Advertisement

On Some Information Geometric Approaches to Cyber Security

  • C. T. J. DodsonEmail author
Chapter
Part of the Springer Optimization and Its Applications book series (SOIA, volume 113)

Abstract

Various contexts of relevance to cyber security involve the analysis of data that has a statistical character and in some cases the extraction of particular features from datasets of fitted distributions or empirical frequency distributions. Such statistics, for example, may be collected in the automated monitoring of IP-related data during accessing or attempted accessing of web-based resources, or may be triggered through an alert for suspected cyber attacks. Information geometry provides a Riemannian geometric framework in which to study smoothly parametrized families of probability density functions, thereby allowing the use of geometric tools to study statistical features of processes and possibly the representation of features that are associated with attacks. In particular, we can obtain mutual distances among members of the family from a collection of datasets, allowing, for example, measures of departures from Poisson random or uniformity, and discrimination between nearby distributions. Moreover, this allows the representation of large numbers of datasets in a way that respects any topological features in the frequency data and reveals subgroupings in the datasets using dimensionality reduction. Here some results are reported on statistical and information geometric studies concerning pseudorandom sequences, encryption-decryption timing analyses, comparisons of nearby signal distributions and departure from uniformity for evaluating obscuring techniques.

Keywords

Cyber security Empirical frequency distributions Pseudorandom sequences Encryption-decryption timing Proximity to uniformity Nearby signals discrimination Information geometry Gamma distributions Gaussian distributions Dimensionality reduction 

