Forem: Adeoluwa Agbakosi

Cyber-Security and the Game Theory.

Adeoluwa Agbakosi — Wed, 30 Mar 2022 01:34:38 +0000

Cyber Security might as well be one of the largest and most interesting fields in the tech world. In this series we would be looking at how Cyber Security relates to Tame Theory and Adversarial thinking. But first of all we need to understand what Cyber Security and the Game Theory is.

What is Cyber Security?

Cyber Security is the term used to collectively denote the technologies, processes and controls that are intended to protect systems, networks and data from cyber attackers. To further understand Cyber Security as a whole you should check out this article, Cyber Security: A run through.

What is Game Theory?

Game Theory, branch of applied mathematics that provides tools for analyzing situations in which parties, called players, make decisions that are interdependent. This interdependence causes each player to consider the other player’s possible decisions, or strategies, in formulating strategy.

The Game Theory was originally developed by the Hungarian-born American mathematician John von Neumann and his Princeton University colleague Oskar Morgenstern, a German-born American economist, to solve problems in economics. Though originally meant to be used to solve problems in economics, the Game Theory has nowadays being used in different fields such as cyber security and even warfare.

Cyber security problems that require rational decision making can be solved in a better way using game theory. But game theory has a limitation if the defender is provided only with limited information on the opponent’s strategy and decisions. Game theory enhances the ability to anticipate the actions of the hackers. To make game theory a practicable approach to solve cyber security issues strategies of hackers should be a finite and predictive set. Ideally it is very difficult to predict the strategies for both attacker and defender in real time.

Game Theory is a promising research field in the cyber security sector. One very important skill that is acknowledged by researchers is "Adversarial Skill" as described as think like a hacker. This can be used to avoid security threats to the system connected to internet. This skill is widely acknowledged because now a day’s cyber security is dependent on guessing or analyzing the attacker’s strategies.

Game theory and Cyber security share similar concerns in various aspects of their application. In which payoff with respect to players is not only contingent of the decision he made but it also depends upon the opponent’s behavior. Based on this resemblance, we can use Game theory as a mathematical tool to deal with cyber security problems based on multi agent behaviors.

Game theory has many components such as:

The players: who make decisions with respect to the game.

Actions: which are the decisions made by each player.

Payoffs: which is the amount of satisfaction either positive or negative derived from each action.

Strategies: which are the future actions set in place with respect to the past and expected actions of the opponent.

Their are several types of games in the game theory. We have Cooperative games, Non-cooperative games, Static games, Dynamic games, Complete information games, Incomplete information games, Perfect information games, Imperfect information games. Cyber security can be described under the non-cooperative, incomplete information and Imperfect information types of games.

Game Theory Methods for Cyber Security Applications:

Game Theory for cyber security applications can be divided
into six categories:

Physical Layer Security.
Self-Organised Network Security.
Intrusion Detection and Prevention.
Privacy preservation and Anonymity.
Economics of Cyber Security
Cloud Computing Security.

Consider Self-Organized Network Security and Cloud computing Security.

Self-Organised Network Security (SON):

Game theoretic approaches that are used for designing security protocols for SONs are Vehicular Networks (VANETs), Wireless Sensor Networks and Mobile Ad Hoc Networks (MANETs). Most of the game theoretic approaches consider that only two players will be there in the game.

Attacker: The attacker is an opponent who makes malicious entry into the system with the intendment of threatening its security. The strategies of the attacker can vary from a single action to a sequence of differed counter activities. In this study, we limit our interests to such attacks that consist of a series of activities that directs towards an ultimate goal.

Defender: The defender on the other side is responsible for applying proper defense techniques to secure the system from various malicious attacks from attacker. The defender has a set of counter strategies to monitor and protect the system. The main aim of this player is to make pre-emptive responses in a manner where he has limited knowledge of the system status, purely relying on the counter strategies.

