This Is AuburnElectronic Theses and Dissertations

Cyber Security System Dynamic Modeling




Kannan, Uma

Type of Degree

PhD Dissertation


Computer Science and Software Engineering


Cyber security modeling is the process of creating a normalized view of the cyber security situation. A typical cyber security model has information about the network infrastructure, security settings, and a list of possible vulnerabilities and threats. By using known vulnerabilities, and information about the infrastructure and security controls in place, the cyber security simulation allows an organization to imitate the attacker activities and helps to assess the system’s risk exposure. Networks are normally modeled or simulated through discrete-event techniques. But the discrete-event simulations can only simulate a few seconds worth of network operations and the primary focus of discrete-event models is on packet traffic. This means that cyberattacks/defenses are viewed from the network layer, layer 3, in the OSI (Open Systems Interconnection) model. This obscures more insidious attacks at higher layers in the OSI model. System dynamics (SD) is a methodology used to understand how systems change over time. In SD, a system is defined as a collection of elements that interact continuously over time to form a unified whole. A typical SD study focuses on understanding how the components of a system interact; how and why the dynamics of concern are generated; and how policies and decisions affect system performance. System dynamics uses a causal-loop diagram to capture the factors affecting the behavior of the system. The linkage between the system and its operating environment, and feedback loops among the elements in the system are depicted in the causal- loop diagram. This causal-loop diagram/analysis provides decision-makers with insight into how systems behave as a whole. Simulation software, such as Powersim, lets decision-makers extend their understanding of a system by either adjusting the system parameters, adding new linkages and feedback loops, or rearranging components of the system. Thus, by using a SD simulation software the decision-maker(s) can model a variety of scenarios and observe the system performances under various conditions. When apply SD to cyber security, the network is considered as a system, similar to a physical system of pipes through which water flows. The amount of water that can flow into and out of node represents the bandwidth of the network traffic. A denial of service attack, for example, is modeled by trying to force more water into a node than it can handle. Another dimension of the model is the quality of the water. Network traffic that contains bogus data or viruses are thought of as water that has contaminants. The degree or type of contaminants would affect the operation of the nodes. The nodes in the network are considered as being part of a larger social structure. Nodes or the flavor of the water that is flowing among nodes is designated as being part of, say, a University’s Information Technology (IT) infrastructure. This research presents a study which models a computer network as a systems dynamic model to explore more insidious cyber-attacks and the resulting system level effects that might occur on host OSI layers, layer 4 and above, in the OSI model. In this research we have modeled a University’s information technology cyber security situation using Powersim, system dynamic modeling software, and demonstrated an application layer cyber attack using system dynamics PoC (Proof-of-Concept) model and also shown the structural and behavioral verification of the PoC model. Then we modelled a hypothetical University’s information technology cyber security situation using Powersim, system dynamic modeling software, and shown the application layer Denial-of-Service attack and how it directly affected an application (direct effects/first-order effects) and how it indirectly affected (ripple effect) a related/connected application. To validate our SD model, we developed a cybersecurity testbed and conducted a cyber attack on one application and observed its impact on a related/connected system. Therefore, by using known vulnerabilities, similar to this, and the current knowledge about infrastructure and security controls, the system dynamic cyber security simulation modeling allows an organization to imitate the attacker activities in OSI layer 4 and above and helps to assess and mitigate the system’s risk exposure.