MSC

53B20 62M86 

References

  1. 1.
    S.-I. Amari, Theory of information spaces—a geometrical foundation of the analysis of communication systems. Res. Assoc. Appl. Geom. Memoirs 4, 171–216 (1968)Google Scholar
  2. 2.
    S.-I. Amari, Differential Geometrical Methods in Statistics. Springer Lecture Notes in Statistics, vol. 28 (Springer, Berlin, 1985)Google Scholar
  3. 3.
    S.-I. Amari, H. Nagaoka, Methods of Information Geometry. American Mathematical Society (Oxford University Press, Oxford, 2000)zbMATHGoogle Scholar
  4. 4.
    S.-I. Amari, O.E. Barndorff-Nielsen, R.E. Kass, S.L. Lauritzen, C.R. Rao, Differential Geometry in Statistical Inference. Lecture Notes Monograph Series, vol. 10 (Institute of Mathematical Statistics, Hayward California, 1987)Google Scholar
  5. 5.
    K. Arwini, C.T.J. Dodson, Information Geometry Near Randomness and Near Independence. Lecture Notes in Mathematics (Springer, Berlin, 2008)Google Scholar
  6. 6.
    C. Atkinson, A.F.S. Mitchell, Rao’s distance measure. Sankhya Indian J. Stat. A 48 (3), 345–365 (1981)MathSciNetzbMATHGoogle Scholar
  7. 7.
    D. Burstein, F. Kenter, J. Kun, F. Shi, Information monitoring in routing networks (2015), 12 pp. http://arxiv.org/pdf/1507.05206.pdf
  8. 8.
    E. Byrse, D. Leversage, The industrial security incident database (2006). http://www.securitymetrics.org/attachments/Metricon-1-Leversage-Rump.pdf
  9. 9.
    E. Byrse, J. Lowe, The myths and facts behind cyber security risks for industrial control systems. VDE 2004 Congress, VDE, Berlin, Oct 2004Google Scholar
  10. 10.
    B. Canvel, Timing tags for exponentiations for RSA. MSc Thesis, Department of Mathematics, University of Manchester Institute of Science and Technology, Manchester (1999)Google Scholar
  11. 11.
    B. Canvel, C.T.J. Dodson, Public key cryptosystem timing analysis, in CRYPTO 2000, Rump Session Santa Barbara, 20–24 Aug 2000. http://www.maths.manchester.ac.uk/~kd/PREPRINTS/rsatim.pdf, 27 Aug 2000
  12. 12.
    K.M. Carter, Dimensionality reduction on statistical manifolds. PhD thesis, University of Michigan (2009). http://tbayes.eecs.umich.edu/kmcarter/thesis
  13. 13.
    K.M. Carter, R. Raich, A.O. Hero III, FINE: information embedding for document classification, in Proceedings of 2008 IEEE International Conference on Acoustics, Speech, and Signal Processing, Las Vegas, Mar 2008. http://tbayes.eecs.umich.edu/kmcarter/fine_doc
  14. 14.
    K.M. Carter, R. Raich, W.G. Finn, A.O. Hero III, Fisher information nonparametric embedding. IEEE Trans. Pattern Anal. Mach. Intell. 31, 2093–2098 (2009). http://arxiv.org/abs/0802.2050v1 CrossRefGoogle Scholar
  15. 15.
    K.M. Carter, R. Raich,W.G. Finn, A.O. Hero III, Information-geometric dimensionality reduction. IEEE Signal Process. Mag. 99, 89–99 (2011). http://web.eecs.umich.edu/~hero/Preprints/carter_spsmag_igdr_rev3.pdf CrossRefGoogle Scholar
  16. 16.
    S. Chari, C.S. Jutla, J.R. Rao, P. Rohatgi, Towards sound approaches to counteract power-analysis attacks, in Advances in Cryptology-CRYPTO ’99, ed. by M. Wiener. Lecture Notes in Computer Science, vol. 1666 (Springer, Berlin, 1999), pp. 398–412Google Scholar
  17. 17.
    X. Chen, A. Hero, Fisher information embedding for video indexing and retrieval, in SPIE Electronic Imaging Conference, San Jose (2011). nts/ChenEI11.web.eecs.umich.edu/~hero/PrepripdfGoogle Scholar
  18. 18.
    J. Chen, G. Venkataramani, An algorithm for detecting contention-based covert timing channels on shared hardware, in Proceedings of HASP ’14 Third Workshop on Hardware and Architectural Support for Security and Privacy. ACM Digital Library dl.acm.org http://www.seas.gwu.edu/~guruv/hasp14.pdf
  19. 19.
    CPNI: UK Centre for the Protection of National Infrastructure (2015), http://www.cpni.gov.uk/advice/cyber/ Google Scholar
  20. 20.