These assumptions on players are not practical in MANETs. The strategic decisions of each node in MANETs can be computed in a fully distributed approach, where the decision can be made without centralized administration and each node only needs to know the information of its own state and thereby aggregate effect of the other node in the MANET. In few networks Digital signature is widely used, it may provide security but it introduces delay due to signature verification which in turn reduces Quality of Service QoS.

Cloud Computing Security:

Traditional security is not suitable for Cloud computing concepts such as multi-tenancy, resource sharing and resource outsourcing. These are the new challenges for security researches.

Security-aware virtual machines (VM) have been proposed by researchers with the combination of game theory in public cloud, where multiple Nash Equlibria has been included for security game in public cloud i.e., defender has counter actions for each one of the attackers strategies. Nash Equilibrium is a combination of Set of strategies and payoffs which results in stable state where no player has benefit when there is change in strategies on any player in the game.

Scalable security risk assessment model using game theory has also been proposed for cloud computing in order to evaluate the risk. Main aim of this risk assessment is to decide who should fix the risk in the system i.e. by the cloud provider or tenant of the system.

CHALLENGES

The main challenges faced while designing the game theory model are:

Defining payoff function for each player in the game is practically impossible. But payoff function is a key procedure in game theory because result of the game is directly dependent on the result of payoff function.

All the game models and strategies are based upon assumptions. But in reality the strategies involves in cyber security problems are infinite and dynamic. Based on assumptions result of the payoff function may be good. But if it is implemented practically it is difficult to achieve good result from payoff function.

Defining payoff functions for attacker and defender is practically impossible. Strategies based on assumptions cannot be implemented in real time.

The proof for existence of Nash Equilibrium is only logical not constructive. There are not methods available to implement Nash Equilibrium practically. All these assumptions cannot be used without proof because it may result in security compromise.

For now the concept of game theory in cyber security is purely theoretical and remains an open research area.

Deploying Recommender Systems Algorithm to a Web App.

Adeoluwa Agbakosi — Fri, 04 Mar 2022 20:16:28 +0000

The web today revolves around content recommendation, from major platforms like Amazon where goods are recommended to you, to social media applications like Facebook where friends are recommended for you. Recommendation systems has become the new normal for the web, it has become rarely difficult to find a major web page without one form of recommendation or the other.

If you do not have previous knowledge of how recommender systems work, you might want to check out this Recommender Systems Course on Google.

For this article i will be building a Movie Recommendation App. This app is going to take input( the name of a movie a user likes ) and recommend movies that are related to it. The working logic here is that if you like a movie, then you should also like movies related to it.

You can view the resulting application here.
View the source codes here.

Now lets get to work.

The Dataset.

The dataset used in building the recommender algorithm is the TMBD 5000 Movie Dataset available on Kaggle.

The dataset contains 4803 entries. Let's go through the dataset very briefly so that we can focus on building the machine learning model part.

We load the two csv files into df1 & df2 dataframes

Instead of handling both the data frames, We merged the data frames so that we have to work on a single data frame. The dataset thankfully does not have a large number of empty values. Let’s handle them one by one. Here is an overview of all the columns.

Looking at the id column, which is unique for each movie, we do not need it because it will not contribute to the recommendations. Also, the tagline column should be eliminated because most of the movies have an overview and thus the tagline would result in more of a similar context. Dropping these 2 columns results in a data frame with 21 attributes.

There are multiple columns where we have a string or node which contains a dictionary. We can use literal_eval from ast module to remove these strings or nodes and get the embedded dictionary. So we use literal_eval for attributes cast, keywords, crew, & genres. Now we have these attributes in the form of a dictionary, we can use these attributes and get important features such as director names, a very important factor for our recommender system. Also for the cast, keywords, & genre attributes, we can return the top 3 names in each category in a list. Now we can create a single column which will a sum of all these 4 attributes, which are very dominant factors for our recommender system. Let’s call this column “soup” (because it’s like a soup/combination of 4 attributes).

Building The Machine Learning Model.

