Cyber
Security Research
Cyber-system
security and resilience pose several modeling and analysis challenges.
The ability to capture the actions of an intelligent, adaptive adversary
within a modeling framework is an important and growing area of
research, and so is the modeling of defenders. My work on cyber security
started with the establishment of the Asymmetric Resilient Cybersecurity
(ARC) Initiative at PNNL through a LDRD program. Since the inception of
this initiative in 2012, I have contributed to its success in several
capacities including that of a PI. I also worked on problems related to
the public key infrastructure (PKI) in the early 2000s.
A significant gap
in the state of the art for cyber defense is the lack of a mathematical
framework for expressing asymmetry and developing optimal strategies for
defenders that will provide them the asymmetrical advantage. Asymmetry,
combined with strategies for reconstitution, will provide a novel tool
for cyber defense. Towards this end, I have worked on multidisciplinary
teams to bring ideas from graph theory, multi-objective optimization,
game theory, and uncertainty quantification to build automated decision
support in the context of cyber security. This innovative work has been
recognized with three Best Paper Awards at the IEEE Symposium on
Technologies for Homeland Security (HST) over the past few years. With
sponsorship from institutions such as MITRE and MIT Lincoln Lab, HST
attracts top researchers and staff members from DOD, DARPA, and DHS. We
also reached a wider audience through a SIAM News article featured in
the July 2016 issue. My current work in this area is focused on building
a graph-based semi-supervised learning tool for automated mapping of
vulnerabilities to mitigation actions.
- SIAM
News article: S Chatterjee, M Halappanavar, R Tipireddy, and
M Oster. "Game Theory and Uncertainty Quantification for Cyber
Defense Applications." July 21, 2016. (PDF
copy on this site)
Relevant
Publications:
- Q Duan, E Al-Shaer, S Chatterjee, M Halappanavar, and C Oehmen.
"Proactive routing mutation against stealthy Distributed Denial of
Service attacks: metrics, modeling, and analysis." The Journal
of Defense Modeling and Simulation. Vol 15, Issue 2, pp. 219
- 230. October 13, 2017. https://doi.org/10.1177/1548512917731002
- S Chatterjee, R Tipireddy, M Oster, and M Halappanavar. "A
Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber
Attacker Payoffs." In National Cyber-security Institute Journal.
Volume 2, Number 3. Pages 13 -- 24. December 29, 2015. Open access
article: http://ncij.excelsior.edu/volume-2-number-3/
- U Bhatia, S Chatterjee, A Ganguly, M Halappanavar, R Tipireddy,
and R Brigantic. "Aviation Transportation, Cyber Threats, and
Network-of-Networks: Conceptual Framing and Modeling Perspectives
for Translating Theory to Practice." In proceedings of the IEEE
International Symposium on Technologies for Homeland Security
(HST). October 23 - 24, 2018 Woburn, MA USA.
- V Shekar, L Fiondella, Samrat Chatterjee, and M Halappanavar. "A
Game-Theoretic Method to Efficiently Assess the Vulnerability of a
Dynamic Transportation Network." In proceedings of the Probabilistic
Safety Assessment & Management (PSAM) Conference. Los
Angeles, CA. 16-21 September 2018.
- S. Saha, A. Vullikanti and M. Halappanavar. "FlipNet: Modeling
Covert and Persistent Attacks on Networked Resources," 2017 IEEE
37th International Conference on Distributed Computing Systems
(ICDCS), Atlanta, GA, 2017, pp. 2444-2451.
- R. Tipireddy, S. Chatterjee, P. Paulson, M. Oster and M.
Halappanavar, "Agent-centric approach for cybersecurity
decision-support with partial observability." In proceedings of the
2017 IEEE International Symposium on Technologies for Homeland
Security (HST), Waltham, MA, 2017, pp. 1-6.
- V. Shekar, L. Fiondella, S. Chatterjee and M. Halappanavar,
"Quantifying economic and environmental impacts of transportation
network disruptions with dynamic traffic simulation." In proceedings
of the 2017 IEEE International Symposium on Technologies for
Homeland Security (HST), Waltham, MA, 2017, pp. 1-4.
- V. Shekar, L. Fiondella, S. Chatterjee and M. Halappanavar,
"Quantitative assessment of transportation network vulnerability
with dynamic traffic simulation methods." In proceedings of the 2017
IEEE International Symposium on Technologies for Homeland
Security (HST), Waltham, MA, 2017, pp. 1-7. [Best
paper award in Attack and Disaster Track]
- S Chatterjee, R Tipireddy, MR Oster, and M Halappanavar.
