Adversarial co-evolution of attack and defense in a segmented computer network environment

@article{Hemberg2018AdversarialCO,
  title={Adversarial co-evolution of attack and defense in a segmented computer network environment},
  author={Erik Hemberg and Joseph R. Zipkin and Richard W. Skowyra and Neal Wagner and Una-May O’Reilly},
  journal={Proceedings of the Genetic and Evolutionary Computation Conference Companion},
  year={2018}
}
In computer security, guidance is slim on how to prioritize or configure the many available defensive measures, when guidance is available at all. We show how a competitive co-evolutionary algorithm framework can identify defensive configurations that are effective against a range of attackers. We consider network segmentation, a widely recommended defensive strategy, deployed against the threat of serial network security attacks that delay the mission of the network's operator. We employ a… 

Figures and Tables from this paper

What Is Your MOVE: Modeling Adversarial Network Environments
TLDR
A coevolutionary-based simulator called MOVE is proposed that can evolve both attack and defense strategies, and the results show that the evolved strategies far surpass randomly generated strategies.
Investigating algorithms for finding nash equilibria in cyber security problems
TLDR
This work investigated Nash equilibria in cyber security problems by modeling attacker-defender interactions using competitive coevo-lutionary algorithms and found that NashSolve and HybridCoev did not perform significantly better for both attacker and defender populations relative to other heuristics.
Adversarial genetic programming for cyber security: a rising application domain where GP matters
TLDR
A framework called RIVALS is presented which supports the study of network security arms races and its goal is to elucidate the dynamics of cyber networks under attack by computationally modeling and simulating them.
Exploring Adversarial Artificial Intelligence for Autonomous Adaptive Cyber Defense
TLDR
This work presents a framework that recreates the coevolutionary process in the context of network cyber security scenarios and describes its current use cases and an exploration in how to harvest defensive solutions from it using different solution concepts and solution quality measures.
Modeling and simulation to support cyber defense
  • Suresh Damodaran, Neal Wagner
  • Computer Science
    The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology
  • 2019
TLDR
Three papers focused on state-of-the-art mod/sim approaches for supporting the defense of cyber systems that underpin a nation-state’s critical infrastructure, and the exploration of alternative system defenses and threats to prepare for future attacks are presented.
Securing the software defined perimeter with evolutionary co-optimization
TLDR
It is shown how a competitive co-evolutionary framework can be used to evaluate different SDP configurations and enable the comparison of different S DP configurations based on the objective of minimizing the number of potentially compromised high-value resources.
A Trilevel Model for Segmentation of the Power Transmission Grid Cyber Network
TLDR
A novel trilevel programming model is developed to optimally segment a grid communication system, taking into account the actions of an information technolology (IT) administrator, attacker, and grid operator.
Proactive Cyber Situation Awareness via High Performance Computing
TLDR
An approach that uses data-driven, high performance computing (HPC) simulations of attacker/defender activities in a logically connected network environment that enables this capability for interactive, operational decision making in real time is demonstrated.
Identifying Vulnerabilities of Industrial Control Systems using Evolutionary Multiobjective Optimisation
TLDR
A novel methodology to assist in identifying vulnerabilities in a real-world complex heterogeneous industrial control systems (ICS) using two evolutionary multiobjective optimisation (EMO) algorithms, NSGA-II and SPEA2 is proposed.
...
1
2
...

References

SHOWING 1-10 OF 24 REFERENCES
Strategic evolution of adversaries against temporal platform diversity active cyber defenses
TLDR
This study develops a set of tools to model the adaptive strategy formulation of an intelligent actor against an active cyber defensive system, encoding strategies as binary chromosomes representing finite state machines that evolve according to Holland's genetic algorithm.
Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES)
TLDR
This paper proposes the Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES), a framework designed to coevolve attacker and defender agent strategies and evaluate potential solutions with a custom, abstract computer network defense simulation.
Investigating coevolutionary archive based genetic algorithms on cyber defense networks
We introduce a new cybersecurity project named RIVALS. RIVALS will assist in developing network defense strategies through modeling adversarial network attack and defense dynamics. RIVALS will focus
Quantifying the mission impact of network-level cyber defensive mitigations
TLDR
This paper examine network-level cyber defensive mitigations and quantify their impact on network security and mission performance and introduces a novel, unified metric for mitigation effectiveness that takes into account both of these perspectives and provides a single measurement that is convenient and easily accessible to security practitioners.
Security and Game Theory - Algorithms, Deployed Systems, Lessons Learned
TLDR
This book is claimed to be the first and only study of long-term deployed applications of game theory for security for key organizations such as the Los Angeles International Airport police and the U.S. Federal Air Marshals Service.
Controlling risk of data exfiltration in cyber networks due to stealthy propagating malware
TLDR
A stochastic model is used to represent changes in the state of the network and an upper bound on the total rate at which an optimal attacker can exfiltrate data from the network is derived, expressed in terms of several network parameters, when the detection rate is proportional to the outgoing data rate at each infected device.
Game theory for security: Key algorithmic principles, deployed systems, lessons learned
TLDR
Cast the problem as a Bayesian Stackelberg game, new algorithms are developed that are now deployed over multiple years in multiple applications for security scheduling, leading to real-world use-inspired research in the emerging research area of “security games”.
Malware Propagation in Large-Scale Networks
TLDR
A rigorous two layer epidemic model for malware propagation from network to network is established, and analysis indicates that the distribution of a given malware follows exponential distribution, power law distribution with a short exponential tail, and powerLaw distribution at its early, late and final stages, respectively.
Nonlinear system identification using coevolution of models and tests
TLDR
It is shown that the algorithm is able to successfully infer and/or manipulate highly nonlinear hidden systems using very few tests, and that the benefit of this approach increases as the hidden systems possess more degrees of freedom, or become more biased or unobservable.
Why Coevolution Doesn't "Work": Superiority and Progress in Coevolution
TLDR
By clearly defining and distinguishing between different types of progress, this paper identifies limitations with existing techniques and algorithms, address them, and generally facilitate discussion and understanding of coevolution.
...
1
2
3
...