To build our model, we first create a count matrix that is created by the help of a count vectorizer. We create a count vector with English stopwords & fit and transform over the soup column we just created in the previous section. Scikit-learn has a very beautiful method called cosine similarity. It is simply a metric that is used to determine how similar documents are, irrespective of their size. After building the cosine similarity matrix for our dataset, we can now sort the results to find out the top 10 similar movies. We return the movie title & indexes to the user.



import difflib
import pandas as pd
from sklearn.feature_extraction.text import CountVectorizer
from sklearn.metrics.pairwise import cosine_similarity

df2 = pd.read_csv('./model/tmdb.csv')

count = CountVectorizer(stop_words='english')
count_matrix = count.fit_transform(df2['soup'])

cosine_sim2 = cosine_similarity(count_matrix, count_matrix)

df2 = df2.reset_index()
indices = pd.Series(df2.index, index=df2['title'])
all_titles = [df2['title'][i] for i in range(len(df2['title']))]

def get_recommendations(title):
    cosine_sim = cosine_similarity(count_matrix, count_matrix)
    idx = indices[title]
    sim_scores = list(enumerate(cosine_sim[idx]))
    sim_scores = sorted(sim_scores, key=lambda x: x[1], reverse=True)
    sim_scores = sim_scores[1:11]
    movie_indices = [i[0] for i in sim_scores]
    tit = df2['title'].iloc[movie_indices]
    dat = df2['release_date'].iloc[movie_indices]
    return_df = pd.DataFrame(columns=['Title','Year'])
    return_df['Title'] = tit
    return_df['Year'] = dat
    return return_df

Creating the Web App.

Now that we have our algorithm for the recommender system we want to create an interface where a user can input movies and receive recommendation based on the movie inserted.

The easiest framework to use for this kind of task is the flask framework. If you have no previous knowledge of how the framework works you can check out this article if found on real python here

After creating our html templates we use the codes below in our app.py to simple render our templates.



import flask
app = flask.Flask(__name__, template_folder=’templates’)
# Set up the main route
@app.route(‘/’, methods=[‘GET’, ‘POST’])
def main():
    if flask.request.method == ‘GET’:
        return(flask.render_template(‘index.html’))

Now that we have our index.html rendered, let’s hope that the user enters a movie name. Upon entering, the user clicks on the submit button and the form is submitted.

Now we have a movie name, which is submitted by the user in the form. Let’s hold this name into the m_name variable in python. We accept the form submission using the post method.



if flask.request.method == ‘POST’:
    m_name = flask.request.form[‘movie_name’]
    m_name = m_name.title()

We also convert the input movie name to the title format. The title form will simply convert every character of each word to upper case. Now we have 2 options:

If the input movie name is misspelled or does not exist in the database. — If wrong, show error page & possible similar movie name based on the input.
If a correct movie name is entered & present in the database, then show the recommendations.



if m_name not in all_titles:
   return(flask.render_template(‘negative.html’,name=m_name))
else:
   result_final = get_recommendations(m_name)
   names = []
   dates = []
   for i in range(len(result_final)):
      names.append(result_final.iloc[i][0])
      dates.append(result_final.iloc[i][1])
   return flask.render_template(‘positive.html’,movie_names=names,movie_date=dates,search_name=m_name)

negative.html is rendered if the input from the user does not match with all_titles list which contains all the movie names present in the database.
Negative.html page simply shows possible reason(s) for not able to find the searched movie. It also searches throughout the whole database and makes use of similar word search techniques(difflib.get_close_matches() method in python & Levenshtein distance method ) to find the closest match and suggests the user about the movie names which are very similar to the one user entered. All this is done using javascript and finally rendered on the HTML page.
positive.html is rendered if the input movie name matches with the database. If so, we call the get_recommendations function by passing the movie name. The get_recommendations function is the same as we have discussed in section 2. We take the movie name, calculate the cosine matrix with respect to the dataset and find the most similar movie to the input movie. We sort the results and return back top 10 results. We send similar movie names as well as their release date in a list to the positive.html. We create a tabular layout and print the 10 movies along with their release dates.

