-
Autonomous Intelligent Cyber-defense Agent: Introduction and Overview
Authors:
Alexander Kott
Abstract:
This chapter introduces the concept of Autonomous Intelligent Cyber-defense Agents (AICAs), and briefly explains the importance of this field and the motivation for its emergence. AICA is a software agent that resides on a system, and is responsible for defending the system from cyber compromises and enabling the response and recovery of the system, usually autonomously. The autonomy of the agent…
▽ More
This chapter introduces the concept of Autonomous Intelligent Cyber-defense Agents (AICAs), and briefly explains the importance of this field and the motivation for its emergence. AICA is a software agent that resides on a system, and is responsible for defending the system from cyber compromises and enabling the response and recovery of the system, usually autonomously. The autonomy of the agent is a necessity because of the growing scarcity of human cyber-experts who could defend systems, either remotely or onsite, and because sophisticated malware could degrade or spoof the communications of a system that uses a remote monitoring center. An AICA Reference Architecture has been proposed and defines five main functions: (1) sensing and world state identification, (2) planning and action selection, (3) collaboration and negotiation, (4) action execution and (5) learning and knowledge improvement. The chapter reviews the details of AICA's environment, functions and operations. As AICA is intended to make changes within its environment, there is a risk that an agent's action could harm a friendly computer. This risk must be balanced against the losses that could occur if the agent does not act. The chapter discusses means by which this risk can be managed and how AICA's design features could help build trust among its users.
△ Less
Submitted 24 April, 2023;
originally announced April 2023.
-
Quantitative Measurement of Cyber Resilience: Modeling and Experimentation
Authors:
Michael J. Weisman,
Alexander Kott,
Jason E. Ellis,
Brian J. Murphy,
Travis W. Parker,
Sidney Smith,
Joachim Vandekerckhove
Abstract:
Cyber resilience is the ability of a system to resist and recover from a cyber attack, thereby restoring the system's functionality. Effective design and development of a cyber resilient system requires experimental methods and tools for quantitative measuring of cyber resilience. This paper describes an experimental method and test bed for obtaining resilience-relevant data as a system (in our ca…
▽ More
Cyber resilience is the ability of a system to resist and recover from a cyber attack, thereby restoring the system's functionality. Effective design and development of a cyber resilient system requires experimental methods and tools for quantitative measuring of cyber resilience. This paper describes an experimental method and test bed for obtaining resilience-relevant data as a system (in our case -- a truck) traverses its route, in repeatable, systematic experiments. We model a truck equipped with an autonomous cyber-defense system and which also includes inherent physical resilience features. When attacked by malware, this ensemble of cyber-physical features (i.e., "bonware") strives to resist and recover from the performance degradation caused by the malware's attack. We propose parsimonious mathematical models to aid in quantifying systems' resilience to cyber attacks. Using the models, we identify quantitative characteristics obtainable from experimental data, and show that these characteristics can serve as useful quantitative measures of cyber resilience.
△ Less
Submitted 28 March, 2023;
originally announced March 2023.
-
An Experimentation Infrastructure for Quantitative Measurements of Cyber Resilience
Authors:
Jason E. Ellis,
Travis W. Parker,
Joachim Vandekerckhove,
Brian J. Murphy,
Sidney Smith,
Alexander Kott,
Michael J. Weisman
Abstract:
The vulnerability of cyber-physical systems to cyber attack is well known, and the requirement to build cyber resilience into these systems has been firmly established. The key challenge this paper addresses is that maturing this discipline requires the development of techniques, tools, and processes for objectively, rigorously, and quantitatively measuring the attributes of cyber resilience. Rese…
▽ More
The vulnerability of cyber-physical systems to cyber attack is well known, and the requirement to build cyber resilience into these systems has been firmly established. The key challenge this paper addresses is that maturing this discipline requires the development of techniques, tools, and processes for objectively, rigorously, and quantitatively measuring the attributes of cyber resilience. Researchers and program managers need to be able to determine if the implementation of a resilience solution actually increases the resilience of the system. In previous work, a table top exercise was conducted using a notional heavy vehicle on a fictitious military mission while under a cyber attack. While this exercise provided some useful data, more and higher fidelity data is required to refine the measurement methodology. This paper details the efforts made to construct a cost-effective experimentation infrastructure to provide such data. It also presents a case study using some of the data generated by the infrastructure.
△ Less
Submitted 15 February, 2023;
originally announced February 2023.
-
Piecewise Linear and Stochastic Models for the Analysis of Cyber Resilience
Authors:
Michael J. Weisman,
Alexander Kott,
Joachim Vandekerckhove
Abstract:
We model a vehicle equipped with an autonomous cyber-defense system in addition to its inherent physical resilience features. When attacked, this ensemble of cyber-physical features (i.e., ``bonware'') strives to resist and recover from the performance degradation caused by the malware's attack. We model the underlying differential equations governing such attacks for piecewise linear characteriza…
▽ More
We model a vehicle equipped with an autonomous cyber-defense system in addition to its inherent physical resilience features. When attacked, this ensemble of cyber-physical features (i.e., ``bonware'') strives to resist and recover from the performance degradation caused by the malware's attack. We model the underlying differential equations governing such attacks for piecewise linear characterizations of malware and bonware, develop a discrete time stochastic model, and show that averages of instantiations of the stochastic model approximate solutions to the continuous differential equation. We develop a theory and methodology for approximating the parameters associated with these equations.
△ Less
Submitted 16 February, 2023; v1 submitted 9 February, 2023;
originally announced February 2023.
-
Mathematical Modeling of Cyber Resilience
Authors:
Alexander Kott,
Michael J. Weisman,
Joachim Vandekerckhove
Abstract:
We identify quantitative characteristics of responses to cyber compromises that can be learned from repeatable, systematic experiments. We model a vehicle equipped with an autonomous cyber-defense system and which also has some inherent physical resilience features. When attacked by malware, this ensemble of cyber-physical features (i.e., "bonware") strives to resist and recover from the performan…
▽ More
We identify quantitative characteristics of responses to cyber compromises that can be learned from repeatable, systematic experiments. We model a vehicle equipped with an autonomous cyber-defense system and which also has some inherent physical resilience features. When attacked by malware, this ensemble of cyber-physical features (i.e., "bonware") strives to resist and recover from the performance degradation caused by the malware's attack. We propose parsimonious continuous models, and develop stochastic models to aid in quantifying systems' resilience to cyber attacks.
△ Less
Submitted 27 February, 2023; v1 submitted 8 February, 2023;
originally announced February 2023.
-
Cyber Resilience: by Design or by Intervention?
Authors:
Alexander Kott,
Maureen S. Golan,
Benjamin D. Trump,
Igor Linkov
Abstract:
The term "cyber resilience by design" is growing in popularity. Here, by cyber resilience we refer to the ability of the system to resist, minimize and mitigate a degradation caused by a successful cyber-attack on a system or network of computing and communicating devices. Some use the term "by design" when arguing that systems must be designed and implemented in a provable mission assurance fashi…
▽ More
The term "cyber resilience by design" is growing in popularity. Here, by cyber resilience we refer to the ability of the system to resist, minimize and mitigate a degradation caused by a successful cyber-attack on a system or network of computing and communicating devices. Some use the term "by design" when arguing that systems must be designed and implemented in a provable mission assurance fashion, with the system's intrinsic properties ensuring that a cyber-adversary is unable to cause a meaningful degradation. Others recommend that a system should include a built-in autonomous intelligent agent responsible for thinking and acting towards continuous observation, detection, minimization and remediation of a cyber degradation. In all cases, the qualifier "by design" indicates that the source of resilience is somehow inherent in the structure and operation of the system. But what, then, is the other resilience, not by design? Clearly, there has to be another type of resilience, otherwise what's the purpose of the qualifier "by design"? Indeed, while mentioned less frequently, there exists an alternative form of resilience called "resilience by intervention." In this article we explore differences and mutual reliance of resilience by design and resilience by intervention.
△ Less
Submitted 26 January, 2022;
originally announced January 2022.
-
Autonomous Cyber Defense Introduces Risk: Can We Manage the Risk?
Authors:
Alexandre K. Ligo,
Alexander Kott,
Igor Linkov
Abstract:
From denial-of-service attacks to spreading of ransomware or other malware across an organization's network, it is possible that manually operated defenses are not able to respond in real time at the scale required, and when a breach is detected and remediated the damage is already made. Autonomous cyber defenses therefore become essential to mitigate the risk of successful attacks and their damag…
▽ More
From denial-of-service attacks to spreading of ransomware or other malware across an organization's network, it is possible that manually operated defenses are not able to respond in real time at the scale required, and when a breach is detected and remediated the damage is already made. Autonomous cyber defenses therefore become essential to mitigate the risk of successful attacks and their damage, especially when the response time, effort and accuracy required in those defenses is impractical or impossible through defenses operated exclusively by humans. Autonomous agents have the potential to use ML with large amounts of data about known cyberattacks as input, in order to learn patterns and predict characteristics of future attacks. Moreover, learning from past and present attacks enable defenses to adapt to new threats that share characteristics with previous attacks. On the other hand, autonomous cyber defenses introduce risks of unintended harm. Actions arising from autonomous defense agents may have harmful consequences of functional, safety, security, ethical, or moral nature. Here we focus on machine learning training, algorithmic feedback, and algorithmic constraints, with the aim of motivating a discussion on achieving trust in autonomous cyber defenses.
△ Less
Submitted 26 January, 2022;
originally announced January 2022.
-
Cybertrust: From Explainable to Actionable and Interpretable AI (AI2)
Authors:
Stephanie Galaitsi,
Benjamin D. Trump,
Jeffrey M. Keisler,
Igor Linkov,
Alexander Kott
Abstract:
To benefit from AI advances, users and operators of AI systems must have reason to trust it. Trust arises from multiple interactions, where predictable and desirable behavior is reinforced over time. Providing the system's users with some understanding of AI operations can support predictability, but forcing AI to explain itself risks constraining AI capabilities to only those reconcilable with hu…
▽ More
To benefit from AI advances, users and operators of AI systems must have reason to trust it. Trust arises from multiple interactions, where predictable and desirable behavior is reinforced over time. Providing the system's users with some understanding of AI operations can support predictability, but forcing AI to explain itself risks constraining AI capabilities to only those reconcilable with human cognition. We argue that AI systems should be designed with features that build trust by bringing decision-analytic perspectives and formal tools into AI. Instead of trying to achieve explainable AI, we should develop interpretable and actionable AI. Actionable and Interpretable AI (AI2) will incorporate explicit quantifications and visualizations of user confidence in AI recommendations. In doing so, it will allow examining and testing of AI system predictions to establish a basis for trust in the systems' decision making and ensure broad benefits from deploying and advancing its computational capabilities.
△ Less
Submitted 26 January, 2022;
originally announced January 2022.
-
Doers, not Watchers: Intelligent Autonomous Agents are a Path to Cyber Resilience
Authors:
Alexander Kott,
Paul Theron
Abstract:
Today's cyber defense tools are mostly watchers. They are not active doers. To be sure, watching too is a demanding affair. These tools monitor the traffic and events; they detect malicious signatures, patterns and anomalies; they might classify and characterize what they observe; they issue alerts, and they might even learn while doing all this. But they don't act. They do little to plan and exec…
▽ More
Today's cyber defense tools are mostly watchers. They are not active doers. To be sure, watching too is a demanding affair. These tools monitor the traffic and events; they detect malicious signatures, patterns and anomalies; they might classify and characterize what they observe; they issue alerts, and they might even learn while doing all this. But they don't act. They do little to plan and execute responses to attacks, and they don't plan and execute recovery activities. Response and recovery - core elements of cyber resilience are left to the human cyber analysts, incident responders and system administrators. We believe things should change. Cyber defense tools should not be merely watchers. They need to become doers - active fighters in maintaining a system's resilience against cyber threats. This means that their capabilities should include a significant degree of autonomy and intelligence for the purposes of rapid response to a compromise - either incipient or already successful - and rapid recovery that aids the resilience of the overall system. Often, the response and recovery efforts need to be undertaken in absence of any human involvement, and with an intelligent consideration of risks and ramifications of such efforts. Recently an international team published a report that proposes a vision of an autonomous intelligent cyber defense agent (AICA) and offers a high-level reference architecture of such an agent. In this paper we explore this vision.
△ Less
Submitted 26 January, 2022;
originally announced January 2022.
-
On games and simulators as a platform for development of artificial intelligence for command and control
Authors:
Vinicius G. Goecks,
Nicholas Waytowich,
Derrik E. Asher,
Song Jun Park,
Mark Mittrick,
John Richardson,
Manuel Vindiola,
Anne Logie,
Mark Dennison,
Theron Trout,
Priya Narayanan,
Alexander Kott
Abstract:
Games and simulators can be a valuable platform to execute complex multi-agent, multiplayer, imperfect information scenarios with significant parallels to military applications: multiple participants manage resources and make decisions that command assets to secure specific areas of a map or neutralize opposing forces. These characteristics have attracted the artificial intelligence (AI) community…
▽ More
Games and simulators can be a valuable platform to execute complex multi-agent, multiplayer, imperfect information scenarios with significant parallels to military applications: multiple participants manage resources and make decisions that command assets to secure specific areas of a map or neutralize opposing forces. These characteristics have attracted the artificial intelligence (AI) community by supporting development of algorithms with complex benchmarks and the capability to rapidly iterate over new ideas. The success of artificial intelligence algorithms in real-time strategy games such as StarCraft II have also attracted the attention of the military research community aiming to explore similar techniques in military counterpart scenarios. Aiming to bridge the connection between games and military applications, this work discusses past and current efforts on how games and simulators, together with the artificial intelligence algorithms, have been adapted to simulate certain aspects of military missions and how they might impact the future battlefield. This paper also investigates how advances in virtual reality and visual augmentation systems open new possibilities in human interfaces with gaming platforms and their military parallels.
△ Less
Submitted 21 October, 2021;
originally announced October 2021.
-
To Improve Cyber Resilience, Measure It
Authors:
Alexander Kott,
Igor Linkov
Abstract:
We are not very good at measuring -- rigorously and quantitatively -- the cyber security of systems. Our ability to measure cyber resilience is even worse. And without measuring cyber resilience, we can neither improve it nor trust its efficacy. It is difficult to know if we are improving or degrading cyber resilience when we add another control, or a mix of controls, to harden the system. The onl…
▽ More
We are not very good at measuring -- rigorously and quantitatively -- the cyber security of systems. Our ability to measure cyber resilience is even worse. And without measuring cyber resilience, we can neither improve it nor trust its efficacy. It is difficult to know if we are improving or degrading cyber resilience when we add another control, or a mix of controls, to harden the system. The only way to know is to specifically measure cyber resilience with and without a particular set of controls. What needs to be measured are temporal patterns of recovery and adaptation, and not time-independent failure probabilities. In this paper, we offer a set of criteria that would ensure decision-maker confidence in the reliability of the methodology used in obtaining a meaningful measurement.
△ Less
Submitted 18 February, 2021;
originally announced February 2021.
-
How to Measure Cyber Resilience of an Autonomous Agent: Approaches and Challenges
Authors:
Alexandre Ligo,
Alexander Kott,
Igor Linkov
Abstract:
Several approaches have been used to assess the performance of cyberphysical systems and their exposure to various types of risks. Such assessments have become increasingly important as autonomous attackers ramp up the frequency, duration and intensity of threats while autonomous agents have the potential to respond to cyber-attacks with unprecedented speed and scale. However, most assessment appr…
▽ More
Several approaches have been used to assess the performance of cyberphysical systems and their exposure to various types of risks. Such assessments have become increasingly important as autonomous attackers ramp up the frequency, duration and intensity of threats while autonomous agents have the potential to respond to cyber-attacks with unprecedented speed and scale. However, most assessment approaches have limitations with respect to measuring cyber resilience, or the ability of systems to absorb, recover from, and adapt to cyberattacks. In this paper, we provide an overview of several common approaches, discuss practical challenges and propose research directions for the development of effective cyber resilience measures.
△ Less
Submitted 31 January, 2021;
originally announced February 2021.
