What Role Does Mathematics Play In Cybersecurity? Check These Examples
For most technologies to be usable, very complex work takes place in the background. Most people use an operating system and don’t care why or how it exists. It doesn’t seem necessary. In the early years of computing, machine codes and mathematics were much more important. But if you’re a cybersecurity professional, math is still important to you. Why? What role does math play in cybersecurity anyway?
How Are Mathematics Formulas Used in Cybersecurity?
Formulas, algorithms, and theories combined with the world of electrical and electronic engineering, and resulted in computers. If a cybersecurity professional wants to learn about computers and aims for a good career in the field, they must break some preconceptions about mathematics.
How Is Filtering Used?
Filtering methods are actively used for many different problems. If we look at the issue from a cybersecurity perspective, it’s best to consider blacklisting as an example.
Let’s say you want to use blacklist logic for IP blocking in a firewall. For this, the system you want to create should send the incoming request to the control mechanism and look for the IP address of the package in the list. If there is an IP address of the package in this list, it does not allow passage. The mathematical representation of these operations is as follows:
As you may see from the diagram, if the result according to thef(x)function is1, the transition is allowed; otherwise, it is not. That way, you’re filtering requests and only allowing through the IPs you want.
What Is the Scaling Method?
In order to ensure the security of a system, it must first be scalable. To examine the scaling method from a security perspective, let’s consider a web server. The goal is to theoretically calculate the workload on the web server.
To understand the workload on a web server, you must consider an important question: if the average time elapsed between incoming requests is 100 ms (milliseconds), how many requests are received on average in one second?
To describe this mathematically, let’s give the unknown value a name. For example, letTbe a random variable that represents the time elapsed between requests to the server.
As a result, by scaling100 msto1 ms, you get0.01 requestsper ms unit time. This means that you can receive an average of10 requestsin1000 ms.
Leveraging Error Possibility
You may need to know what percentage of the results produced by a Security Information and Event Management (SIEM) product are “False Positive”. SIEM products are one of the simplest examples of using error probabilities. Of course, even in penetration tests, you may take advantage of the error possibilities and consider an attack vector based on the available results. Let’s use an example.
The probability of error intransmitting binary numbersover a computer network operating at one billion bits per second is approximately 10 power minus 8. What is the probability of five or more errors in one second?
Finding these error possibilities and minimizing them will give you an idea to get a more robust and secure system.
How Social Engineering Uses the Markov Model
The Markov model is a statistical modeling of the transition between nodes. In other words, if you apply the Markov mode to the tweets of a Twitter user, it’s possible to generate a new tweet from the words previously used by that user. This is a pattern that many Tweet generator tools also use. From a cybersecurity perspective, attackers can use this method forsocial engineering attacks.
For example, if an attacker can capture the messages of the person, they can use messages to create a Markov model. The attacker can write a message according to the result obtained from the model, and the person reading it might think it’s genuine. This is true of any messages like emails and social media, but also more riskier documents like bank statements, official correspondence, and government documents. That’s why you need to knowthe phishing red flags to watch out for.
If you want to see how the Markov model works through an algorithm, you can review thecodes on GitHub.
Game Theory Example
Think of game theory as the contradiction between a player’s winning situation in a game and the losing situation of other players. In short, to win a game, your opponents must lose. Likewise, for your opponents to lose, you have to win.
Being able to examine game theory from a cybersecurity perspective can help you make the best decision in any crisis situation. For example, imagine there are two official banks, ABC and XYZ.
The ABC bank uses a specific security measure to combat ransomware threats. ABC bank wants to sell this security measure to XYZ bank for a fee. Is it really necessary for bank XYZ to receive information about this security measure?
If bank XYZ buys the information and does not take any action, it will incur losses equal to (X+Y). And so, bank XYZ can use its numerical data to make the most appropriate decision after considering all possibilities. you could benefit from many methods of game theory, especially so as to convince the units protected by a cybersecurity office that has not developed mathematical awareness and to provide cyber intelligence on these issues.
Modeling Phase
Modeling and visible analysis always pays off. A large part of cybersecurity consists of intelligence- and information-gathering steps. That’s why modeling has a special importance for both attack and defense. That’s where graph theory comes in—a method frequently used by social networking platforms such as Facebook and Twitter.
Most famous social networks organize their pages such as highlights, stories, and popular posts using graph theory. Here’s a simple example of the graph method used in social media:
In summary, graph theory is very useful for a cybersecurity professional to be able to analyze network traffic and model network flow.
Mathematics in Cryptography and Encryption Methods
If you know how functions work, it’s possible to also easily learn aboutcryptography and hashing. Simply put, functions are like a manufacturing facility. You throw something inside the function and it produces a result for you. You can change the function, i.e. set rules and get the result the way you want.
These functions are divided into different categories among themselves. However, since it’s vital you have a strong and unbreakable password, we will only cover one-way functions. If you think of one-way functions according to the production facility example, they are functions that cannot restore the result they produce. So you will get an output, but this output will remain as it is. There’s no reverse engineering.
The best area touse this is definitely in encryption. This is how hash functions work, for example. If you pass a text through the hash function, it will give you a completely different value. This value is no longer reversible, so you can hide and secure your text.
Do I Really Need to Know Mathematics?
If you’re dealing with vulnerabilities in hundreds of files and tens of thousands of lines of code; a website that has hundreds of thousands of visitors; or a bank application where people pay their bills… you may have to use mathematics. Otherwise, you won’t be out of your job. But a deep understanding of math puts you one step ahead.
Math is a useful skill to have, and you can make a name for yourself in the tech sector if you’re an expert.
Don’t let aging hardware force you into buying expensive upgrades.
Don’t let someone else take over your phone number.
I gripped my chair the entire time—and then kept thinking about it when the screen turned off.
My foolproof plan is to use Windows 10 until 2030, with the latest security updates.
Quality apps that don’t cost anything.