    P. Crzegorzewski, R. Wieczorkowski, Entropy-based goodness-of-fit test for exponentiality. Commun. Stat. Theory Methods 28 (5), 1183–1202 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    N.J. Daras, Stochastic analysis of cyber attacks, in Applications of Mathematics and Informatics in Science and Engineering, ed. by N.J. Daras. Springer Optimization and its Applications, vol. 91 (Springer, Berlin, 2014), pp. 105–129Google Scholar
  22. 22.
    C.T.J. Dodson (ed.), Proceedings of Workshop on Geometrization of Statistical Theory, Lancaster 28–31 Oct 1987 (ULDM Publications, University of Lancaster, Lancaster, 1987)Google Scholar
  23. 23.
    C.T.J. Dodson, Information distance estimation between mixtures of multivariate Gaussians, in Presentation at Workshop on Computational Information Geometry for Image and Signal Processing, ICMS Edinburgh, 21–25 Sept 2015Google Scholar
  24. 24.
    C.T.J. Dodson, Some illustrations of information geometry in biology and physics, in Handbook of Research on Computational Science and Engineering: Theory and Practice, ed. by J. Leng, W. Sharrock, IGI-Global, Hershey, PA, 2012, pp. 287–315. http://www.igi-global.com/book/handbook-research-computational-science-engineering/51940
  25. 25.
    C.T.J. Dodson, H. Matsuzoe, An affine embedding of the gamma manifold. InterStat 2002 (2), 1–6 (2002)zbMATHGoogle Scholar
  26. 26.
    C.T.J. Dodson, T. Poston, Tensor Geometry, 2nd edn. Graduate Texts in Mathematics, vol. 130 (Springer, New York, 1991)Google Scholar
  27. 27.
    C.T.J. Dodson, W.W. Sampson, Dimensionality reduction for classification of stochastic texture images, in Geometric Theory of Information, ed. by F. Nielsen (Springer, Heidelberg, 2014), pp. 1013–1015Google Scholar
  28. 28.
    C.T.J. Dodson, S.M. Thompson. A metric space of test distributions for DPA and SZK proofs. Poster Session, Eurocrypt 2000, Bruges, 14–19 May 2000. http://www.maths.manchester.ac.uk/~kd/PREPRINTS/mstd.pdf
  29. 29.
    C.T.J. Dodson, M. Mettänen, W.W. Sampson, Dimensionality reduction for characterization of surface topographies, in Presentation at Workshop on Computational Information Geometry for Image and Signal Processing, ICMS Edinburgh, 21–25 Sept 2015Google Scholar
  30. 30.
    P.S. Eriksen, Geodesics connected with the Fisher metric on the multivariate normal manifold, in ed. by C.T.J. Dodson Proceedings of the GST Workshop, Lancaster 1987, pp. 225–229. http://trove.nla.gov.au/version/21925860
  31. 31.
    W. Feller, An Introduction to Probability Theory and its Applications, 2nd edn. vol. II (Wiley, New York, 1971)Google Scholar
  32. 32.
    R.A. Fisher, Theory of statistical estimation. Proc. Camb. Philos. Soc. 122, 700–725 (1925)CrossRefzbMATHGoogle Scholar
  33. 33.
    P. Ginlin, Primes and Programming: An Introduction to Number Theory with Computing (Cambridge University Press, Cambridge, 1993)Google Scholar
  34. 34.
    O. Goldreich, A. Sahai, S. Vadham, Can statistical zero-knowledge be made non-interactive? Or, on the relationship of SZK and NISZK, in Advances in Cryptology-CRYPTO ’99, ed. by M. Wiener. Lecture Notes in Computer Science, vol. 1666 (Springer, Berlin, 1999), pp. 467–484Google Scholar
  35. 35.
    Y. Gu, A. McCallum, D. Towsley, Detecting anomalies in network traffic using maximum entropy estimation, in Proceedings of Internet Measurement Conference 2005, pp 345–350. More details are in the Technical Report from the Department of Computer Science, UMASS, Amherst 2005Google Scholar
  36. 36.
    F.A. Haight, Handbook of the Poisson Distribution (Wiley, New York, 1967)zbMATHGoogle Scholar
  37. 37.
    T.-Y. Hwang, C.-Y. Hu, On a characterization of the gamma distribution: the independence of the sample mean and the sample coefficient of variation. Ann. Inst. Stat. Math. 51 (4), 749–753 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  38. 38.
    V. Jacobson, C. Leres, S. McCanne: tcdump via anonymous ftp.ee.lbl.gov, June 1989Google Scholar
  39. 39.
    D.H. Johnson, S. Sinanovic, Symmetrizing the Kullback–Leibler Distance. Rice University doc (2001), https://scholarship.rice.edu/handle/1911/19969
  40. 40.
    P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in Advances in Cryptology-CRYPTO ’99, ed. by M. Wiener. Lecture Notes in Computer Science, vol. 1666 (Springer, Berlin, 1999), pp. 388–397Google Scholar
