Cyber Security Research


Cyber-system security and resilience pose several modeling and analysis challenges. The ability to capture the actions of an intelligent, adaptive adversary within a modeling framework is an important and growing area of research, and so is the modeling of defenders. My work on cyber security started with the establishment of the Asymmetric Resilient Cybersecurity (ARC) Initiative at PNNL through a LDRD program. Since the inception of this initiative in 2012, I have contributed to its success in several capacities including that of a PI. I also worked on problems related to the public key infrastructure (PKI) in the early 2000s.

A significant gap in the state of the art for cyber defense is the lack of a mathematical framework for expressing asymmetry and developing optimal strategies for defenders that will provide them the asymmetrical advantage. Asymmetry, combined with strategies for reconstitution, will provide a novel tool for cyber defense. Towards this end, I have worked on multidisciplinary teams to bring ideas from graph theory, multi-objective optimization, game theory, and uncertainty quantification to build automated decision support in the context of cyber security. This innovative work has been recognized with three Best Paper Awards at the IEEE Symposium on Technologies for Homeland Security (HST) over the past few years. With sponsorship from institutions such as MITRE and MIT Lincoln Lab, HST attracts top researchers and staff members from DOD, DARPA, and DHS. We also reached a wider audience through a SIAM News article featured in the July 2016 issue. My current work in this area is focused on building a graph-based semi-supervised learning tool for automated mapping of vulnerabilities to mitigation actions.


