Active Cyber Defense Dynamics Exhibiting Rich Phenomena
This work addresses cybersecurity challenges for defenders by showing that active defense can lead to unpredictable phenomena, requiring manipulation to avoid unmanageable situations.
The study investigates the interaction between cyber attacks and active defenses, revealing that cybersecurity dynamics can exhibit bifurcation and chaos, which makes accurate measurement and prediction infeasible under certain conditions.
The Internet is a man-made complex system under constant attacks (e.g., Advanced Persistent Threats and malwares). It is therefore important to understand the phenomena that can be induced by the interaction between cyber attacks and cyber defenses. In this paper, we explore the rich phenomena that can be exhibited when the defender employs active defense to combat cyber attacks. To the best of our knowledge, this is the first study that shows that {\em active cyber defense dynamics} (or more generally, {\em cybersecurity dynamics}) can exhibit the bifurcation and chaos phenomena. This has profound implications for cyber security measurement and prediction: (i) it is infeasible (or even impossible) to accurately measure and predict cyber security under certain circumstances; (ii) the defender must manipulate the dynamics to avoid such {\em unmanageable situations} in real-life defense operations.