"Propagating Mixed Uncertainties in Cyber Attacker Payoffs:
Exploration of Two-Phase Monte Carlo Sampling and Probability Bounds
Analysis." In proceedings of the IEEE International Conference
on Technologies for Homeland Security. May 10 - 12, 2016.
Waltham, Massachusetts, USA.
- TH Bhuiyan, A Nandi, H Medal, and M Halappanavar. "Minimizing
Expected Maximum Risk from Cyber-Attacks with Probabilistic Attack
Success." In proceedings of the IEEE International Conference
on Technologies for Homeland Security. May 10 - 12, 2016.
Waltham, Massachusetts, USA.
- S Saha, A Vullikanti, M Halappanavar, and S Chatterjee.
"Identifying Vulnerabilities and Hardening Attack Graphs for
Networked Systems." In proceedings of the IEEE International
Conference on Technologies for Homeland Security. May 10 -
12, 2016. Waltham, Massachusetts, USA.
- S Chatterjee, M Halappanavar, R Tipireddy, M Oster, S Saha.
"Quantifying Mixed Uncertainties in Cyber Attacker Payoffs." In
proceedings of the 2015 IEEE Conference on Technologies for
Homeland Security, Waltham, MA, 14 -- 16 April, 2015. [Best
paper award in Cyber Security Track]
- P Ramuhalli, M Halappanavar, J Coble, M Dixit. "Towards A Theory
of Autonomous Reconstitution of Compromised Cyber-Systems." In
proceedings of the 13th Annual IEEE Conference on Technologies
for Homeland Security, Waltham, MA, 12 -- 14 Nov, 2013. [Best
paper award in Cyber Security Track]
- E Hogan, P Hui, S Choudhury, M Halappanavar, K Oler, C Joslyn.
"Towards a Multiscale Approach to Cybersecurity Modeling." In
proceedings of the 13th Annual IEEE Conference on Technologies
for Homeland Security, Waltham, MA, 12 -- 14 Nov, 2013.
- M Halappanavar, S Choudhury, E Hogan, P Hui, J Johnson, I Ray, L
B. Holder: "Towards a Networks-of-Networks Framework for
CyberSecurity." In proceedings of the IEEE Intelligence and
Security Informatics Conference, Seattle, June 4 --7, 2013.
Available on arXiv (arXiv:1304.6761).
- M Halappanavar and R Mukkamala. "ECPV: Efficient Certificate Path
Validation in Public-key Infrastructure." In proceedings of the 17th
IFIP WG11.3 Working Conference on Database and Application
Security, Estes Park, Colorado, USA, August 4 -- 6, 2003.
- R Mukkamala, S Das, and M Halappanavar. "Recertification: a
Technique to Improve Services in Public-key Infrastructure." In
proceedings of the 16th IFIP WG11.3 Working Conference on
Database and Application Security, King's College, University
of Cambridge, UK, July 29-31, 2002.
- U Rauf, F Gillani, E Al-Shaer, M Halappanavar, S Chatterjee, and C
Oehmen. "Formal Approach For Resilient Reachability based on
End-System Route Agility." In proceedings of the 3rd ACM
Workshop on Moving Target Defense (MTD 2016) in conjunction
with the 23rd ACM Conference on Computer and Communications Security
(CCS) October 24-28, 2016, Vienna, Austria.
- E Hogan, J Johnson, and M Halappanavar. "Path-Finding in
Cybersecurity Graphs to Detect and Defend a Pass-the-Hash Attack."
Extended Abstract, DTRA/NSF/NGA Algorithms Workshop, San
Diego, CA. 2012.
- E Hogan, J Johnson, and M Halappanavar. "Path-Finding in
Cybersecurity Graphs to Detect and Defend a Pass-the-Hash Attack."
Extended Abstract. Algorithms for Threat Detection Workshop,
November 26, 2012.
- S Vemulapalli, M Halappanavar, and R Mukkamala, "Security in
Distributed Digital Libraries: Issues and Challenges." In
proceedings of the Distributed Computing Architectures for
Digital Libraries (DCADL-02) held in conjunction with the
31st International Conference on Parallel Processing ICPP 2002,
Vancouver, Canada August 18 -- 21, 2002.
Last updated: