Visible to the public Dynamic information-theoretic measures for security informatics

TitleDynamic information-theoretic measures for security informatics
Publication TypeConference Paper
Year of Publication2013
AuthorsColbaugh, R., Glass, K., Bauer, T.
Conference Name2013 IEEE International Conference on Intelligence and Security Informatics
Date Publishedjun
Keywordsactivity trace, behavior prediction, cryptography, cyber security, dynamic information-theoretic measure, dynamical process analysis, Human Behavior, Informatics, information theoretic security, Information theory, innocent computer network activity, instruction sequence, invasive software, legitimate software, malicious computer network activity, Malware, Markov processes, Metrics, natural language processing, policy-based governance, predictive analytics, pubcrawl, Resiliency, Scalability, security application, security domain, security informatics, social network, social network dynamics, Social network services, social networking (online), static analysis, stochastic dynamical system, Vehicle dynamics
AbstractMany important security informatics problems require consideration of dynamical phenomena for their solution; examples include predicting the behavior of individuals in social networks and distinguishing malicious and innocent computer network activities based on activity traces. While information theory offers powerful tools for analyzing dynamical processes, to date the application of information-theoretic methods in security domains has focused on static analyses (e.g., cryptography, natural language processing). This paper leverages information-theoretic concepts and measures to quantify the similarity of pairs of stochastic dynamical systems, and shows that this capability can be used to solve important problems which arise in security applications. We begin by presenting a concise review of the information theory required for our development, and then address two challenging tasks: 1.) characterizing the way influence propagates through social networks, and 2.) distinguishing malware from legitimate software based on the instruction sequences of the disassembled programs. In each application, case studies involving real-world datasets demonstrate that the proposed techniques outperform standard methods.
Citation Keycolbaugh_dynamic_2013