With this we have a functional recommendation engine where you can input movies and get movie recommendations based on movies avalable in our database.

You can view the resulting application here.
View the source codes here.

Cyber Security: A run through.

Adeoluwa Agbakosi — Sat, 19 Feb 2022 21:47:18 +0000

When asked about cyber-security what comes to mind?

Most people will answer this question and say hacking or some even say Penetration testing. Cyber-security goes way beyond hacking and pen testing, according to IBM.

Cyber-security is the practice of protecting critical systems and sensitive information from digital attacks. Also known as information technology (IT) security, cyber-security measures are designed to combat threats against networked systems and applications, whether those threats originate from inside or outside of an organization.

In simpler English Cyber-security is the protection of internet-connected systems such as hardware, software and data from cyber-threats. Before diving into the elements of cyber-security we should first of all understand some basic terms.

Hardware:
Quite simply, computer hardware is the physical components that a computer system requires to function. It encompasses everything with a circuit board that operates within a PC or laptop; including the motherboard, graphics card, CPU (Central Processing Unit), ventilation fans, webcam, power supply, and so on.

Software:
Computer software is a program that tells a computer what to do. These instructions might be internal commands, such as updating the system clock, or a response to external input received from the keyboard or mouse.

Data:
Ever heard the phrase Data is the new gold. Well data is a collection of facts, such as numbers, words, measurements, observations or just descriptions of things. Data is most commonly the target of cyber-threats.

Cyber-Threats:
A cyber threat or cyber-security threat is a malicious act intended to steal or damage data or disrupt the digital well-being and stability of an enterprise. Cyber threats include a wide range of attacks ranging from data breaches, computer viruses, denial of service, and numerous other attack vectors.

Now that we understand what all the terms above are we can now start dissecting the different aspects involved in cyber-security starting with the various types of cyber-threats.

Types of Cyber-Threats

A cyber-threat as explained earlier is a is a malicious act intended to steal or damage data. Their are several types of cyber-threat, each of which has different effects and mode of execution. A few of them are:

1. Malware:
This is a form of malicious software in which any file or program can be used to harm a computer user. Malware's are the most common type of cyber attacks and they include but are not limited to worms, viruses, Trojans and spyware.

2. Ransomware:
Imagine being locked out of your system, and being told to pay before you can access it. This attack involves an attacker locking the victim's computer system files -- typically through encryption -- and demanding a payment to decrypt and unlock them. Large organization such as hospitals data farms and government offices commonly fall prey to this form of cyber attack.

3. Social engineering:
This is an attack that relies on human interaction to trick users into breaking security procedures to gain sensitive information that is typically protected.

4. Phishing:
This is a form of social engineering where fraudulent email or text messages that resemble those from reputable or known sources are sent. Often random attacks, the intent of these messages is to steal sensitive data, such as credit card or login information. Phishing is another very common cyber attack with the number of people falling prey to this rising on a daily basis.

4. Spear phishing:
This is a type of phishing attack that has an intended target. This target could be a user, organization or business.

5. Insider threats:
This are security breaches or losses caused by humans -- for example, employees, contractors or customers. Insider threats can be malicious or negligent in nature.

6. Distributed denial-of-service (DDoS):
This attacks are those in which multiple systems disrupt the traffic of a targeted system, such as a server, website or other network resource. By flooding the target with messages, connection requests or packets, the attackers can slow the system or crash it, preventing legitimate traffic from using it.

7. Advanced persistent threats (APTs):
This are prolonged targeted attacks in which an attacker infiltrates a network and remains undetected for long periods of time with the aim to steal data.

8. Man-in-the-middle (MitM):
This attacks are eavesdropping attacks that involve an attacker intercepting and relaying messages between two parties who believe they are communicating with each other.

9. SQL Injection:
This is a code injection technique used to attack data-driven applications by inserting malicious SQL statements into the execution field. The database is a vital part of any organization. This is handled by high-level security in an organization. SQL is a structured query language. Used to interact and to manipulate the database.

