TY - GEN
T1 - Identifying the Cyber Attack Origin with Partial Observation
T2 - 2nd IEEE International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017
AU - Lalou, Mohammed
AU - Kheddouci, Hamamache
AU - Hariri, Salim
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/10/9
Y1 - 2017/10/9
N2 - Cyber systems have become ubiquitous and indispensable in our daily life, and the extent of our dependence on them has increasingly grown in all fields including: education, business, industry and government. Those systems make intensive use of data and information and are therefore exposed to more potential cyber attacks. Thereby, the need for reliable approaches to protect them has increased. One of the key elements for guaranteeing the security of cyber systems is to identify the origin (the source) of the attack. In this paper, we describe a new approach to estimate both the source and the start time of a virus outbreak in complex networks (which include cyber systems) using partial information about the diffusion process, obtained through observing only a subset of nodes. Our approach uses a linear regression method on the partial obtained data, based on the fact that there is a linear correlation observed between the relative infection time of a node and its effective distance from the source. The experimental results showed that our approach is able to give an estimation of the source and the start time in, respectively, few hops from the actual source, and few time-units from the real start time.
AB - Cyber systems have become ubiquitous and indispensable in our daily life, and the extent of our dependence on them has increasingly grown in all fields including: education, business, industry and government. Those systems make intensive use of data and information and are therefore exposed to more potential cyber attacks. Thereby, the need for reliable approaches to protect them has increased. One of the key elements for guaranteeing the security of cyber systems is to identify the origin (the source) of the attack. In this paper, we describe a new approach to estimate both the source and the start time of a virus outbreak in complex networks (which include cyber systems) using partial information about the diffusion process, obtained through observing only a subset of nodes. Our approach uses a linear regression method on the partial obtained data, based on the fact that there is a linear correlation observed between the relative infection time of a node and its effective distance from the source. The experimental results showed that our approach is able to give an estimation of the source and the start time in, respectively, few hops from the actual source, and few time-units from the real start time.
UR - http://www.scopus.com/inward/record.url?scp=85035220592&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85035220592&partnerID=8YFLogxK
U2 - 10.1109/FAS-W.2017.168
DO - 10.1109/FAS-W.2017.168
M3 - Conference contribution
AN - SCOPUS:85035220592
T3 - Proceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017
SP - 329
EP - 333
BT - Proceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 18 September 2017 through 22 September 2017
ER -