-
When Autonomous Intelligent Goodware will Fight Autonomous Intelligent Malware: A Possible Future of Cyber Defense
Authors:
Paul Théron,
Alexander Kott
Abstract:
In the coming years, the future of military combat will include, on one hand, artificial intelligence-optimized complex command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) and networks and, on the other hand, autonomous intelligent Things fighting autonomous intelligent Things at a fast pace. Under this perspective, enemy forces will seek to disable o…
▽ More
In the coming years, the future of military combat will include, on one hand, artificial intelligence-optimized complex command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) and networks and, on the other hand, autonomous intelligent Things fighting autonomous intelligent Things at a fast pace. Under this perspective, enemy forces will seek to disable or disturb our autonomous Things and our complex infrastructures and systems. Autonomy, scale and complexity in our defense systems will trigger new cyber-attack strategies, and autonomous intelligent malware (AIM) will be part of the picture. Should these cyber-attacks succeed while human operators remain unaware or unable to react fast enough due to the speed, scale or complexity of the mission, systems or attacks, missions would fail, our networks and C4ISR would be heavily disrupted, and command and control would be disabled. New cyber-defense doctrines and technologies are therefore required. Autonomous cyber defense (ACyD) is a new field of research and technology driven by the defense sector in anticipation of such threats to future military infrastructures, systems and operations. It will be implemented via swarms of autonomous intelligent cyber-defense agents (AICAs) that will fight AIM within our networks and systems. This paper presents this cyber-defense technology of the future, the current state of the art in this field and its main challenges. First, we review the rationale of the ACyD concept and its associated AICA technology. Then, we present the current research results from NATO's IST-152 Research Task Group on the AICA Reference Architecture. We then develop the 12 main technological challenges that must be resolved in the coming years, besides ethical and political issues.
△ Less
Submitted 25 November, 2019;
originally announced December 2019.
-
Discovering a Regularity: the Case of An 800-year Law of Advances in Small-Arms Technologies
Authors:
Alexander Kott,
Philip Perconti,
Nandi Leslie
Abstract:
Considering a broad family of technologies where a measure of performance (MoP) is difficult or impossible to formulate, we seek an alternative measure that exhibits a regular pattern of evolution over time, similar to how a MoP may follow a Moore's law. In an empirical case study, we explore an approach to identifying such a composite measure called a Figure of Regularity (FoR). We use the propos…
▽ More
Considering a broad family of technologies where a measure of performance (MoP) is difficult or impossible to formulate, we seek an alternative measure that exhibits a regular pattern of evolution over time, similar to how a MoP may follow a Moore's law. In an empirical case study, we explore an approach to identifying such a composite measure called a Figure of Regularity (FoR). We use the proposed approach to identify a novel FoR for diverse classes of small arms - bows, crossbows, harquebuses, muskets, rifles, repeaters, and assault rifles - and show that this FoR agrees well with the empirical data. We identify a previously unreported regular trend in the FoR of an exceptionally long duration - from approximately 1200 CE to the present - and discuss how research managers can analyze long-term trends in conjunction with a portfolio of research directions.
△ Less
Submitted 9 August, 2019;
originally announced August 2019.
-
Features and Operation of an Autonomous Agent for Cyber Defense
Authors:
Michael J. De Lucia,
Allison Newcomb,
Alexander Kott
Abstract:
An ever increasing number of battlefield devices that are capable of collecting, processing, storing, and communicating information are rapidly becoming interconnected. The staggering number of connected devices on the battlefield greatly increases the possibility that an adversary could find ways to exploit hardware or software vulnerabilities, degrading or denying Warfighters the assured and sec…
▽ More
An ever increasing number of battlefield devices that are capable of collecting, processing, storing, and communicating information are rapidly becoming interconnected. The staggering number of connected devices on the battlefield greatly increases the possibility that an adversary could find ways to exploit hardware or software vulnerabilities, degrading or denying Warfighters the assured and secure use of those devices. Autonomous software agents will become necessities to manage, defend, and react to cyber threats in the future battlespace. The number of connected devices increases disproportionately to the number of cyber experts that could be available within an operational environment. In this paper, an autonomous agent capability and a scenario of how it could operate are proposed. The goal of develo** such capability is to increase the security posture of the Internet of Battlefield Things and meet the challenges of an increasingly complex battlefield. This paper describes an illustrative scenario in a notional use case and discusses the challenges associated with such autonomous agents. We conclude by offering ideas for potential research into develo** autonomous agents suitable for cyber defense in a battlefield environment.
△ Less
Submitted 13 May, 2019;
originally announced May 2019.
-
Intelligent Autonomous Things on the Battlefield
Authors:
Alexander Kott,
Ethan Stump
Abstract:
Numerous, artificially intelligent, networked things will populate the battlefield of the future, operating in close collaboration with human warfighters, and fighting as teams in highly adversarial environments. This chapter explores the characteristics, capabilities and intelli-gence required of such a network of intelligent things and humans - Internet of Battle Things (IOBT). The IOBT will exp…
▽ More
Numerous, artificially intelligent, networked things will populate the battlefield of the future, operating in close collaboration with human warfighters, and fighting as teams in highly adversarial environments. This chapter explores the characteristics, capabilities and intelli-gence required of such a network of intelligent things and humans - Internet of Battle Things (IOBT). The IOBT will experience unique challenges that are not yet well addressed by the current generation of AI and machine learning.
△ Less
Submitted 26 February, 2019;
originally announced February 2019.
-
Statistical Models for the Number of Successful Cyber Intrusions
Authors:
Nandi O. Leslie,
Richard E. Harang,
Lawrence P. Knachel,
Alexander Kott
Abstract:
We propose several generalized linear models (GLMs) to predict the number of successful cyber intrusions (or "intrusions") into an organization's computer network, where the rate at which intrusions occur is a function of the following observable characteristics of the organization: (i) domain name server (DNS) traffic classified by their top-level domains (TLDs); (ii) the number of network securi…
▽ More
We propose several generalized linear models (GLMs) to predict the number of successful cyber intrusions (or "intrusions") into an organization's computer network, where the rate at which intrusions occur is a function of the following observable characteristics of the organization: (i) domain name server (DNS) traffic classified by their top-level domains (TLDs); (ii) the number of network security policy violations; and (iii) a set of predictors that we collectively call "cyber footprint" that is comprised of the number of hosts on the organization's network, the organization's similarity to educational institution behavior (SEIB), and its number of records on scholar.google.com (ROSG). In addition, we evaluate the number of intrusions to determine whether these events follow a Poisson or negative binomial (NB) probability distribution. We reveal that the NB GLM provides the best fit model for the observed count data, number of intrusions per organization, because the NB model allows the variance of the count data to exceed the mean. We also show that there are restricted and simpler NB regression models that omit selected predictors and improve the goodness-of-fit of the NB GLM for the observed data. With our model simulations, we identify certain TLDs in the DNS traffic as having significant impact on the number of intrusions. In addition, we use the models and regression results to conclude that the number of network security policy violations are consistently predictive of the number of intrusions.
△ Less
Submitted 14 January, 2019;
originally announced January 2019.
-
Intelligent Autonomous Agents are Key to Cyber Defense of the Future Army Networks
Authors:
Alexander Kott
Abstract:
Intelligent autonomous agents will be widely present on the battlefield of the future. The proliferation of intelligent agents is the emerging reality of warfare, and they will form an ever growing fraction of total military assets. By necessity, intelligent autonomous cyber defense agents are likely to become primary cyber fighters on the future battlefield. Initial explorations have identified t…
▽ More
Intelligent autonomous agents will be widely present on the battlefield of the future. The proliferation of intelligent agents is the emerging reality of warfare, and they will form an ever growing fraction of total military assets. By necessity, intelligent autonomous cyber defense agents are likely to become primary cyber fighters on the future battlefield. Initial explorations have identified the key functions, components and their interactions for a potential reference architecture of such an agent. However, it is beyond the current state of AI to support an agent that could operate intelligently in an environment as complex as the real battlefield. A number of difficult challenges are yet to be overcome. At the same time, a growing body of research in Government and academia demonstrates promising steps towards solving some of the challenges. The industry is beginning to embrace approaches that may contribute to technologies of autonomous intelligent agents for cyber defense of the Army networks.
△ Less
Submitted 18 December, 2018;
originally announced December 2018.
-
Game-Theoretic Model and Experimental Investigation of Cyber Wargaming
Authors:
Edward Colbert,
Alexander Kott,
Lawrence Knachel
Abstract:
We demonstrate that game-theoretic calculations serve as a useful tool for assisting cyber wargaming teams in identifying useful strategies. We note a significant similarity between formulating cyber wargaming strategies and the methodology known in military practice as Course of Action (COA) generation. For scenarios in which the attacker must penetrate multiple layers in a defense-in-depth secur…
▽ More
We demonstrate that game-theoretic calculations serve as a useful tool for assisting cyber wargaming teams in identifying useful strategies. We note a significant similarity between formulating cyber wargaming strategies and the methodology known in military practice as Course of Action (COA) generation. For scenarios in which the attacker must penetrate multiple layers in a defense-in-depth security configuration, an accounting of attacker and defender costs and penetration probabilities provides cost-utility payoff matrices and penetration probability matrices. These can be used as decision tools by both the defender and attacker. Inspection of the matrices allows players to deduce preferred strategies (or COAs) based on game-theoretical equilibrium solutions. The matrices also help in analyzing anticipated effects of potential human-based choices of wargame strategies and counter-strategies. We describe a mathematical game-theoretic formalism and offer detailed analysis of a table-top cyber wargame executed at the US Army Research Laboratory. Our analysis shows how game-theoretical calculations can provide an effective tool for decision-making during cyber wargames.
△ Less
Submitted 27 September, 2018;
originally announced September 2018.
-
Long-Term Forecasts of Military Technologies for a 20-30 Year Horizon: An Empirical Assessment of Accuracy
Authors:
Alexander Kott,
Philip Perconti
Abstract:
During the 1990s, while exploring the impact of the collapse of the Soviet Union on developments in future warfare, a number of authors offered forecasts of military technology appearing by the year 2020. This paper offers a quantitative assessment of the accuracy of this group of forecasts. The overall accuracy - by several measures - was assessed as quite high, thereby pointing to the potential…
▽ More
During the 1990s, while exploring the impact of the collapse of the Soviet Union on developments in future warfare, a number of authors offered forecasts of military technology appearing by the year 2020. This paper offers a quantitative assessment of the accuracy of this group of forecasts. The overall accuracy - by several measures - was assessed as quite high, thereby pointing to the potential value of such forecasts in managing investments in long-term research and development. Major differences in accuracy, with strong statistical significance, were found between forecasts pertaining primarily to information acquisition and processing technologies, as opposed to technologies that aim primarily at physical effects. This paper also proposes several recommendations regarding methodological aspects of forecast accuracy assessments. Although the assessments were restricted to information available in open literature, the expert assessors did not find this constraint a significant detriment to the assessment process.
△ Less
Submitted 22 July, 2018;
originally announced July 2018.
-
Towards an Active, Autonomous and Intelligent Cyber Defense of Military Systems: the NATO AICA Reference Architecture
Authors:
Paul Theron,
Alexander Kott,
Martin Drašar,
Krzysztof Rzadca,
Benoît LeBlanc,
Mauno Pihelgas,
Luigi Mancini,
Agostino Panico
Abstract:
Within the future Global Information Grid, complex massively interconnected systems, isolated defense vehicles, sensors and effectors, and infrastructures and systems demanding extremely low failure rates, to which human security operators cannot have an easy access and cannot deliver fast enough reactions to cyber-attacks, need an active, autonomous and intelligent cyber defense. Multi Agent Syst…
▽ More
Within the future Global Information Grid, complex massively interconnected systems, isolated defense vehicles, sensors and effectors, and infrastructures and systems demanding extremely low failure rates, to which human security operators cannot have an easy access and cannot deliver fast enough reactions to cyber-attacks, need an active, autonomous and intelligent cyber defense. Multi Agent Systems for Cyber Defense may provide an answer to this requirement. This paper presents the concept and architecture of an Autonomous Intelligent Cyber defense Agent (AICA). First, we describe the rationale of the AICA concept. Secondly, we explain the methodology and purpose that drive the definition of the AICA Reference Architecture (AICARA) by NATO's IST-152 Research and Technology Group. Thirdly, we review some of the main features and challenges of Multi Autonomous Intelligent Cyber defense Agent (MAICA). Fourthly, we depict the initially assumed AICA Reference Architecture. Then we present one of our preliminary research issues, assumptions and ideas. Finally, we present the future lines of research that will help develop and test the AICA / MAICA concept.
△ Less
Submitted 7 June, 2018;
originally announced June 2018.
-
Towards a Reconceptualisation of Cyber Risk: An Empirical and Ontological Study
Authors:
Alessandro Oltramari,
Alexander Kott
Abstract:
The prominence and use of the concept of cyber risk has been rising in recent years. This paper presents empirical investigations focused on two important and distinct groups within the broad community of cyber-defense professionals and researchers: (1) cyber practitioners and (2) developers of cyber ontologies. The key finding of this work is that the ways the concept of cyber risk is treated by…
▽ More
The prominence and use of the concept of cyber risk has been rising in recent years. This paper presents empirical investigations focused on two important and distinct groups within the broad community of cyber-defense professionals and researchers: (1) cyber practitioners and (2) developers of cyber ontologies. The key finding of this work is that the ways the concept of cyber risk is treated by practitioners of cybersecurity is largely inconsistent with definitions of cyber risk commonly offered in the literature. Contrary to commonly cited definitions of cyber risk, concepts such as the likelihood of an event and the extent of its impact are not used by cybersecurity practitioners. This is also the case for use of these concepts in the current generation of cybersecurity ontologies. Instead, terms and concepts reflective of the adversarial nature of cyber defense appear to take the most prominent roles. This research offers the first quantitative empirical evidence that rejection of traditional concepts of cyber risk by cybersecurity professionals is indeed observed in real-world practice.
△ Less
Submitted 21 June, 2018;
originally announced June 2018.
-
Fundamental Concepts of Cyber Resilience: Introduction and Overview
Authors:
Igor Linkov,
Alexander Kott
Abstract:
Given the rapid evolution of threats to cyber systems, new management approaches are needed that address risk across all interdependent domains (i.e., physical, information, cognitive, and social) of cyber systems. Further, the traditional approach of hardening of cyber systems against identified threats has proven to be impossible. Therefore, in the same way that biological systems develop immuni…
▽ More
Given the rapid evolution of threats to cyber systems, new management approaches are needed that address risk across all interdependent domains (i.e., physical, information, cognitive, and social) of cyber systems. Further, the traditional approach of hardening of cyber systems against identified threats has proven to be impossible. Therefore, in the same way that biological systems develop immunity as a way to respond to infections and other attacks, so too must cyber systems adapt to ever-changing threats that continue to attack vital system functions, and to bounce back from the effects of the attacks. Here, we explain the basic concepts of resilience in the context of systems, discuss related properties, and make business case of cyber resilience. We also offer a brief summary of ways to assess cyber resilience of a system, and approaches to improving cyber resilience.
△ Less
Submitted 7 June, 2018;
originally announced June 2018.
-
Approaches to Enhancing Cyber Resilience: Report of the North Atlantic Treaty Organization (NATO) Workshop IST-153
Authors:
Alexander Kott,
Benjamin Blakely,
Diane Henshel,
Gregory Wehner,
James Rowell,
Nathaniel Evans,
Luis Muñoz-González,
Nandi Leslie,
Donald W French,
Donald Woodard,
Kerry Krutilla,
Amanda Joyce,
Igor Linkov,
Carmen Mas-Machuca,
Janos Sztipanovits,
Hugh Harney,
Dennis Kergl,
Perri Nejib,
Edward Yakabovicz,
Steven Noel,
Tim Dudman,
Pierre Trepagnier,
Sowdagar Badesha,
Alfred Møller
Abstract:
This report summarizes the discussions and findings of the 2017 North Atlantic Treaty Organization (NATO) Workshop, IST-153, on Cyber Resilience, held in Munich, Germany, on 23-25 October 2017, at the University of Bundeswehr. Despite continual progress in managing risks in the cyber domain, anticipation and prevention of all possible attacks and malfunctions are not feasible for the current or fu…
▽ More
This report summarizes the discussions and findings of the 2017 North Atlantic Treaty Organization (NATO) Workshop, IST-153, on Cyber Resilience, held in Munich, Germany, on 23-25 October 2017, at the University of Bundeswehr. Despite continual progress in managing risks in the cyber domain, anticipation and prevention of all possible attacks and malfunctions are not feasible for the current or future systems comprising the cyber infrastructure. Therefore, interest in cyber resilience (as opposed to merely risk-based approaches) is increasing rapidly, in literature and in practice. Unlike concepts of risk or robustness - which are often and incorrectly conflated with resilience - resiliency refers to the system's ability to recover or regenerate its performance to a sufficient level after an unexpected impact produces a degradation of its performance. The exact relation among resilience, risk, and robustness has not been well articulated technically. The presentations and discussions at the workshop yielded this report. It focuses on the following topics that the participants of the workshop saw as particularly important: fundamental properties of cyber resilience; approaches to measuring and modeling cyber resilience; mission modeling for cyber resilience; systems engineering for cyber resilience, and dynamic defense as a path toward cyber resilience.
△ Less
Submitted 20 April, 2018;
originally announced April 2018.
-
Toward Intelligent Autonomous Agents for Cyber Defense: Report of the 2017 Workshop by the North Atlantic Treaty Organization (NATO) Research Group IST-152-RTG
Authors:
Alexander Kott,
Ryan Thomas,
Martin Drašar,
Markus Kont,
Alex Poylisher,
Benjamin Blakely,
Paul Theron,
Nathaniel Evans,
Nandi Leslie,
Rajdeep Singh,
Maria Rigaki,
S Jay Yang,
Benoit LeBlanc,
Paul Losiewicz,
Sylvain Hourlier,
Misty Blowers,
Hugh Harney,
Gregory Wehner,
Alessandro Guarino,
Jana Komárková,
James Rowell
Abstract:
This report summarizes the discussions and findings of the Workshop on Intelligent Autonomous Agents for Cyber Defence and Resilience organized by the NATO research group IST-152-RTG. The workshop was held in Prague, Czech Republic, on 18-20 October 2017. There is a growing recognition that future cyber defense should involve extensive use of partially autonomous agents that actively patrol the fr…
▽ More
This report summarizes the discussions and findings of the Workshop on Intelligent Autonomous Agents for Cyber Defence and Resilience organized by the NATO research group IST-152-RTG. The workshop was held in Prague, Czech Republic, on 18-20 October 2017. There is a growing recognition that future cyber defense should involve extensive use of partially autonomous agents that actively patrol the friendly network, and detect and react to hostile activities rapidly (far faster than human reaction time), before the hostile malware is able to inflict major damage, evade friendly agents, or destroy friendly agents. This requires cyber-defense agents with a significant degree of intelligence, autonomy, self-learning, and adaptability. The report focuses on the following questions: In what computing and tactical environments would such an agent operate? What data would be available for the agent to observe or ingest? What actions would the agent be able to take? How would such an agent plan a complex course of actions? Would the agent learn from its experiences, and how? How would the agent collaborate with humans? How can we ensure that the agent will not take undesirable destructive actions? Is it possible to help envision such an agent with a simple example?
△ Less
Submitted 20 April, 2018;
originally announced April 2018.
-
Challenges and Characteristics of Intelligent Autonomy for Internet of Battle Things in Highly Adversarial Environments
Authors:
Alexander Kott
Abstract:
Numerous, artificially intelligent, networked things will populate the battlefield of the future, operating in close collaboration with human warfighters, and fighting as teams in highly adversarial environments. This paper explores the characteristics, capabilities and intelligence required of such a network of intelligent things and humans - Internet of Battle Things (IOBT). It will experience u…
▽ More
Numerous, artificially intelligent, networked things will populate the battlefield of the future, operating in close collaboration with human warfighters, and fighting as teams in highly adversarial environments. This paper explores the characteristics, capabilities and intelligence required of such a network of intelligent things and humans - Internet of Battle Things (IOBT). It will experience unique challenges that are not yet well addressed by the current generation of AI and machine learning.
△ Less
Submitted 13 April, 2018; v1 submitted 20 March, 2018;
originally announced March 2018.
-
Autonomous Intelligent Cyber-defense Agent (AICA) Reference Architecture. Release 2.0
Authors:
Alexander Kott,
Paul Théron,
Martin Drašar,
Edlira Dushku,
Benoît LeBlanc,
Paul Losiewicz,
Alessandro Guarino,
Luigi Mancini,
Agostino Panico,
Mauno Pihelgas,
Krzysztof Rzadca,
Fabio De Gaspari
Abstract:
This report - a major revision of its previous release - describes a reference architecture for intelligent software agents performing active, largely autonomous cyber-defense actions on military networks of computing and communicating devices. The report is produced by the North Atlantic Treaty Organization (NATO) Research Task Group (RTG) IST-152 "Intelligent Autonomous Agents for Cyber Defense…
▽ More
This report - a major revision of its previous release - describes a reference architecture for intelligent software agents performing active, largely autonomous cyber-defense actions on military networks of computing and communicating devices. The report is produced by the North Atlantic Treaty Organization (NATO) Research Task Group (RTG) IST-152 "Intelligent Autonomous Agents for Cyber Defense and Resilience". In a conflict with a technically sophisticated adversary, NATO military tactical networks will operate in a heavily contested battlefield. Enemy software cyber agents - malware - will infiltrate friendly networks and attack friendly command, control, communications, computers, intelligence, surveillance, and reconnaissance and computerized weapon systems. To fight them, NATO needs artificial cyber hunters - intelligent, autonomous, mobile agents specialized in active cyber defense. With this in mind, in 2016, NATO initiated RTG IST-152. Its objective has been to help accelerate the development and transition to practice of such software agents by producing a reference architecture and technical roadmap. This report presents the concept and architecture of an Autonomous Intelligent Cyber-defense Agent (AICA). We describe the rationale of the AICA concept, explain the methodology and purpose that drive the definition of the AICA Reference Architecture, and review some of the main features and challenges of AICAs.
△ Less
Submitted 22 March, 2023; v1 submitted 28 March, 2018;
originally announced March 2018.
-
The Internet of Battle Things
Authors:
Alexander Kott,
Ananthram Swami,
Bruce J West
Abstract:
The battlefield of the future will be densely populated by a variety of entities ("things") -- some intelligent and some only marginally so -- performing a broad range of tasks: sensing, communicating, acting, and collaborating with each other and human warfighters. We call this the Internet of Battle Things, IoBT. In some ways, IoBT is already becoming a reality, but 20-30 years from now it is li…
▽ More
The battlefield of the future will be densely populated by a variety of entities ("things") -- some intelligent and some only marginally so -- performing a broad range of tasks: sensing, communicating, acting, and collaborating with each other and human warfighters. We call this the Internet of Battle Things, IoBT. In some ways, IoBT is already becoming a reality, but 20-30 years from now it is likely to become a dominant presence in warfare. To become a reality, however, this bold vision will have to overcome a number of major challenges. As one example of such a challenge, the communications among things will have to be flexible and adaptive to rapidly changing situations and military missions. In this paper, we explore this and several other major challenges of IoBT, and outline key research directions and approaches towards solving these challenges.
△ Less
Submitted 24 December, 2017;
originally announced December 2017.
-
How do you Command an Army of Intelligent Things?
Authors:
Alexander Kott,
David Alberts
Abstract:
Within a decade, probably less, we will need to find ways to work effectively with ever growing numbers of intelligent things, including robots and intelligent agents. The networked workforce of the near future will thus consist of not only interconnected and interdependent humans but also of intelligent things. This raises a number of challenging issues, none more compelling and urgent than findi…
▽ More
Within a decade, probably less, we will need to find ways to work effectively with ever growing numbers of intelligent things, including robots and intelligent agents. The networked workforce of the near future will thus consist of not only interconnected and interdependent humans but also of intelligent things. This raises a number of challenging issues, none more compelling and urgent than finding an answer to the question "How to manage this new organizational form?" We consider these issues in a particularly challenging domain of human endeavor -- warfare. Command and Control (C2) is the term applied to management or governance of military organizations and endeavors. We consider how human and other intelligent entities can best contribute to ensuring that the decision makers, whether human or machine, have the information they require and make good use of this information to accomplish C2 functions. Commanders or managers of mixed human-thing organizations will face several challenges that the discussion above has highlighted. Things are challenged in a number of areas and will need humans to provide these capabilities. These include their ability to explain, build trust, bond, understand personal agendas, emotions, politics, and negotiate. Things and people both to some extent have difficulty anticipating and co** with the unusual and unexpected and to think of out-of-the-box solutions.
