Jin-Hee Cho - Academia.edu (original) (raw)
Papers by Jin-Hee Cho
arXiv (Cornell University), Feb 18, 2023
IEEE Access
The moving target defense (MTD) is a proactive cybersecurity defense technique that constantly ch... more The moving target defense (MTD) is a proactive cybersecurity defense technique that constantly changes potentially vulnerable points to be attacked, to confuse the attackers, making it difficult for attackers to infer the system configuration and nullify reconnaissance activities to a victim system. We consider an MTD strategy for software-defined networking (SDN) environment where every SDN switch is controlled by a central SDN controller. As the MTD may incur excessive usage of the network/system resources for cybersecurity purposes, we propose to perform the MTD operations adaptively according to the security risk assessment based on a Bayesian attack graph (BAG) analysis. For accurate BAG analysis, we model random and weakest-first attack behaviors and incorporate the derived analytical models into the BAG analysis. Using the BAG analysis result, we formulate a knapsack problem to determine the optimal set of vulnerabilities to be reconfigured under a constraint of SDN reconfiguration overhead. The experiment results prove that the proposed MTD strategy outperforms the full MTD and random MTD counterparts in terms of the maximum/average of attack success probabilities and the number of SDN reconfiguration updates. INDEX TERMS Moving target defense, Bayesian attack graph, software-defined networking.
ACM Transactions on Cyber-Physical Systems
Machine learning (ML)-based intrusion detection system (IDS) approaches have been significantly a... more Machine learning (ML)-based intrusion detection system (IDS) approaches have been significantly applied and advanced the state-of-the-art system security and defense mechanisms. In smart grid computing environments, security threats have been significantly increased as shared networks are commonly used, along with the associated vulnerabilities. However, compared to other network environments, ML-based IDS research in a smart grid is relatively unexplored, although the smart grid environment is facing serious security threats due to its unique environmental vulnerabilities. In this article, we conducted an extensive survey on ML-based IDS in smart grids based on the following key aspects: (1) The applications of the ML-based IDS in transmission and distribution side power components of a smart power grid by addressing its security vulnerabilities; (2) dataset generation process and its usage in applying ML-based IDSs in the smart grid; (3) a wide range of ML-based IDSs used by the s...
2019 22th International Conference on Information Fusion (FUSION)
2021 IEEE Global Communications Conference (GLOBECOM)
arXiv (Cornell University), Nov 19, 2021
arXiv (Cornell University), Jan 21, 2021
2018 IEEE International Conference on Big Data (Big Data), 2018
Subjective Logic (SL) is one of well-known belief models that can explicitly deal with uncertain ... more Subjective Logic (SL) is one of well-known belief models that can explicitly deal with uncertain opinions and infer unknown opinions based on a rich set of operators of fusing multiple opinions. Due to high simplicity and applicability, SL has been substantially applied in a variety of decision making in the area of cybersecurity, opinion models, trust models, and/or social network analysis. However, SL and its variants have exposed limitations in predicting uncertain opinions in real-world dynamic network data mainly in threefold: (1) a lack of scalability to deal with a large-scale network; (2) limited capability to handle heterogeneous topological and temporal dependencies among nodelevel opinions; and (3) a high sensitivity with conflicting evidence that may generate counterintuitive opinions derived from the evidence. In this work, we proposed a novel deep learning (DL)based dynamic opinion inference model while node-level opinions are still formalized based on SL meaning that an opinion has a dimension of uncertainty in addition to belief and disbelief in a binomial opinion (i.e., agree or disagree). The proposed DLbased dynamic opinion inference model overcomes the above three limitations by integrating the following techniques: (1) state-of-the-art DL techniques, such as the Graph Convolutional Network (GCN) and the Gated Recurrent Units (GRU) for modeling the topological and temporal heterogeneous dependency information of a given dynamic network; (2) modeling conflicting opinions based on robust statistics; and (3) a highly scalable inference algorithm to predict dynamic, uncertain opinions in a linear computation time. We validated the outperformance of our proposed DL-based algorithm (i.e., GCN-GRU-opinion model) via extensive comparative performance analysis based on four real-world datasets.
