Proactive Cyber Situation Awareness via High Performance Computing

Cyber situation awareness technologies have largely been focused on present-state conditions, with limited abilities to forward-project nominal conditions in a contested environment. We demonstrate an approach that uses data-driven, high performance computing (HPC) simulations of attacker/defender activities in a logically connected network environment that enables this capability for interactive, operational decision making in real time. Our contributions are three-fold: (1) we link live cyber data to inform the parameters of a cybersecurity model, (2) we perform HPC simulations and optimizations with a genetic algorithm to evaluate and recommend risk remediation strategies that inhibit attacker lateral movement, and (3) we provide a prototype platform to allow cyber defenders to assess the value of their own alternative risk reduction strategies on a relevant timeline. We present an overview of the data and software architectures, and results are presented that demonstrate operational utility alongside HPC-enabled runtimes.

[1]  Matthew Rocklin,et al.  Dask: Parallel Computation with Blocked algorithms and Task Scheduling , 2015, SciPy.

[2]  Cem Safak Sahin,et al.  Capturing the security effects of network segmentation via a continuous-time markov chain model , 2017, SpringSim.

[3]  William W. Streilein,et al.  Automatic Generation of Cyber Architectures Optimized for Security, Cost, and Mission Performance: A Nature-Inspired Approach , 2018, Advances in Nature-Inspired Computing and Applications.

[4]  Marc Parizeau,et al.  DEAP: a python framework for evolutionary algorithms , 2012, GECCO '12.

[5]  Leslie Leonard,et al.  HACSAW: a trusted framework for cyber situational awareness , 2018, HotSoS.

[6]  James Riordan,et al.  Quantifying the mission impact of network-level cyber defensive mitigations , 2017 .

[7]  Cleotilde Gonzalez,et al.  Understanding Cyber Situational Awareness in a Cyber Security Game involving , 2018, Int. J. Cyber Situational Aware..

[8]  William W. Streilein,et al.  A nature-inspired decision system for secure cyber network architecture , 2017, 2017 IEEE Symposium Series on Computational Intelligence (SSCI).

[9]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[10]  Philip Graff,et al.  GALILEO: A Generalized Low-Entropy Mixture Model , 2017, ArXiv.

[11]  Xiaoyan Sun,et al.  Enterprise-Level Cyber Situation Awareness , 2017, Theory and Models for Cyber Situation Awareness.

[12]  Gregory A. Witte,et al.  The National Vulnerability Database (NVD): Overview | NIST , 2013 .

[13]  Pierre C. Trepagnier,et al.  Latent feature vulnerability ranking of CVSS vectors , 2017, SummerSim.

[14]  Daniel R. Tauritz,et al.  Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) , 2015, GECCO.

[15]  Muthu Manikandan Baskaran,et al.  Enhancing Network Visibility and Security through Tensor Analysis , 2019, Future Gener. Comput. Syst..

[16]  Paul D. Rowe,et al.  Mission-focused cyber situational understanding via graph analytics , 2018, 2018 10th International Conference on Cyber Conflict (CyCon).

[17]  Daniel R. Tauritz,et al.  Automated design of network security metrics , 2018, GECCO.

[18]  Daniel R. Tauritz,et al.  Galaxy: A Network Emulation Framework for Cybersecurity , 2018, CSET @ USENIX Security Symposium.

[19]  Igor V. Kotenko,et al.  Security Evaluation for Cyber Situational Awareness , 2014, 2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS).

[20]  P. Hancock,et al.  The Human Factors of Cyber Network Defense , 2015 .

[21]  Una-May O'Reilly,et al.  Adversarial co-evolution of attack and defense in a segmented computer network environment , 2018, GECCO.