scispace - formally typeset
Search or ask a question
Author

Sakshyam Panda

Other affiliations: Bell Labs
Bio: Sakshyam Panda is an academic researcher from University of Surrey. The author has contributed to research in topics: Computer science & Game theory. The author has an hindex of 3, co-authored 10 publications receiving 25 citations. Previous affiliations of Sakshyam Panda include Bell Labs.

Papers
More filters
Proceedings ArticleDOI
23 Aug 2022
TL;DR: This paper uses the MITRE repository of known adversarial TTPs along with attack graphs to determine the attack probability as well as the likelihood of success of an attack and identifies attack paths with the highest likelihood ofsuccess considering the techniques and procedures of a threat actor.
Abstract: Assessing the risk posed by Advanced Cyber Threats (APTs) is challenging without understanding the methods and tactics adversaries use to attack an organisation. The MITRE ATT&CK provides information on the motivation, capabilities, interests and tactics, techniques and procedures (TTPs) used by threat actors. In this paper, we leverage these characteristics of threat actors to support informed cyber risk characterisation and assessment. In particular, we utilise the MITRE repository of known adversarial TTPs along with attack graphs to determine the attack probability as well as the likelihood of success of an attack. We further identify attack paths with the highest likelihood of success considering the techniques and procedures of a threat actor. The assessment is supported by a case study of a health care organisation to identify the level of risk against two adversary groups– Lazarus and menuPass.

16 citations

Book ChapterDOI
TL;DR: A tool for optimal selection of cyber hygiene safeguards, which is referred as the Optimal Safeguards Tool, which combines game theory and combinatorial optimization taking into account the probability of each user group to being attacked, the value of assets accessible by each group, and the efficacy of each control for a particular group.
Abstract: Cyber hygiene measures are often recommended for strengthening an organization’s security posture, especially for protecting against social engineering attacks that target the human element. However, the related recommendations are typically the same for all organizations and their employees, regardless of the nature and the level of risk for different groups of users. Building upon an existing cybersecurity investment model, this paper presents a tool for optimal selection of cyber hygiene safeguards, which we refer as the Optimal Safeguards Tool (OST). The model combines game theory and combinatorial optimization (0-1 Knapsack) taking into account the probability of each user group to being attacked, the value of assets accessible by each group, and the efficacy of each control for a particular group. The model considers indirect cost as the time employees could require for learning and trainning against an implemented control. Utilizing a game-theoretic framework to support the Knapsack optimization problem permits us to optimally select safeguards’ application levels minimizing the aggregated expected damage within a security investment budget.

15 citations

Book ChapterDOI
30 Oct 2019
TL;DR: This paper defines a cyber deception game between the Advanced Metering Infrastructure (AMI) network administrator (henceforth, defender) and attacker and model this interaction as a Bayesian game with complete but imperfect information.
Abstract: In this paper, we define a cyber deception game between the Advanced Metering Infrastructure (AMI) network administrator (henceforth, defender) and attacker. The defender decides to install between a low-interaction honeypot, high-interaction honeypot, and a real system with no honeypot. The attacker decides on whether or not to attack the system given her belief about the type of device she is facing. We model this interaction as a Bayesian game with complete but imperfect information. The choice of honeypot type is private information and characterizes the essence and objective of the defender i.e., the degree of deception and amount of threat intelligence. We study the players’ equilibrium strategies and provide numerical illustrations. The work presented in this paper has been motivated by the H2020 SPEAR project which investigates the implementation of honeypots in smart grid infrastructures to: (i) contribute towards creating attack data sets for training a SIEM (Security Information and Event Management) and (ii) to support post-incident forensics analysis by having recorded a collection of evidence regarding an attacker’s actions.

15 citations

Book ChapterDOI
14 Sep 2020
TL;DR: This paper represents the SECONDO framework to assist organizations with decisions related to cybersecurity investments and cyber-insurance decisions by implementing and integrating a number of software components.
Abstract: This paper represents the SECONDO framework to assist organizations with decisions related to cybersecurity investments and cyber-insurance. The platform supports cybersecurity and cyber-insurance decisions by implementing and integrating a number of software components. SECONDO operates in three distinct phases: (i) cyber-physical risk assessment and continuous monitoring; (ii) investment-driven optimized cyber-physical risk control; and (iii) blockchain-enabled cyber-insurance contract preparation and maintenance. Insurers can leverage SECONDO functionalities to actively participate in the management of cyber-physical risks of a shipping company to reduce their insured risk.