Relevant Publications:
  1. Q Duan, E Al-Shaer, S Chatterjee, M Halappanavar, and C Oehmen. "Proactive routing mutation against stealthy Distributed Denial of Service attacks: metrics, modeling, and analysis." The Journal of Defense Modeling and Simulation. Vol 15, Issue 2, pp. 219 - 230. October 13, 2017. https://doi.org/10.1177/1548512917731002
  2. S Chatterjee, R Tipireddy, M Oster, and M Halappanavar. "A Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber Attacker Payoffs." In National Cyber-security Institute Journal. Volume 2, Number 3. Pages 13 -- 24. December 29, 2015. Open access article: http://ncij.excelsior.edu/volume-2-number-3/
  3. U Bhatia, S Chatterjee, A Ganguly, M Halappanavar, R Tipireddy, and R Brigantic. "Aviation Transportation, Cyber Threats, and Network-of-Networks: Conceptual Framing and Modeling Perspectives for Translating Theory to Practice." In proceedings of the IEEE International Symposium on Technologies for Homeland Security (HST). October 23 - 24, 2018 Woburn, MA USA.
  4. V Shekar, L Fiondella, Samrat Chatterjee, and M Halappanavar. "A Game-Theoretic Method to Efficiently Assess the Vulnerability of a Dynamic Transportation Network." In proceedings of the Probabilistic Safety Assessment & Management (PSAM) Conference. Los Angeles, CA. 16-21 September 2018.
  5. S. Saha, A. Vullikanti and M. Halappanavar. "FlipNet: Modeling Covert and Persistent Attacks on Networked Resources," 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, GA, 2017, pp. 2444-2451.
  6. R. Tipireddy, S. Chatterjee, P. Paulson, M. Oster and M. Halappanavar, "Agent-centric approach for cybersecurity decision-support with partial observability." In proceedings of the 2017 IEEE International Symposium on Technologies for Homeland Security (HST), Waltham, MA, 2017, pp. 1-6.
  7. V. Shekar, L. Fiondella, S. Chatterjee and M. Halappanavar, "Quantifying economic and environmental impacts of transportation network disruptions with dynamic traffic simulation." In proceedings of the 2017 IEEE International Symposium on Technologies for Homeland Security (HST), Waltham, MA, 2017, pp. 1-4.
  8. V. Shekar, L. Fiondella, S. Chatterjee and M. Halappanavar, "Quantitative assessment of transportation network vulnerability with dynamic traffic simulation methods." In proceedings of the 2017 IEEE International Symposium on Technologies for Homeland Security (HST), Waltham, MA, 2017, pp. 1-7. [Best paper award in Attack and Disaster Track]
  9. S Chatterjee, R Tipireddy, MR Oster, and M Halappanavar. "Propagating Mixed Uncertainties in Cyber Attacker Payoffs:  Exploration of Two-Phase Monte Carlo Sampling and Probability Bounds Analysis." In proceedings of the IEEE International Conference on Technologies for Homeland Security. May 10 - 12, 2016. Waltham, Massachusetts, USA.
  10. TH Bhuiyan, A Nandi, H Medal, and M Halappanavar. "Minimizing Expected Maximum Risk from Cyber-Attacks with Probabilistic Attack Success." In proceedings of the IEEE International Conference on Technologies for Homeland Security. May 10 - 12, 2016. Waltham, Massachusetts, USA.
  11. S Saha, A Vullikanti, M Halappanavar, and S Chatterjee. "Identifying Vulnerabilities and Hardening Attack Graphs for Networked Systems." In proceedings of the IEEE International Conference on Technologies for Homeland Security. May 10 - 12, 2016. Waltham, Massachusetts, USA.
  12. S Chatterjee, M Halappanavar, R Tipireddy, M Oster, S Saha. "Quantifying Mixed Uncertainties in Cyber Attacker Payoffs." In proceedings of the 2015 IEEE Conference on Technologies for Homeland Security, Waltham, MA, 14 -- 16 April, 2015. [Best paper award in Cyber Security Track]
  13. P Ramuhalli, M Halappanavar, J Coble, M Dixit. "Towards A Theory of Autonomous Reconstitution of Compromised Cyber-Systems." In proceedings of the 13th Annual IEEE Conference on Technologies for Homeland Security, Waltham, MA, 12 -- 14 Nov, 2013. [Best paper award in Cyber Security Track]
  14. E Hogan, P Hui, S Choudhury, M Halappanavar, K Oler, C Joslyn. "Towards a Multiscale Approach to Cybersecurity Modeling." In proceedings of the 13th Annual IEEE Conference on Technologies for Homeland Security, Waltham, MA, 12 -- 14 Nov, 2013.
  15. M Halappanavar, S Choudhury, E Hogan, P Hui, J Johnson, I Ray, L B. Holder: "Towards a Networks-of-Networks Framework for CyberSecurity." In proceedings of the IEEE Intelligence and Security Informatics Conference, Seattle, June 4 --7, 2013. Available on arXiv (arXiv:1304.6761).
  16. M Halappanavar and R Mukkamala. "ECPV: Efficient Certificate Path Validation in Public-key Infrastructure." In proceedings of the 17th IFIP WG11.3 Working Conference on Database and Application Security, Estes Park, Colorado, USA, August 4 -- 6, 2003.
  17. R Mukkamala, S Das, and M Halappanavar. "Recertification: a Technique to Improve Services in Public-key Infrastructure." In proceedings of the 16th IFIP WG11.3 Working Conference on Database and Application Security, King's College, University of Cambridge, UK, July 29-31, 2002.
  18. U Rauf, F Gillani, E Al-Shaer, M Halappanavar, S Chatterjee, and C Oehmen. "Formal Approach For Resilient Reachability based on End-System Route Agility." In proceedings of the 3rd ACM Workshop on Moving Target Defense (MTD 2016) in conjunction with the 23rd ACM Conference on Computer and Communications Security (CCS) October 24-28, 2016, Vienna, Austria.
  19. E Hogan, J Johnson, and M Halappanavar. "Path-Finding in Cybersecurity Graphs to Detect and Defend a Pass-the-Hash Attack." Extended Abstract, DTRA/NSF/NGA Algorithms Workshop, San Diego, CA. 2012.
  20. E Hogan, J Johnson, and M Halappanavar. "Path-Finding in Cybersecurity Graphs to Detect and Defend a Pass-the-Hash Attack." Extended Abstract. Algorithms for Threat Detection Workshop, November 26, 2012.
  21. S Vemulapalli, M Halappanavar, and R Mukkamala, "Security in Distributed Digital Libraries: Issues and Challenges." In proceedings of the Distributed Computing Architectures for Digital Libraries (DCADL-02) held in conjunction with the 31st International Conference on Parallel Processing ICPP 2002, Vancouver, Canada August 18 -- 21, 2002.



Last updated:
Access stats