△ Less
Submitted 24 December, 2017;
originally announced December 2017.
-
Approaches to Modeling the Impact of Cyber Attacks on a Mission
Authors:
Alexander Kott,
Mona Lange,
Jackson Ludwig
Abstract:
The success of a business mission is highly dependent on the Communications and Information Systems (CIS) that support the mission. Mission Impact Assessment (MIA) seeks to assist the integration of business or military operations with cyber defense, particularly in bridging the cognitive gap between operational decision-makers and cyber defenders. Recent years have seen a growing interest in mode…
▽ More
The success of a business mission is highly dependent on the Communications and Information Systems (CIS) that support the mission. Mission Impact Assessment (MIA) seeks to assist the integration of business or military operations with cyber defense, particularly in bridging the cognitive gap between operational decision-makers and cyber defenders. Recent years have seen a growing interest in model-driven approaches to MIA. Such approaches involve construction and simulation of models of the mission, systems, and attack scenarios in order to understand an attack's impact, including its nature, dependencies involved, and the extent of consequences. This paper discusses representative examples of recent research on model-driven approach to MIA, highlights its potential value and cautions about serious remaining challenges.
△ Less
Submitted 11 October, 2017;
originally announced October 2017.
-
Cyber-Physical War Gaming
Authors:
E. J. M. Colbert,
D. T. Sullivan,
A Kott
Abstract:
This paper presents general strategies for cyber war gaming of Cyber-Physical Systems (CPSs) that are used for cyber security research at the U.S. Army Research Laboratory (ARL). Since Supervisory Control and Data Acquisition (SCADA) and other CPSs are operational systems, it is difficult or impossible to perform security experiments on actual systems. The authors describe how table-top strategy s…
▽ More
This paper presents general strategies for cyber war gaming of Cyber-Physical Systems (CPSs) that are used for cyber security research at the U.S. Army Research Laboratory (ARL). Since Supervisory Control and Data Acquisition (SCADA) and other CPSs are operational systems, it is difficult or impossible to perform security experiments on actual systems. The authors describe how table-top strategy sessions and realistic, live CPS war games are conducted at ARL. They also discuss how the recorded actions of the war game activity can be used to test and validate cyber-defence models, such as game-theoretic security models.
△ Less
Submitted 24 August, 2017;
originally announced August 2017.
-
Burstiness of Intrusion Detection Process: Empirical Evidence and a Modeling Approach
Authors:
Richard Harang,
Alexander Kott
Abstract:
We analyze sets of intrusion detection records observed on the networks of several large, nonresidential organizations protected by a form of intrusion detection and prevention service. Our analyses reveal that the process of intrusion detection in these networks exhibits a significant degree of burstiness as well as strong memory, with burstiness and memory properties that are comparable to those…
▽ More
We analyze sets of intrusion detection records observed on the networks of several large, nonresidential organizations protected by a form of intrusion detection and prevention service. Our analyses reveal that the process of intrusion detection in these networks exhibits a significant degree of burstiness as well as strong memory, with burstiness and memory properties that are comparable to those of natural processes driven by threshold effects, but different from bursty human activities. We explore time-series models of these observable network security incidents based on partially observed data using a hidden Markov model with restricted hidden states, which we fit using Markov Chain Monte Carlo techniques. We examine the output of the fitted model with respect to its statistical properties and demonstrate that the model adequately accounts for intrinsic "bursting" within observed network incidents as a result of alternation between two or more stochastic processes. While our analysis does not lead directly to new detection capabilities, the practical implications of gaining better understanding of the observed burstiness are significant, and include opportunities for quantifying a network's risks and defensive efforts.
△ Less
Submitted 12 July, 2017;
originally announced July 2017.
-
Recommendations for Model-Driven Paradigms for Integrated Approaches to Cyber Defense
Authors:
Mona Lange,
Alexander Kott,
Noam Ben-Asher,
Wim Mees,
Nazife Baykal,
Cristian-Mihai Vidu,
Matteo Merialdo,
Marek Malowidzki,
Bhopinder Madahar
Abstract:
The North Atlantic Treaty Organization (NATO) Exploratory Team meeting, "Model-Driven Paradigms for Integrated Approaches to Cyber Defense," was organized by the NATO Science and Technology Organization's (STO) Information Systems and Technology (IST) panel and conducted its meetings and electronic exchanges during 2016. This report describes the proceedings and outcomes of the team's efforts.
M…
▽ More
The North Atlantic Treaty Organization (NATO) Exploratory Team meeting, "Model-Driven Paradigms for Integrated Approaches to Cyber Defense," was organized by the NATO Science and Technology Organization's (STO) Information Systems and Technology (IST) panel and conducted its meetings and electronic exchanges during 2016. This report describes the proceedings and outcomes of the team's efforts.
Many of the defensive activities in the fields of cyber warfare and information assurance rely on essentially ad hoc techniques. The cyber community recognizes that comprehensive, systematic, principle-based modeling and simulation are more likely to produce long-term, lasting, reusable approaches to defensive cyber operations.
A model-driven paradigm is predicated on creation and validation of mechanisms of modeling the organization whose mission is subject to assessment, the mission (or missions) itself, and the cyber-vulnerable systems that support the mission. This by any definition is a complex socio-technical system (of systems), and the level of detail of this class of problems ranges from the level of host and network events to the systems' functions up to the function of the enterprise. Solving this class of problems is of medium to high difficulty and can draw in part on advances in Systems Engineering (SE). Such model-based approaches and analysis could be used to explore multiple alternative mitigation and work-around strategies and to select the optimal course of mitigating actions. Furthermore, the model-driven paradigm applied to cyber operations is likely to benefit traditional disciplines of cyber defense such as security, vulnerability analysis, intrusion prevention, intrusion detection, analysis, forensics, attribution, and recovery.
△ Less
Submitted 9 March, 2017;
originally announced March 2017.
-
Overview of Cyber Science and Technology Programs at the U.S. Army Research Laboratory
Authors:
Alexander Kott
Abstract:
This paper provides an overview of research programs in cyber security performed by the U.S Army Research Laboratory. Although ARL is the U.S. Army's corporate laboratory that focuses on fundamental and early applied research, the fundamental science endeavors are closely integrated with extensive operationally-oriented programs. One example is the Cyber Collaborative Research Alliance (CRA) that…
▽ More
This paper provides an overview of research programs in cyber security performed by the U.S Army Research Laboratory. Although ARL is the U.S. Army's corporate laboratory that focuses on fundamental and early applied research, the fundamental science endeavors are closely integrated with extensive operationally-oriented programs. One example is the Cyber Collaborative Research Alliance (CRA) that brings together ARL scientists with academic researchers from dozens of U.S. universities. ARL cyber scientists are largely driven by challenges unique to the ground operations of the Army; this paper outlines a few of these challenges and the ways in which they are addressed by ARL research efforts. The long-term campaign of cyber research is guided by the vision of the future Army battlefield. In the year 2040, it will be a highly converged virtual-physical space, where cyber operations will be an integral part of the battle.
△ Less
Submitted 3 January, 2017;
originally announced February 2017.
-
The Future Internet of Things and Security of its Control Systems
Authors:
Misty Blowers,
Jose Iribarne,
Edward Colbert,
Alexander Kott
Abstract:
We consider the future cyber security of industrial control systems. As best as we can see, much of this future unfolds in the context of the Internet of Things (IoT). In fact, we envision that all industrial and infrastructure environments, and cyber-physical systems in general, will take the form reminiscent of what today is referred to as the IoT. IoT is envisioned as multitude of heterogeneous…
▽ More
We consider the future cyber security of industrial control systems. As best as we can see, much of this future unfolds in the context of the Internet of Things (IoT). In fact, we envision that all industrial and infrastructure environments, and cyber-physical systems in general, will take the form reminiscent of what today is referred to as the IoT. IoT is envisioned as multitude of heterogeneous devices densely interconnected and communicating with the objective of accomplishing a diverse range of objectives, often collaboratively. One can argue that in the relatively near future, the IoT construct will subsume industrial plants, infrastructures, housing and other systems that today are controlled by ICS and SCADA systems. In the IoT environments, cybersecurity will derive largely from system agility, moving-target defenses, cybermaneuvering, and other autonomous or semi-autonomous behaviors. Cyber security of IoT may also benefit from new design methods for mixed-trusted systems; and from big data analytics -- predictive and autonomous.