9 citations

Journal ArticleDOI
TL;DR: In this article, a game-theoretic model is proposed to investigate the strategic interaction between a cyber insurance policyholder whose premium depends on her self-reported security level and an insurer with the power to audit the security level upon receiving an indemnity claim.

7 citations


Cited by
More filters
BookDOI
01 Jan 2014
TL;DR: This paper shows the first explicit algorithm which can construct strongly k-secure network coding schemes, and it runs in polynomial time for fixed k.
Abstract: We say that a network coding scheme is strongly 1-secure if a source node s can multicast n field elements {m1, · · · ,mn} to a set of sink nodes {t1, · · · , tq} in such a way that any single edge leaks no information on any S ⊂ {m1, · · · ,mn} with |S| = n − 1, where n = mintimax-flow(s, ti) is the maximum transmission capacity. We also say that a strongly h-secure network coding scheme is strongly (h + 1)secure if any h + 1 edges leak no information on any S ⊂ {m1, · · · ,mn} with |S| = n − (h + 1). In this paper, we show the first explicit algorithm which can construct strongly k-secure network coding schemes. In particular, it runs in polynomial time for fixed k.

263 citations

Journal ArticleDOI
28 Jul 2021-Sensors
TL;DR: A systematic review of the literature on the evolving nature of cybersecurity threats stemming from exploiting IT infrastructures to more advanced attacks launched with the intent of exploiting human vulnerability addresses the complexity of cybersecurity measures adopted within the healthcare and clinical environments.
Abstract: Background: Cybersecurity is increasingly becoming a prominent concern among healthcare providers in adopting digital technologies for improving the quality of care delivered to patients. The recent reports on cyber attacks, such as ransomware and WannaCry, have brought to life the destructive nature of such attacks upon healthcare. In complement to cyberattacks, which have been targeted against the vulnerabilities of information technology (IT) infrastructures, a new form of cyber attack aims to exploit human vulnerabilities; such attacks are categorised as social engineering attacks. Following an increase in the frequency and ingenuity of attacks launched against hospitals and clinical environments with the intention of causing service disruption, there is a strong need to study the level of awareness programmes and training activities offered to the staff by healthcare organisations. Objective: The objective of this systematic review is to identify commonly encountered factors that cybersecurity postures of a healthcare organisation, resulting from the ignorance of cyber threat to healthcare. The systematic review aims to consolidate the current literature being reported upon human behaviour resulting in security gaps that mitigate the cyber defence strategy adopted by healthcare organisations. Additionally, the paper also reviews the organisational risk assessment methodology implemented and the policies being adopted to strengthen cybersecurity. Methods: The topic of cybersecurity within healthcare and the clinical environment has attracted the interest of several researchers, resulting in a broad range of literature. The inclusion criteria for the articles in the review stem from the scope of the five research questions identified. To this end, we conducted seven search queries across three repositories, namely (i) PubMed®/MED-LINE; (ii) Cumulative Index to Nursing and Allied Health Literature (CINAHL); and (iii) Web of Science (WoS), using key words related to cybersecurity awareness, training, organisation risk assessment methodologies, policies and recommendations adopted as counter measures within health care. These were restricted to around the last 12 years. Results: A total of 70 articles were selected to be included in the review, which addresses the complexity of cybersecurity measures adopted within the healthcare and clinical environments. The articles included in the review highlight the evolving nature of cybersecurity threats stemming from exploiting IT infrastructures to more advanced attacks launched with the intent of exploiting human vulnerability. A steady increase in the literature on the threat of phishing attacks evidences the growing threat of social engineering attacks. As a countermeasure, through the review, we identified articles that provide methodologies resulting from case studies to promote cybersecurity awareness among stakeholders. The articles included highlight the need to adopt cyber hygiene practices among healthcare professionals while accessing social media platforms, which forms an ideal test bed for the attackers to gain insight into the life of healthcare professionals. Additionally, the review also includes articles that present strategies adopted by healthcare organisations in countering the impact of social engineering attacks. The evaluation of the cybersecurity risk assessment of an organisation is another key area of study reported in the literature that recommends the organisation of European and international standards in countering social engineering attacks. Lastly, the review includes articles reporting on national case studies with an overview of the economic and societal impact of service disruptions encountered due to cyberattacks. Discussion: One of the limitations of the review is the subjective ranking of the authors associated to the relevance of literature to each of the research questions identified. We also acknowledge the limited amount of literature that focuses on human factors of cybersecurity in health care in general; therefore, the search queries were formulated using well-established cybersecurity related topics categorised according to the threats, risk assessment and organisational strategies reported in the literature.