2018 IEEE International Conference on Data Mining (ICDM), 2018
MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), 2018
2019 IEEE International Conference on Big Data (Big Data), 2019
Inference of unknown opinions with uncertain, adversarial (e.g., incorrect or conflicting) eviden... more Inference of unknown opinions with uncertain, adversarial (e.g., incorrect or conflicting) evidence in large datasets is not a trivial task. Without proper handling, it can easily mislead decision making in data mining tasks. In this work, we propose a highly scalable opinion inference probabilistic model, namely Adversarial Collective Opinion Inference (Adv-COI), which provides a solution to infer unknown opinions with high scalability and robustness under the presence of uncertain, adversarial evidence by enhancing Collective Subjective Logic (CSL) which is developed by combining SL and Probabilistic Soft Logic (PSL). The key idea behind the Adv-COI is to learn a model of robust ways against uncertain, adversarial evidence which is formulated as a min-max problem. We validate the outperformance of the Adv-COI compared to baseline models and its competitive counterparts under possible adversarial attacks on the logic-rule based structured data and white and black box adversarial attacks under both clean and perturbed semisynthetic and real-world datasets in three real world applications. The results show that the Adv-COI generates the lowest mean absolute error in the expected truth probability while producing the lowest running time among all.
ArXiv, 2019
Traditional deep neural nets (NNs) have shown the state-of-the-art performance in the task of cla... more Traditional deep neural nets (NNs) have shown the state-of-the-art performance in the task of classification in various applications. However, NNs have not considered any types of uncertainty associated with the class probabilities to minimize risk due to misclassification under uncertainty in real life. Unlike Bayesian neural nets indirectly infering uncertainty through weight uncertainties, evidential neural networks (ENNs) have been recently proposed to support explicit modeling of the uncertainty of class probabilities. It treats predictions of an NN as subjective opinions and learns the function by collecting the evidence leading to these opinions by a deterministic NN from data. However, an ENN is trained as a black box without explicitly considering different types of inherent data uncertainty, such as vacuity (uncertainty due to a lack of evidence) or dissonance (uncertainty due to conflicting evidence). This paper presents a new approach, called a {\em regularized ENN}, tha...
ArXiv, 2021
Defensive deception techniques have emerged as a promising proactive defense mechanism to mislead... more Defensive deception techniques have emerged as a promising proactive defense mechanism to mislead an attacker and thereby achieve attack failure. However, most game-theoretic defensive deception approaches have assumed that players maintain consistent views under uncertainty. They do not consider players’ possible, subjective beliefs formed due to asymmetric information given to them. In this work, we formulate a hypergame between an attacker and a defender where they can interpret the same game differently and accordingly choose their best strategy based on their respective beliefs. This gives a chance for defensive deception strategies to manipulate an attacker’s belief, which is the key to the attacker’s decision making. We consider advanced persistent threat (APT) attacks, which perform multiple attacks in the stages of the cyber kill chain where both the attacker and the defender aim to select optimal strategies based on their beliefs. Through extensive simulation experiments, ...
ArXiv, 2020
Thanks to graph neural networks (GNNs), semi-supervised node classification has shown the state-o... more Thanks to graph neural networks (GNNs), semi-supervised node classification has shown the state-of-the-art performance in graph data. However, GNNs have not considered different types of uncertainties associated with class probabilities to minimize risk of increasing misclassification under uncertainty in real life. In this work, we propose a multi-source uncertainty framework using a GNN that reflects various types of predictive uncertainties in both deep learning and belief/evidence theory domains for node classification predictions. By collecting evidence from the given labels of training nodes, the Graph-based Kernel Dirichlet distribution Estimation (GKDE) method is designed for accurately predicting node-level Dirichlet distributions and detecting out-of-distribution (OOD) nodes. We validated the outperformance of our proposed model compared to the state-of-the-art counterparts in terms of misclassification detection and OOD detection based on six real network datasets. We fou...