△ Less
Submitted 6 October, 2016;
originally announced October 2016.
-
Inducing and Mitigating a Self-Reinforcing Degradation in Decision-making Teams
Authors:
Paul Hubbard,
Alexander Kott,
Michael Martin
Abstract:
The models in this paper demonstrate how self-reinforcing error due to positive feedback can lead to overload and saturation of decision-making elements, and ultimately the cascading collapse of an organization due to the propagation of overload and erroneous decisions throughout the organization. We begin the paper with an analysis of the stability of the decision-making aspects of command organi…
▽ More
The models in this paper demonstrate how self-reinforcing error due to positive feedback can lead to overload and saturation of decision-making elements, and ultimately the cascading collapse of an organization due to the propagation of overload and erroneous decisions throughout the organization. We begin the paper with an analysis of the stability of the decision-making aspects of command organizations from a system-theoretic perspective. A simple dynamic model shows how an organization can enter into a self-reinforcing cycle of increasing decision workload until the demand for decisions exceeds the decision-making capacity of the organization. We then extend the model to more complex networked organizations and show that they also experience a form of self-reinforcing degradation. In particular, we find that the degradation in decision quality has a tendency to propagate through the hierarchical structure, i.e. overload at one location affects other locations by overloading the higher-level components which then in turn overload their subordinates. Our computational experiments suggest several strategies for mitigating this type of malfunction: dum** excessive load, empowering lower echelons, minimizing the need for coordination, using command-by-negation, insulating weak performers, and applying on-line diagnostics. We describe a method to allocate decision responsibility and arrange information flow dynamically within a team of decision-makers for command and control.
△ Less
Submitted 27 July, 2016;
originally announced July 2016.
-
Validation of Information Fusion
Authors:
Alexander Kott,
Wes Milks
Abstract:
We motivate and offer a formal definition of validation as it applies to information fusion systems. Common definitions of validation compare the actual state of the world with that derived by the fusion process. This definition conflates properties of the fusion system with properties of systems that intervene between the world and the fusion system. We propose an alternative definition where val…
▽ More
We motivate and offer a formal definition of validation as it applies to information fusion systems. Common definitions of validation compare the actual state of the world with that derived by the fusion process. This definition conflates properties of the fusion system with properties of systems that intervene between the world and the fusion system. We propose an alternative definition where validation of an information fusion system references a standard fusion device, such as recognized human experts. We illustrate the approach by describing the validation process implemented in RAID, a program conducted by DARPA and focused on information fusion in adversarial, deceptive environments.
△ Less
Submitted 22 July, 2016;
originally announced July 2016.
-
Predicting Enemy's Actions Improves Commander Decision-Making
Authors:
Michael Ownby,
Alexander Kott
Abstract:
The Defense Advanced Research Projects Agency (DARPA) Real-time Adversarial Intelligence and Decision-making (RAID) program is investigating the feasibility of "reading the mind of the enemy" - to estimate and anticipate, in real-time, the enemy's likely goals, deceptions, actions, movements and positions. This program focuses specifically on urban battles at echelons of battalion and below. The R…
▽ More
The Defense Advanced Research Projects Agency (DARPA) Real-time Adversarial Intelligence and Decision-making (RAID) program is investigating the feasibility of "reading the mind of the enemy" - to estimate and anticipate, in real-time, the enemy's likely goals, deceptions, actions, movements and positions. This program focuses specifically on urban battles at echelons of battalion and below. The RAID program leverages approximate game-theoretic and deception-sensitive algorithms to provide real-time enemy estimates to a tactical commander. A key hypothesis of the program is that these predictions and recommendations will make the commander more effective, i.e. he should be able to achieve his operational goals safer, faster, and more efficiently. Realistic experimentation and evaluation drive the development process using human-in-the-loop wargames to compare humans and the RAID system. Two experiments were conducted in 2005 as part of Phase I to determine if the RAID software could make predictions and recommendations as effectively and accurately as a 4-person experienced staff. This report discusses the intriguing and encouraging results of these first two experiments conducted by the RAID program. It also provides details about the experiment environment and methodology that were used to demonstrate and prove the research goals.
△ Less
Submitted 22 July, 2016;
originally announced July 2016.
-
The Role of PMESII Modeling in a Continuous Cycle of Anticipation and Action
Authors:
Alexander Kott,
Stephen Morse
Abstract:
The inevitable incompleteness of any collection of PMESII models, along with poorly understood methods for combining heterogeneous models, leads to major uncertainty regarding the reliability of computational tools. This uncertainty is further exacerbated by difficulties in validation of such tools. They should only be used as aids to human analysis and decision-making. A practitioner must wonder:…
▽ More
The inevitable incompleteness of any collection of PMESII models, along with poorly understood methods for combining heterogeneous models, leads to major uncertainty regarding the reliability of computational tools. This uncertainty is further exacerbated by difficulties in validation of such tools. They should only be used as aids to human analysis and decision-making. A practitioner must wonder: how can we accommodate the uncertainty of a tool's results by applying human judgment appropriately?
In this paper, we describe two examples where planners and analysts used (or could have used) computational tools to obtain estimates of effects of various actions under consideration. Then they considered these computational estimates to draw their own conclusions regarding the effects that would likely emerge from proposed actions taken by the international mission.
The key idea, in both of our examples, is a continuous cycle of anticipations and actions; in each cycle computational estimates of effects help intervention managers determine appropriate actions, and then assessments of real-world outcomes guide the next increment of computational estimates. With a proper methodology, PMESII modeling tools can offer valuable insights and encourage learning, even if they will never produce fully accurate estimates useable in a customary, strictly predictive manner.
△ Less
Submitted 21 July, 2016;
originally announced July 2016.
-
A Survey of Research on Control of Teams of Small Robots in Military Operations
Authors:
Stuart Young,
Alexander Kott
Abstract:
While a number of excellent review articles on military robots have appeared in existing literature, this paper focuses on a distinct sub-space of related problems: small military robots organized into moderately sized squads, operating in a ground combat environment. Specifically, we consider the following: - Command of practical small robots, comparable to current generation, small unmanned grou…
▽ More
While a number of excellent review articles on military robots have appeared in existing literature, this paper focuses on a distinct sub-space of related problems: small military robots organized into moderately sized squads, operating in a ground combat environment. Specifically, we consider the following: - Command of practical small robots, comparable to current generation, small unmanned ground vehicles (e.g., PackBots) with limited computing and sensor payload, as opposed to larger vehicle-sized robots or micro-scale robots; - Utilization of moderately sized practical forces of 3-10 robots applicable to currently envisioned military ground operations; - Complex three-dimensional physical environments, such as urban areas or mountainous terrains and the inherent difficulties they impose, including limited and variable fields of observation, difficult navigation, and intermittent communication; - Adversarial environments where the active, intelligent enemy is the key consideration in determining the behavior of the robotic force; and - Purposeful, partly autonomous, coordinated behaviors that are necessary for such a robotic force to survive and complete missions; these are far more complex than, for example, formation control or field coverage behavior.
△ Less
Submitted 3 June, 2016;
originally announced June 2016.
-
Approaches to Modeling Insurgency
Authors:
Alexander Kott,
Bruce Skarin
Abstract:
This paper begins with an introduction to qualitative theories and models of insurgency, quantitative measures of insurgency, influence diagrams, system dynamics models of insurgency, agent based molding of insurgency, human-in-the-loop wargaming of insurgency, and statistical models of insurgency. The paper then presents a detailed case study of an agent-based model that focuses on the Troubles i…
▽ More
This paper begins with an introduction to qualitative theories and models of insurgency, quantitative measures of insurgency, influence diagrams, system dynamics models of insurgency, agent based molding of insurgency, human-in-the-loop wargaming of insurgency, and statistical models of insurgency. The paper then presents a detailed case study of an agent-based model that focuses on the Troubles in Northern Ireland starting in 1968. The model is agent-based and uses a modeling tool called Simulation of Cultural Identities for Prediction of Reactions (SCIPR). The objective in this modeling effort was to predict trends in the degree of population's support to parties in this conflict. The case studies describes in detail the agents, their actions, model initialization and simulation process, and the results of the simulation compared to actual historical results of elections.
