Prioritization In Sequential Decision-Making Under Uncertainty In Cyber Security Applications

dc.contributor.advisorAlipour, M. Amin
dc.contributor.committeeMemberLaszka, Aron
dc.contributor.committeeMemberEick, Christoph F.
dc.contributor.committeeMemberGnawali, Omprakash
dc.contributor.committeeMemberMukhopadhyay, Ayan
dc.creatorAtefi, Soodeh 2023
dc.description.abstractThis dissertation comprises three studies exploring the general topic of cyber security investigations, with a focus on identifying malicious elements such as vulnerabilities, techniques used by the attackers, and poisoning examples. The objective of these studies is to develop enhanced policies, superior prioritization methods, and improved strategies for conducting such investigations. The first study examines the data, while the second and third studies develop mathematical models. The first study focuses on bug bounty programs which are initiatives set up by organizations to encourage external security researchers to find security vulnerabilities or bugs in their products. However, it remains difficult to measure the benefits of bug bounty programs. The findings show the benefit of leveraging the collective expertise of external security experts. The second study addresses the challenge of prioritizing cyber-forensic investigation techniques to promptly discover how threat actors breached security during a cybersecurity incident. The goal is to assess the impact of the incident and develop countermeasures to protect against further attacks. This study formulates the decision-support problem as a Markov decision process and employs a $k$-nearest neighbor-based Monte Carlo tree search method. The method outperforms the state-of-the-art decision-support in terms of obtained benefit per effort spent. The third study investigates the detection of poisoned examples in deep learning datasets, which can pose serious threats to models trained on contaminated data. It introduces a principled defense approach that uses active search to identify poisoned elements crafted through targeted data poisoning attacks. The proposed method outperforms the two state-of-the-art defense methods in terms of attack success rate. It is also successful in detecting poisoned examples by investigating a small portion of the contaminated dataset. In conclusion, these data-driven studies offer valuable insights to cyber-security investigators, enabling them to improve policies, prioritize effectively, and develop better strategies. Furthermore, they consider the cost-benefit tradeoff to optimize resource allocation. The bug bounty program study helps organizations to develop a policy in running these programs that can increase the benefits of running bug bounty programs, while the cyber forensic investigation study and the study of poisoned examples seek to minimize effort while maximizing obtained benefit.
dc.description.departmentComputer Science, Department of
dc.format.digitalOriginborn digital
dc.identifier.citationPortions of this document appear in: Atefi S, Sivagnanam A, Ayman A, Grossklags J, Laszka A. The benefits of vulnerability discovery and bug bounty programs: Case studies of Chromium and Firefox. InProceedings of the ACM Web Conference 2023 2023 Apr 30 (pp. 2209-2219); and in: Atefi S, Panda S, Panaousis E, Laszka A. Principled data-driven decision support for cyber-forensic investigations. InProceedings of the AAAI Conference on Artificial Intelligence 2023 Jun 26 (Vol. 37, No. 4, pp. 5010-5017).
dc.rightsThe author of this work is the copyright owner. UH Libraries and the Texas Digital Library have their permission to store and provide access to this work. UH Libraries has secured permission to reproduce any and all previously published materials contained in the work. Further transmission, reproduction, or presentation of this work is prohibited except with permission of the author(s).
dc.subjectPrioritization, decision under uncertainty, cost-benefit tradeoff
dc.titlePrioritization In Sequential Decision-Making Under Uncertainty In Cyber Security Applications
dcterms.accessRightsThe full text of this item is not available at this time because the student has placed this item under an embargo for a period of time. The Libraries are not authorized to provide a copy of this work during the embargo period.
local.embargo.terms2025-08-01 of Natural Sciences and Mathematics Science, Department of Science of Houston of Philosophy


License bundle

Now showing 1 - 2 of 2
No Thumbnail Available
4.43 KB
Plain Text
No Thumbnail Available
1.81 KB
Plain Text