CSIS logoCenter for Secure Information Systems

Securing the World's Cyber Infrastructure

Aerial View of the George Mason Fairfax Campus

Adversarial and Uncertain Reasoning for Adaptive Cyber Defense: Building the Scientific Foundations

A DoD Multidisciplinary University Research Initiative (MURI) Project
Sponsored by the Army Research Office
2013 - 2018

PRINCIPAL INVESTIGATORS:
Sushil Jajodia and Massimilano Albanese
George Mason University
OTHER TEAM MEMBERS:
George Cybenko
Dartmouth College
Michael P. Wellman, Satinder Singh Baveja, Demosthenis Teneketziz 
University of Michigan
Peng Liu, Minghui Zhu

Pennsylvania State University

Today’s cyber defenses are largely static. They are governed by slow deliberative processes involving testing, security patch deployment, and human-in-the-loop monitoring. As a result, adversaries can systematically probe target networks, pre-plan their attacks, and ultimately persist for long times inside compromised networks and hosts.

This project will develop a new class of technologies called Adaptive Cyber Defense (ACD) that will force adversaries to continually re-assess, re-engineer and re-launch their cyber attacks. ACD presents adversaries with optimized and dynamically changing attack surfaces and system configurations, thereby significantly increasing the attacker’s workloads and decreasing their probabilities of success.

ACD technology builds on two active but heretofore separate research areas: Adaptation Techniques and Adversarial Reasoning. Research in Adaptation Techniques (AT) has provided a rich repertoire of methods for introducing diversity and uncertainty into networks, applications, and hosts. However, the criteria for deciding where, when, and how to best employ available AT options have been outside the main body of AT research. Such management decisions are complex due to the performance and security tradeoffs inherent in AT approaches. To address such challenges, this project will harness a broad array of Adversarial Reasoning (AR) techniques to identify effective and stable strategies for deploying AT options in operational systems. AR combines machine learning, behavioral science, control theory, and game theory to address the goal of computing effective strategies in dynamic, adversarial environments.

Similar system adaptation techniques have already shown remarkable success in non-adversarial scenarios like mobility adaptive MANETs. However, those adaptation approaches assume stationary and stochastic, but non-adversarial, environments. Situations with intelligent peer adversaries operating in and changing a networked environment produce dynamic behaviors that violate these assumptions, potentially defeating these adaptations.

This coherent and focused research effort will yield: (a) scientific and engineering principles that enable effective Adaptive Cyber Defense, and (b) prototypes and demonstrations of technologies embodying these principles in defense-based scenarios, possibly in national cyber testbeds.