46 citations

Journal Article
TL;DR: A review of the book International Business-Competing in the Global Marketplace authored by Charles W. L Hill, who is a British-born academician is presented in this article.
Abstract: The current article critically examines and facilitates with the review of the book titled International Business-Competing in the Global Marketplace authored by Charles W. L Hill, who is a British-born academician. As of 2016, he is Professor in Business Administration and Professor of Management and Organization at the University of Washington's Foster School of Business in Seattle, where he has been teaching since 1988. He has authored many books which include Strategic Management: An Integrated Approach, co-authored with G. R. Jones and Global Business and International Business: Competing in the Global Market Place. Professor Hill has published more than 40 articles in peer-reviewed academic journals. Professor Hill serves on the editorial boards of several academic journals and previously served as consulting editor at the Academy of Management Review, Academy of Management Journal, Strategic Management Journal, and Organization Science.

36 citations

Proceedings ArticleDOI
23 Aug 2022
TL;DR: This paper uses the MITRE repository of known adversarial TTPs along with attack graphs to determine the attack probability as well as the likelihood of success of an attack and identifies attack paths with the highest likelihood ofsuccess considering the techniques and procedures of a threat actor.
Abstract: Assessing the risk posed by Advanced Cyber Threats (APTs) is challenging without understanding the methods and tactics adversaries use to attack an organisation. The MITRE ATT&CK provides information on the motivation, capabilities, interests and tactics, techniques and procedures (TTPs) used by threat actors. In this paper, we leverage these characteristics of threat actors to support informed cyber risk characterisation and assessment. In particular, we utilise the MITRE repository of known adversarial TTPs along with attack graphs to determine the attack probability as well as the likelihood of success of an attack. We further identify attack paths with the highest likelihood of success considering the techniques and procedures of a threat actor. The assessment is supported by a case study of a health care organisation to identify the level of risk against two adversary groups– Lazarus and menuPass.

16 citations

Journal ArticleDOI
08 Apr 2021
TL;DR: A three-party evolutionary game model of array honeypot, which is composed of defenders, attackers and legitimate users is constructed, and MATLAB and Gambit simulation experiment results show that deduced evolutionarily stable strategies are valid in resisting attackers.
Abstract: Honeypot has been regarded as an active defense technology that can deceive attackers by simulating real systems. However, honeypot is actually a static network trap with fixed disposition, which is easily identified by anti-honeypot technology. Thus, honeypot is a “passive” active defense technology. Dynamic honeypot makes up for the shortcomings of honeypot, which dynamically adjusts defense strategies with the attack of hackers. Therefore, the confrontation between defenders and attackers is a strategic game. This paper focuses on the non-cooperative evolutionary game mechanism of bounded rationality, aiming to improve the security of the array honeypot system through the evolutionarily stable strategies derived from the evolutionary game model. First, we construct a three-party evolutionary game model of array honeypot, which is composed of defenders, attackers and legitimate users. Secondly, we formally describe the strategies and revenues of players in the game, and build the three-party game payoff matrices. Then the evolutionarily stable strategy is obtained by analyzing the Replicator Dynamics of various parties. In addition, we discuss the equilibrium condition to get the influence of the number of servers N on the stability of strategy evolution. MATLAB and Gambit simulation experiment results show that deduced evolutionarily stable strategies are valid in resisting attackers.

12 citations