Search for: All records

Cybersecurity is a complex problem. To study the complexity underneath the system and forecast possible future cyber events, we used system dynamics (SD)modeling and simulation.Network operations are normally modeled and simulated using the discrete-event simulation (DES) techniques. Since the primary focus of the DES modeling is packet traffic, the cyberattacks and resulting defenses are viewed from the layer 3 (network layer) of the open system interconnection (OSI) model. This does not discover more harmful attacks that might occur at higher(layer 4 and above) OSI layers. There are 32 million small businesses across the United States and 81 percent of them do not have cybersecurity personnel. Today’s extraordinary (COVID-19) situation, application layer (layer 7) security is the key concern for everyone, because every business revenue is heavily dependent on online/always-on presence. Research shows that almost 70 percent of successful cyber attacks are happening at the application layer. This paper presents a new integrated SD modeling framework for the application layer security to help small businesses from cyberattacks. 

The global Cybersecurity skill gap in 2020 is about 3.1 million and the Cybersecurity staff shortage is about 69%. Universities are waking up to the need for developing skills in Cybersecurity. Though many Universities offer a master’s degree in Cybersecurity, it is impractical to fill this huge demand for Cybersecurity through only graduate degree holders. After careful analysis, it has become evident that there is a gap in the curriculum as it relates to training for Cybersecurity concepts in foundational computing courses for students. To be more specific, there is relatively less focus on the infusion of Cybersecurity concepts in undergraduate computing courses and its impact on classroom practices. This paper serves to address this gap by providing an experience in infusing, teaching, and assessing Cybersecurity modules in various undergraduate computing courses that immerse students in real-world Cybersecurity practices through active learning. 

Model validation, though a process that's continuous and complex, establishes confidence in the soundness and usefulness of a model. Making sure that the model behaves similar to the modes of behavior seen in real systems, allows the builder of said model to assure accumulation of confidence in the model and thus validating the model. While doing this, the model builder is also required to build confidence from a target audience in the model through communicating to the bases. The basis of the system dynamics model validation, both in general and in the field of cyber security, relies on a casual loop diagram of the system being agreed upon by a group of experts. Model validation also uses formal quantitative and informal qualitative tools in addition to the validation techniques used by system dynamics. Amongst others, the usefulness of a model, in a user's eyes, is a valid standard by which we can evaluate them. To validate our system dynamics cyber security model, we used empirical structural and behavior tests. This paper describes tests of model structure and model behavior, which includes each test's purpose, the ways the tests were conducted, and empirical validation results using a proof-of-concept cyber security model.