratch the surface. Even with publications on Cyber Human Factors gaining momentum, we still lack a complete and holistic understanding of the domain itself, creating a major gap in the field. The purpose of this panel is to continue to expand the role Human Factors in cyber research by introducing the community to current work being done, and to facilitate collaborations to drive future research. We have assembled a panel of scientists across multiple specializations in the Human Factors community to have an open discussion on how we can leverage previous work in human factors and current work in cyber operations to continue to push the bounds of the field.

Social networking sites such as MySpace and virtual communities such as on-line support groups can be a rich source of data for researchers. These sites can be an effective way of reaching and researching young people in order to address their particular health needs. Internet-based research is also potentially risky and exploitative. There is some guidance for conducting research online, but there are no detailed or universally accepted ethics guidelines for research of webspaces such as MySpace or virtual communities in which young people participate. One question that arises is--If MySpace is a public webspace, can research be done without consent? In this paper I investigate ethical issues surrounding young people's consent in cyber research. I identify issues that help determine whether consent is needed, offer suggestions for dealing with consent in cyberspace and add my voice to the call for a resource of case studies--indispensible in the development of guidelines and the education of researchers and research ethics committees.

Applications of AI/ML in Maritime Cyber Supply Chains

In this paper, a simple single-axis testbed is described and initial experimental results are presented to illustrate collocated and non-collocated control for this structure. The testbed is made up of a pair of single-axis flexible beams attached to a dc servo motor. An optical encoder and strain gauges provide hub and beam position information, respectively. The system is driven by an IBM PC system; with a Cyber Research Inc. motor controller, a programmable digital filter processes position error information through user-selected gains and pole-zero configurations. A 25kHz data acquisition system provides the necessary interface between processor and motor. The control approaches currently being investigated include collocated PD control and non-collocated phase compensation.

All users place a high value on information security. Over the last few decades, cyber security has been one of the most fascinating and essential topics in cyber re-search. The goal of this work is to propose a machine learning method for the problem of cyber security threats. As a result, a multi-model machine learning approach was developed to predict the top ten traits that can be used to detect cyber threats. This work finds the importance of each feature in from the dataset using machine learning. this model trained with random forest model and exclude the features which are least important to the model.