In the current era of online processing, maximum of the information is online and prone to cyber threats. There are a huge number of cyber threats and their behavior is difficult to early understanding hence difficult to restrict in the early phases of the cyber attacks. Cyber attacks may have some motivation behind it or may be processed unknowingly. The attacks those are processed knowingly c...

We have witnessed many attacks in the cyberspace. However, most attacks are launched by individual attackers even though an attack may involve many compromised computers. In this paper, we envision what we believe to be the next generation cyber attacks — collaborative attacks. Collaborative attacks can be launched by multiple attackers (i.e., human attackers or criminal organizations), each of...

Port hopping is a typical proactive cyber defense technology, which hides the service identity and confuses attackers during reconnaissance by constantly altering service ports. Although several kinds of port hopping mechanisms have been proposed and implemented, but it is still unknown how effective port hopping is and under what circumstances it is a viable moving target defense because the e...

Welcome to this special issue of Journal of Defense Modeling and Simulation on ‘Cyber Defense: Methodologies and Techniques for Evaluation’. The cyber domain has emerged as a strategic national domain of interest to both military and civilian sectors. The overlap between military and commercial networking resources and infrastructure complicates issues of protection, defense, and offense. The d...

Nations must define priorities, objectives, goals and scope when formulating a national strategy that covers cyberspace, cybersecurity, stakeholder engagement, capacity building, cyber governance, cybercrime and cyber defense. The goal of this article is to propose a National Cybersecurity Strategy Model (NCSSM) based on key pillars in order to tackle the completion of all the requirements in a...

This paper presents current work on developing an operational semantic theory of cyber defense against advanced persistent threats (APTs), which is grounded in cyber threat analytics, science of evidence, knowledge engineering, and machine learning. After introducing advanced persistent threats, it overviews a systematic APT detection framework and the corresponding APT detection models, the fo...

The rapid evolution of network intrusions has rendered traditional Intrusion Detection Systems (IDS) insufficient for cyber attacks such as the Advanced Persistent Threats (APT), which are sophisticated and enduring network intrusion campaigns comprising multiple imperceptible steps of malicious cyber activities. Dealing with such elaborated network intrusions calls for novel and more proactive...