  41. 41.
    S. Kullback, Information Theory and Statistics (Wiley, New York, 1959)zbMATHGoogle Scholar
  42. 42.
    S. Kullback, R.A. Leibler, On information and sufficiency. Ann. Math. Stat. 22, 79–86 (1951)MathSciNetCrossRefzbMATHGoogle Scholar
  43. 43.
    R.G. Laha, On a characterization of the gamma distribution. Ann. Math. Stat. 25, 784–787 (1954)CrossRefzbMATHGoogle Scholar
  44. 44.
    A. Liaropoulos, G. Tsihrintzis (eds.), Proceedings of 13th European Conference on Cyber Warfare and Security, University of Piraeus, 3–4 July 2014Google Scholar
  45. 45.
    W. Lee, D. Xiang, Information-theoretic measures for anomaly detection, in Proceedings of IEEE Symposium Security and Privacy (2001), pp. 130–143. doi:10.1109/SECPRI.2001.924294Google Scholar
  46. 46.
    Y. Liu, Intrusion detection for wireless networks. PhD thesis, Stevens Institute of Technology. ACM Digital Library dl.acm.org (2006)Google Scholar
  47. 47.
    L.A. Maglaras, J. Jiang, T.J. Cruz, Integrated OCSVM mechanism for intrusion detection in SCASA systems. Electron. Lett. 50 (1), 1935–1936 (2014). Cf also: combining ensemble methods and social network metrics for improving accuracy of OCSVM on intrusion detection in SCADA systems. http://arxiv.org/pdf/1507.02825.pdf, 25 pp.
  48. 48.
    F. Nielsen, F. Barbaresco (eds.), Geometric Science of Information. GSI2013, vol. 8085. Lecture Notes in Computer Science (Springer, Heidelberg, 2013)Google Scholar
  49. 49.
    F. Nielsen (ed.), Geometric Theory of Information (Springer, Heidelberg, 2014)Google Scholar
  50. 50.
    R.E. Pino (ed.), Network Science and Cybersecurity (Springer, New York, 2014)Google Scholar
  51. 51.
    M. Raginsky, R. Willett, C. Horn, J. Silva, R. Marcia, Sequential anomaly detection in the presence of noise and limited feedback. ArXiv arXiv:0911.2904v4 (2012) 1–19Google Scholar
  52. 52.
    C.R. Rao, Information and accuracy attainable in the estimation of statistical parameters. Bull. Calcutta Math. Soc. 37, 81–91 (1945)MathSciNetzbMATHGoogle Scholar
  53. 53.
    A. Rushkin, J. Soto et al., A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. National Institute of Standards & Technology, Gaithersburg, MD (2001)Google Scholar
  54. 54.
    RISI online incident database (2015), http://www.risidata.com/Database
  55. 55.
    B.Y. Ryabko, V.A. Monarev, Using information theory approach to randomness testing. J. Stat. Plan. Inf. 133 (1), 95–110 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  56. 56.
    S.D. Silvey, Statistical Inference (Chapman and Hall, Cambridge, 1975)zbMATHGoogle Scholar
  57. 57.
    SunSoft SunSHIELD Basic Security Module Guide (Soft, Mountain View, CA, 1995). https://docs.oracle.com/cd/E19457-01/801-6636/801-6636.pdf
  58. 58.
    The Information Assurance Advisory Council (IAAC) (2017), http://www.iaac.org.uk/
  59. 59.
    P. Trim, H.Y. Youm (eds.), Korea-UK Initiatives in Cyber Security Research: Government, University and Industry Collaboration, Report Submitted to the Korean Government and the UK Government Mar (2015) http://www.iaac.org.uk/media/1356/cyber-security-report-trim-and-youm-march2015.pdf
  60. 60.
    USA homeland security: cybersecurity (2017), https://www.dhs.gov/topic/cybersecurity
  61. 61.
    C.R. Vance Jr., Smartphone encryption and public safety, in 6 th Annual Financial Crimes and Cybersecurity Symposium. Federal Reserve Bank of New York 15 Nov (2015), 42 pp. http://manhattanda.org/sites/default/files/11.18.15
  62. 62.
    W. Wang, Z. Lu, Cyber security in the smart grid: survey and challenges. Comput. Netw. 57 (5), 1344–1371 (2013). http://www.sciencedirect.com/science/article/pii/S1389128613000042 CrossRefGoogle Scholar
  63. 63.
    S. Wolfram, The Mathematica Book, 3rd edn. (Cambridge University Press, Cambridge, 1996)zbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.School of MathematicsUniversity of ManchesterManchesterUK

Personalised recommendations