2021 IEEE International Conference on Web Services (ICWS), 2021
ACM Transactions on Internet Technology, 2022
Resource constrained Internet-of-Things (IoT) devices are highly likely to be compromised by atta... more Resource constrained Internet-of-Things (IoT) devices are highly likely to be compromised by attackers, because strong security protections may not be suitable to be deployed. This requires an alternative approach to protect vulnerable components in IoT networks. In this article, we propose an integrated defense technique to achieve intrusion prevention by leveraging cyberdeception (i.e., a decoy system) and moving target defense (i.e., network topology shuffling). We evaluate the effectiveness and efficiency of our proposed technique analytically based on a graphical security model in a software-defined networking (SDN)-based IoT network. We develop four strategies (i.e., fixed/random and adaptive/hybrid) to address “when” to perform network topology shuffling and three strategies (i.e., genetic algorithm/decoy attack path-based optimization/random) to address “how” to perform network topology shuffling on a decoy-populated IoT network, and we analyze which strategy can best achiev...
Proceedings of the 35th Annual ACM Symposium on Applied Computing, 2020
Moving target defense (MTD) has been developed as an emerging technology to enhance system/networ... more Moving target defense (MTD) has been developed as an emerging technology to enhance system/network security by randomly and continuously changing attack surface. Despite the significant progress of recent efforts in analyzing the security effectiveness of MTD mechanisms, critical gaps still exist in terms of the impact of running MTD mechanisms on system performance and dependability, exposing a critical design tradeoff between security and performance. To investigate the tradeoff, we propose performability models for evaluating services hosted in software-defined networks with a time-based MTD mechanism being deployed. We developed analytical models for evaluating key performability metrics, in terms of response time, throughput, availability, host utilization, a number of requests lost, and cost (i.e., energy consumption plus profits lost due to dropped jobs). Our results showed that using the time-based MTD mechanism can (1) improve service response time and host utilization; (2) introduce a higher number of requests lost and higher overall cost; and (3) reduce service availability while still handling most of the jobs without much performance degradation. CCS CONCEPTS • Networks → Network performance modeling; • Computing methodologies → Model development and analysis; • Security and privacy → Network security;
arXiv (Cornell University), Feb 18, 2023
IEEE Access
The moving target defense (MTD) is a proactive cybersecurity defense technique that constantly ch... more The moving target defense (MTD) is a proactive cybersecurity defense technique that constantly changes potentially vulnerable points to be attacked, to confuse the attackers, making it difficult for attackers to infer the system configuration and nullify reconnaissance activities to a victim system. We consider an MTD strategy for software-defined networking (SDN) environment where every SDN switch is controlled by a central SDN controller. As the MTD may incur excessive usage of the network/system resources for cybersecurity purposes, we propose to perform the MTD operations adaptively according to the security risk assessment based on a Bayesian attack graph (BAG) analysis. For accurate BAG analysis, we model random and weakest-first attack behaviors and incorporate the derived analytical models into the BAG analysis. Using the BAG analysis result, we formulate a knapsack problem to determine the optimal set of vulnerabilities to be reconfigured under a constraint of SDN reconfiguration overhead. The experiment results prove that the proposed MTD strategy outperforms the full MTD and random MTD counterparts in terms of the maximum/average of attack success probabilities and the number of SDN reconfiguration updates. INDEX TERMS Moving target defense, Bayesian attack graph, software-defined networking.
ACM Transactions on Cyber-Physical Systems
Machine learning (ML)-based intrusion detection system (IDS) approaches have been significantly a... more Machine learning (ML)-based intrusion detection system (IDS) approaches have been significantly applied and advanced the state-of-the-art system security and defense mechanisms. In smart grid computing environments, security threats have been significantly increased as shared networks are commonly used, along with the associated vulnerabilities. However, compared to other network environments, ML-based IDS research in a smart grid is relatively unexplored, although the smart grid environment is facing serious security threats due to its unique environmental vulnerabilities. In this article, we conducted an extensive survey on ML-based IDS in smart grids based on the following key aspects: (1) The applications of the ML-based IDS in transmission and distribution side power components of a smart power grid by addressing its security vulnerabilities; (2) dataset generation process and its usage in applying ML-based IDSs in the smart grid; (3) a wide range of ML-based IDSs used by the s...
