Preventing crimes or terrorist attacks in urban areas is challenging. Law enforcement officers need to respond quickly to catch the attacker on his escape route, which is subject to time-dependent traffic conditions on transportation networks. The attacker can strategically choose his escape path and driving speed to avoid being captured. Existing work on security resource allocation has not co...

The ShadowNet infrastructure for insider cyber attack prevention is comprised of a tiered server system that is able to dynamically redirect dangerous/suspicious network traffic away from production servers that provide web, ftp, database and other vital services to cloned virtual machines in a quarantined environment. This is done transparently from the point of view of both the attacker and n...

A check detection task in a 5 x 5 section of the chessboard, containing a King and one or two potential checking pieces was employed. The checking status (i.e., the presence or absence of a check) and the number of attackers (one or two) were manipulated. It was found that the reaction time cost for adding a distractor was differentially greater in no trials than yes trials for novice, but not ...

Reliable operation of power systems is a primary challenge for the system operators. With the advancement in technology and grid automation, power systems are becoming more vulnerable to cyber-attacks. The main goal of adversaries is to take advantage of these vulnerabilities and destabilize the system. This paper describes a game-theoretic approach to attacker / defender modeling in power syst...

Advanced persistent threats (APTs) are stealthy attacks which make use of social engineering and deception to give adversaries insider access to networked systems. Against APTs, active defense technologies aim to create and exploit information asymmetry for defenders. In this paper, we study a scenario in which a powerful defender uses honeynets for active defense in order to observe an attacke...

We propose a new model for estimating the time to compromise a system component that is visible to an attacker. The model provides an estimate of the expected value of the time-to-compromise as a function of known and visible vulnerabilities, and attacker skill level. The time-to-compromise random process model is a composite of three subprocesses associated with attacker actions aimed at the e...

The performance of football players within game context can be analyzed based on their ability to break or (re)balance the attacker-defender dyad. In this context, the analysis of each sub-phase (e.g., 1v1, 2v2) presents a feature that needs to be taken into account in sports analysis. This study aims to investigate the interpersonal dynamics dyad formed by the attacker and the defender in 1v1 ...

We investigate the large scale of networks in the context of network survivability under attack. We use appropriate techniques to evaluate and the attacker-basedand the defenderbased-network survivability. The attacker is unaware of the operated links by the defender. Each attacked link has some pre-specified probability to be disconnected. The defender choice is so that to maximize the chance ...

By monitoring Internet traffic in the vicinity of a given host—which can be a single computer or a gateway device with multiple computers behind it—an attacker can observe communications originating from and destined to this host. Even if the message contents are encrypted, the IP addresses must remain visible for the packets to be properly routed throughout the open Internet. So the attacker c...

We propose a new model for estimating the time to compromise a system component that is visible to an attacker. The model provides an estimate of the expected value of the time-to-compromise as a function of known and visible vulnerabilities, and attacker skill level. The time-to-compromise random process model is a composite of three subprocesses associated with attacker actions aimed at the e...