|
Computational cyber-security Attacker/Analyst Models
Navy SBIR FY2013.2
| Sol No.: |
Navy SBIR FY2013.2 |
| Topic No.: |
N132-132 |
| Topic Title: |
Computational cyber-security Attacker/Analyst Models |
| Proposal No.: |
N132-132-0749 |
| Firm: |
Intelligent Automation, Inc.
15400 Calhoun Drive
Suite 400
Rockville, Maryland 20855 |
| Contact: |
Bob Pokorny |
| Phone: |
(301) 294-4750 |
| Web Site: |
www.i-a-i.com |
| Abstract: |
Cyber-attacks threaten our security and impede American business. To counter cyber-security attacks, computational models of the entire cyber-security environments can provide many benefits. With our transition partners, we will create computational models that can play the roles of cyber-attacker, cyber-defender, network users, and network policy makers. Synthetic environments could (1) measure the real security of an organization's network without causing harm; (2) investigate defenses against new kinds of attacks, (3) project how future attacks are likely to evolve, (4) and support defenders as they struggle to reduce the effectiveness of attacks.
To make these computational models, we will conduct cognitive task analyses that are designed to clearly represent the approach that various players take and that are sufficiently detailed to inform the design and development of computational models. For this project, we will be using the computational model Lumen. Lumen is a product of DARPA's Cognitive Agents that Learn and Organize project. Lumen was chosen because it is a modern procedural reasoning system that can address the kinds of back and forth probes and responses that matches the confrontation between cyber-attackers and cyber-defenders. This project will demonstrate how complex CTAs and computational models can elucidate the ubiquitous threat of cyber-attacks.
|
| Benefits: |
The potential benefits and commercial applications of this research are breathtaking.
Within the realm of cyber-security, the possibility of completely synthetic environments have many benefits:
1. With a synthetic cyber-attacker, an organization can measure how well its defenses keep its secrets safe.
2. Researchers investigating cyber-attacks and defenses can learn and report how well different kinds of attacks work against defenses implementing particular defensive approaches and policies.
3. Researchers can investigate how attackers may evolve. As cyber-defenses make certain vulnerabilities less attractive, currently successful defenses will be the next weakest link, and attackers will learn to exploit their vulnerabilities. This process can continue forever.
4. Cyber-defenders need to always be thinking about how an attacker may be trying to infiltrate a network. Cyber-defenders can be supported in many ways: a computational model of an attacker can report to the defender what an attacker may be thinking, and what are the current vulnerabilities. The cyber-defender can also practice against synthetic cyber-attackers to prepare for future cyber-attacks. Users of systems can witness the destruction that results from not following good defensive policies.
The same capability of using cognitive task analyses and computational models can be generalized so that actual competitive environments can be simulated in synthetic environments. These include competitive environments such as intelligence analysis, political campaigns, and advertising or marketing campaigns.
|
Return
|