2019 22th International Conference on Information Fusion (FUSION)
2021 IEEE Global Communications Conference (GLOBECOM)
arXiv (Cornell University), Nov 19, 2021
arXiv (Cornell University), Jan 21, 2021
2018 IEEE International Conference on Big Data (Big Data), 2018
Subjective Logic (SL) is one of well-known belief models that can explicitly deal with uncertain ... more Subjective Logic (SL) is one of well-known belief models that can explicitly deal with uncertain opinions and infer unknown opinions based on a rich set of operators of fusing multiple opinions. Due to high simplicity and applicability, SL has been substantially applied in a variety of decision making in the area of cybersecurity, opinion models, trust models, and/or social network analysis. However, SL and its variants have exposed limitations in predicting uncertain opinions in real-world dynamic network data mainly in threefold: (1) a lack of scalability to deal with a large-scale network; (2) limited capability to handle heterogeneous topological and temporal dependencies among nodelevel opinions; and (3) a high sensitivity with conflicting evidence that may generate counterintuitive opinions derived from the evidence. In this work, we proposed a novel deep learning (DL)based dynamic opinion inference model while node-level opinions are still formalized based on SL meaning that an opinion has a dimension of uncertainty in addition to belief and disbelief in a binomial opinion (i.e., agree or disagree). The proposed DLbased dynamic opinion inference model overcomes the above three limitations by integrating the following techniques: (1) state-of-the-art DL techniques, such as the Graph Convolutional Network (GCN) and the Gated Recurrent Units (GRU) for modeling the topological and temporal heterogeneous dependency information of a given dynamic network; (2) modeling conflicting opinions based on robust statistics; and (3) a highly scalable inference algorithm to predict dynamic, uncertain opinions in a linear computation time. We validated the outperformance of our proposed DL-based algorithm (i.e., GCN-GRU-opinion model) via extensive comparative performance analysis based on four real-world datasets.
2018 IEEE International Conference on Data Mining (ICDM), 2018
MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), 2018
2019 IEEE International Conference on Big Data (Big Data), 2019
Inference of unknown opinions with uncertain, adversarial (e.g., incorrect or conflicting) eviden... more Inference of unknown opinions with uncertain, adversarial (e.g., incorrect or conflicting) evidence in large datasets is not a trivial task. Without proper handling, it can easily mislead decision making in data mining tasks. In this work, we propose a highly scalable opinion inference probabilistic model, namely Adversarial Collective Opinion Inference (Adv-COI), which provides a solution to infer unknown opinions with high scalability and robustness under the presence of uncertain, adversarial evidence by enhancing Collective Subjective Logic (CSL) which is developed by combining SL and Probabilistic Soft Logic (PSL). The key idea behind the Adv-COI is to learn a model of robust ways against uncertain, adversarial evidence which is formulated as a min-max problem. We validate the outperformance of the Adv-COI compared to baseline models and its competitive counterparts under possible adversarial attacks on the logic-rule based structured data and white and black box adversarial attacks under both clean and perturbed semisynthetic and real-world datasets in three real world applications. The results show that the Adv-COI generates the lowest mean absolute error in the expected truth probability while producing the lowest running time among all.
ArXiv, 2019
Traditional deep neural nets (NNs) have shown the state-of-the-art performance in the task of cla... more Traditional deep neural nets (NNs) have shown the state-of-the-art performance in the task of classification in various applications. However, NNs have not considered any types of uncertainty associated with the class probabilities to minimize risk due to misclassification under uncertainty in real life. Unlike Bayesian neural nets indirectly infering uncertainty through weight uncertainties, evidential neural networks (ENNs) have been recently proposed to support explicit modeling of the uncertainty of class probabilities. It treats predictions of an NN as subjective opinions and learns the function by collecting the evidence leading to these opinions by a deterministic NN from data. However, an ENN is trained as a black box without explicitly considering different types of inherent data uncertainty, such as vacuity (uncertainty due to a lack of evidence) or dissonance (uncertainty due to conflicting evidence). This paper presents a new approach, called a {\em regularized ENN}, tha...