We could go on and on about the various types of cyber attacks but this would then be a very long read. Other common types of cyber attacks are botnets, drive-by-download attacks, exploit kits, malvertising, vishing, credential stuffing attacks, cross-site scripting (XSS) attacks, business email compromise (BEC) and zero-day exploits.

Elements of cyber-security

The cyber-security field can be broken down into various sections. This sections working together contributes to a great cyber-security program. This sections are as follows:

1. Information or Data Security:
Information security, often shortened to infosec, is the practice, policies and principles to protect digital data and other kinds of information. Infosec responsibilities include establishing a set of business processes that will protect information assets, regardless of how that information is formatted or whether it is in transit, is being processed or is at rest in storage.

2. Application Security:
Application security, or appsec, is the practice of using security software, hardware, techniques, best practices and procedures to protect computer applications from external security threats. In software development, security used to be an afterthought, today security has become a very critical aspect of the development process right from design to deployment.

3. Disaster Recovery Planing:
So you are thinking "what does disaster recovery have to do with cybersec?", disaster recovery is very important to cyber security especially with it firms that deal in essential services like financial services.
A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident. A DRP is an essential part of a business continuity plan (BCP). It is applied to the aspects of an organization that depend on a functioning IT infrastructure. A DRP aims to help an organization resolve data loss and recover system functionality so that it can perform in the aftermath of an incident, even if it operates at a minimal level.

4. Operational Security:
OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines what is required to protect sensitive information and prevent it from getting into the wrong hands.
OPSEC gets information technology (IT) and security managers to view their operations and systems as potential attackers would. OPSEC includes analytical activities and processes, such as social media monitoring, behavior monitoring and security best practices.

5. Cloud Securitiy:
Cloud security refers to the technologies, policies, controls, and services that protect cloud data, applications, and infrastructure from threats.

Other elements of cyber-security are

End-User Education
Critical Infrastructure Security
Physical Security
Network Security

Maintaining cybersecurity in a constantly evolving threat landscape is a challenge for all organizations. Traditional reactive approaches, in which resources were put toward protecting systems against the biggest known threats, while lesser known threats were undefended, is no longer a sufficient tactic.
To keep up with changing security risks, a more proactive and adaptive approach is necessary. Several key cybersecurity advisory organizations offer guidance. For example, the National Institute of Standards and Technology (NIST) recommends adopting continuous monitoring and real-time assessments as part of a risk assessment framework to defend against known and unknown threats.

Job Opportunities in Cyber-security

As more cyber-threats emerge the need for cyber-security professionals is increasing making room for different opportunities in this field.

IT professionals and other computer specialists are needed in security roles, such as:

Chief Information Security Officer (CISO):
CISO is the individual who implements the security program across the organization and oversees the IT security department's operations.

Chief Security Officer (CSO):
CSO is the executive responsible for the physical and/or cyber-security of a company.

Security Engineers:
A Security Engineer protects company assets from threats with a focus on quality control within the IT infrastructure.

Security Architects:
Security Architects are responsible for planning, analyzing, designing, testing, maintaining and supporting an enterprise's critical infrastructure.

Security Analysts:
Security Analysts have several responsibilities that include planning security measures and controls, protecting digital files, and conducting both internal and external security audits.

Penetration Testers:
Pen Testers are Ethical Hackers who test the security of systems, networks and applications, seeking vulnerabilities that could be exploited by malicious actors.

Threat Hunters:
Threat Hunters are threat analysts who aim to uncover vulnerabilities and attacks and mitigate them before they compromise a business.

Other cyber-security careers include security consultants, data protection officer, cloud security architects, security operations manager (SOC) managers and analysts, security investigators, cryptographers and security administrators.

The topic of cyber-security is one that cannot be discussed with one article, but with this few points a beginner should be able to understand cyber-security to an extent.

So now lets answer the question that started all this in the first place.