[Defense] Prioritization In Sequential Decision-Making Under Uncertainty In Cyber
Monday, July 24, 2023
11:00 am - 1:00 pm
In
Partial
Fulfillment
of
the
Requirements
for
the
Degree
of
Doctor
of
Philosophy
Soodeh
Atefi
will
defend
her
dissertation
Prioritization
In
Sequential
Decision-Making
Under
Uncertainty
In
Cyber
Abstract
This dissertation comprises three studies exploring the general topic of cyber security investigations, with a focus on identifying malicious elements such as vulnerabilities, techniques used by the attackers, and poisoning examples. The objective of these studies is to develop enhanced policies, superior prioritization methods, and improved strategies for conducting such investigations. The first study examines the data, while the second and third studies develop mathematical models. The first study focuses on bug-bounty programs which are initiatives set up by organizations to encourage external security researchers to find security vulnerabilities or bugs in their products. However, it remains difficult to measure the benefits of bug-bounty programs. The findings show the benefit of leveraging the collective expertise of external security experts. The second study addresses the challenge of prioritizing cyber-forensic investigation techniques to promptly discover how threat actors breached security during a cybersecurity incident. The goal is to assess the impact of the incident and develop countermeasures to protect against further attacks. This study formulates the decision-support problem as a Markov decision process and employs a $k$-nearest neighbor-based Monte Carlo tree search method. The method outperforms the state-of-the-art decision-support in terms of obtained benefit per effort spent. The third study investigates the detection of poisoned examples in deep learning datasets, which can pose serious threats to models trained on contaminated data. It introduces a principled defense approach that uses active search to identify poisoned elements crafted through targeted data poisoning attacks. The proposed method outperforms the two state-of-the-art defense methods in terms of attack success rate. It is also successful in detecting poisoned examples by investigating a small portion of the contaminated dataset. In conclusion, these data-driven studies offer valuable insights to cyber-security investigators, enabling them to improve policies, prioritize effectively, and develop better strategies. Furthermore, they consider the cost-benefit tradeoff to optimize resource allocation. The bug-bounty program study helps organizations to develop a policy in running these programs that can increase the benefits of running bug-bounty programs, while the cyber forensic investigation study and the study of poisoned examples seek to minimize effort while maximizing obtained benefit.
Friday,
July
24,
2023
11:00AM
-
1:00PM
Online
via
Dr. Amin Alipour, Faculty Advisor
Faculty, students and the general public are invited.