ArXiv, 2021
Defensive deception techniques have emerged as a promising proactive defense mechanism to mislead... more Defensive deception techniques have emerged as a promising proactive defense mechanism to mislead an attacker and thereby achieve attack failure. However, most game-theoretic defensive deception approaches have assumed that players maintain consistent views under uncertainty. They do not consider players’ possible, subjective beliefs formed due to asymmetric information given to them. In this work, we formulate a hypergame between an attacker and a defender where they can interpret the same game differently and accordingly choose their best strategy based on their respective beliefs. This gives a chance for defensive deception strategies to manipulate an attacker’s belief, which is the key to the attacker’s decision making. We consider advanced persistent threat (APT) attacks, which perform multiple attacks in the stages of the cyber kill chain where both the attacker and the defender aim to select optimal strategies based on their beliefs. Through extensive simulation experiments, ...
ArXiv, 2020
Thanks to graph neural networks (GNNs), semi-supervised node classification has shown the state-o... more Thanks to graph neural networks (GNNs), semi-supervised node classification has shown the state-of-the-art performance in graph data. However, GNNs have not considered different types of uncertainties associated with class probabilities to minimize risk of increasing misclassification under uncertainty in real life. In this work, we propose a multi-source uncertainty framework using a GNN that reflects various types of predictive uncertainties in both deep learning and belief/evidence theory domains for node classification predictions. By collecting evidence from the given labels of training nodes, the Graph-based Kernel Dirichlet distribution Estimation (GKDE) method is designed for accurately predicting node-level Dirichlet distributions and detecting out-of-distribution (OOD) nodes. We validated the outperformance of our proposed model compared to the state-of-the-art counterparts in terms of misclassification detection and OOD detection based on six real network datasets. We fou...
2021 IEEE International Conference on Web Services (ICWS), 2021
ACM Transactions on Internet Technology, 2022
Resource constrained Internet-of-Things (IoT) devices are highly likely to be compromised by atta... more Resource constrained Internet-of-Things (IoT) devices are highly likely to be compromised by attackers, because strong security protections may not be suitable to be deployed. This requires an alternative approach to protect vulnerable components in IoT networks. In this article, we propose an integrated defense technique to achieve intrusion prevention by leveraging cyberdeception (i.e., a decoy system) and moving target defense (i.e., network topology shuffling). We evaluate the effectiveness and efficiency of our proposed technique analytically based on a graphical security model in a software-defined networking (SDN)-based IoT network. We develop four strategies (i.e., fixed/random and adaptive/hybrid) to address “when” to perform network topology shuffling and three strategies (i.e., genetic algorithm/decoy attack path-based optimization/random) to address “how” to perform network topology shuffling on a decoy-populated IoT network, and we analyze which strategy can best achiev...
Proceedings of the 35th Annual ACM Symposium on Applied Computing, 2020
Moving target defense (MTD) has been developed as an emerging technology to enhance system/networ... more Moving target defense (MTD) has been developed as an emerging technology to enhance system/network security by randomly and continuously changing attack surface. Despite the significant progress of recent efforts in analyzing the security effectiveness of MTD mechanisms, critical gaps still exist in terms of the impact of running MTD mechanisms on system performance and dependability, exposing a critical design tradeoff between security and performance. To investigate the tradeoff, we propose performability models for evaluating services hosted in software-defined networks with a time-based MTD mechanism being deployed. We developed analytical models for evaluating key performability metrics, in terms of response time, throughput, availability, host utilization, a number of requests lost, and cost (i.e., energy consumption plus profits lost due to dropped jobs). Our results showed that using the time-based MTD mechanism can (1) improve service response time and host utilization; (2) introduce a higher number of requests lost and higher overall cost; and (3) reduce service availability while still handling most of the jobs without much performance degradation. CCS CONCEPTS • Networks → Network performance modeling; • Computing methodologies → Model development and analysis; • Security and privacy → Network security;