△ Less
Submitted 5 March, 2016;
originally announced March 2016.
-
Resiliency and Robustness of Complex, Multi-Genre Networks
Authors:
Alexander Kott,
Tarek Abdelzaher
Abstract:
We explore the resiliency and robustness of systems while viewing them as complex, multi-genre networks. The term "complex, multi-genre networks" refers to networks that combine several distinct genres - networks of physical resources, communication networks, information networks, and social and cognitive networks. We show that this perspective is fruitful and adds to our understanding of fundamen…
▽ More
We explore the resiliency and robustness of systems while viewing them as complex, multi-genre networks. The term "complex, multi-genre networks" refers to networks that combine several distinct genres - networks of physical resources, communication networks, information networks, and social and cognitive networks. We show that this perspective is fruitful and adds to our understanding of fundamental challenges and tradeoffs in robustness and resiliency, as well as potential solutions to the challenges. Study of systems as multi-genre networks is relatively uncommon; instead, it is customary in research and engineering literature to focus on a view of a network comprised of homogeneous elements, (e.g., a network of communication devices, or a network of social beings). Yet, most if not all real-world networks are multi-genre - it is hard to find any real system of a significant complexity that does not include a combination of interconnected physical elements, communication devices and channels, data collections, and human users forming an integrated, inter-dependent whole. Most approaches to improving resiliency and robustness involve compromises, and the key challenge is to find a favorable compromise. Such compromises involve reducing or managing the complexity of the network: coupling, rigidity and dependency. We discuss several of these compromises, e.g., performance vs resiliency; resiliency to one type of disruption vs resiliency to another disruption type; and complexity vs resiliency.
△ Less
Submitted 25 January, 2016;
originally announced January 2016.
-
Decision Aids for Adversarial Planning in Military Operations: Algorithms, Tools, and Turing-test-like Experimental Validation
Authors:
Alexander Kott,
Ray Budd,
Larry Ground,
Lakshmi Rebbapragada,
John Langston
Abstract:
Use of intelligent decision aids can help alleviate the challenges of planning complex operations. We describe integrated algorithms, and a tool capable of translating a high-level concept for a tactical military operation into a fully detailed, actionable plan, producing automatically (or with human guidance) plans with realistic degree of detail and of human-like quality. Tight interleaving of s…
▽ More
Use of intelligent decision aids can help alleviate the challenges of planning complex operations. We describe integrated algorithms, and a tool capable of translating a high-level concept for a tactical military operation into a fully detailed, actionable plan, producing automatically (or with human guidance) plans with realistic degree of detail and of human-like quality. Tight interleaving of several algorithms -- planning, adversary estimates, scheduling, routing, attrition and consumption estimates -- comprise the computational approach of this tool. Although originally developed for Army large-unit operations, the technology is generic and also applies to a number of other domains, particularly in critical situations requiring detailed planning within a constrained period of time. In this paper, we focus particularly on the engineering tradeoffs in the design of the tool. In an experimental evaluation, reminiscent of the Turing test, the tool's performance compared favorably with human planners.
△ Less
Submitted 22 January, 2016;
originally announced January 2016.
-
Coalition-based Planning of Military Operations: Adversarial Reasoning Algorithms in an Integrated Decision Aid
Authors:
Larry Ground,
Alexander Kott,
Ray Budd
Abstract:
Use of knowledge-based planning tools can help alleviate the challenges of planning a complex operation by a coalition of diverse parties in an adversarial environment. We explore these challenges and potential contributions of knowledge-based tools using as an example the CADET system, a knowledge-based tool capable of producing automatically (or with human guidance) battle plans with realistic d…
▽ More
Use of knowledge-based planning tools can help alleviate the challenges of planning a complex operation by a coalition of diverse parties in an adversarial environment. We explore these challenges and potential contributions of knowledge-based tools using as an example the CADET system, a knowledge-based tool capable of producing automatically (or with human guidance) battle plans with realistic degree of detail and complexity. In ongoing experiments, it compared favorably with human planners. Interleaved planning, scheduling, routing, attrition and consumption processes comprise the computational approach of this tool. From the coalition operations perspective, such tools offer an important aid in rapid synchronization of assets and actions of heterogeneous assets belonging to multiple organizations, potentially with distinct doctrine and rules of engagement. In this paper, we discuss the functionality of the tool, provide a brief overview of the technical approach and experimental results, and outline the potential value of such tools.
△ Less
Submitted 22 January, 2016;
originally announced January 2016.
-
Assessing Mission Impact of Cyberattacks: Report of the NATO IST-128 Workshop
Authors:
Alexander Kott,
Nikolai Stoianov,
Nazife Baykal,
Alfred Moller,
Reginald Sawilla,
Pram Jain,
Mona Lange,
Cristian Vidu
Abstract:
This report presents the results of a workshop conducted by the North Atlantic Treaty Organization (NATO) Information Systems Technology (IST) Panel in Istanbul, Turkey, in June 2015 to explore science and technology for characterizing the impact of cyber-attacks on missions. Military mission success is highly dependent on the communications and information systems (CISs) that support the mission…
▽ More
This report presents the results of a workshop conducted by the North Atlantic Treaty Organization (NATO) Information Systems Technology (IST) Panel in Istanbul, Turkey, in June 2015 to explore science and technology for characterizing the impact of cyber-attacks on missions. Military mission success is highly dependent on the communications and information systems (CISs) that support the mission and their use in the cyber battlespace. The inexorably growing dependency on computational information processing for weapons, intelligence, communication, and logistics systems continues to increase the vulnerability of missions to various cyber threats. Attacks on CISs or other cyber incidents degrade or disrupt the usage of CISs, and the resulting mission capability, performance, and completion. These incidents are expected to increase in frequency and sophistication. The workshop participants concluded that the key to solving the mission impact assessment problem was in adopting and develo** a new model-driven paradigm that creates and validates mechanisms of modeling the mission organization, the mission(s), and the cyber-vulnerable systems that support the mission(s). Such models then simulate or portray the impacts of the cyber-attacks. In addition, such model-based analysis could explore multiple alternative mitigation and work-around strategies - an essential part of co** with mission impact - and select the optimal course of mitigating actions. Only such a paradigm can be expected to provide meaningful, actionable information about mission impacts that have not been seen before or do not match prior experiences and patterns. The papers presented at this workshop are available in an accompanying volume, Proceedings of the NATO Workshop IST-128, Assessing Mission Impact of Cyber Attacks.
△ Less
Submitted 5 January, 2016;
originally announced January 2016.
-
Security Metrics in Industrial Control Systems
Authors:
Zachary A. Collier,
Mahesh Panwar,
Alexander A. Ganin,
Alex Kott,
Igor Linkov
Abstract:
Risk is the best known and perhaps the best studied example within a much broader class of cyber security metrics. However, risk is not the only possible cyber security metric. Other metrics such as resilience can exist and could be potentially very valuable to defenders of ICS systems. Often, metrics are defined as measurable properties of a system that quantify the degree to which objectives of…
▽ More
Risk is the best known and perhaps the best studied example within a much broader class of cyber security metrics. However, risk is not the only possible cyber security metric. Other metrics such as resilience can exist and could be potentially very valuable to defenders of ICS systems. Often, metrics are defined as measurable properties of a system that quantify the degree to which objectives of the system are achieved. Metrics can provide cyber defenders of an ICS with critical insights regarding the system. Metrics are generally acquired by analyzing relevant attributes of that system. In terms of cyber security metrics, ICSs tend to have unique features: in many cases, these systems are older technologies that were designed for functionality rather than security. They are also extremely diverse systems that have different requirements and objectives. Therefore, metrics for ICSs must be tailored to a diverse group of systems with many features and perform many different functions. In this chapter, we first outline the general theory of performance metrics, and highlight examples from the cyber security domain and ICS in particular. We then focus on a particular example of a class of metrics that is different from the one we have considered in earlier chapters. Instead of risk, here we consider metrics of resilience. Resilience is defined by the National Academy of Sciences (2012) as the ability to prepare and plan for, absorb, recover from, or more successfully adapt to actual or potential adverse events. This chapter presents two approaches for the generation of metrics based on the concept of resilience using a matrix-based approach and a network-based approach. Finally, a discussion of the benefits and drawbacks of different methods is presented along with a process and tips intended to aid in devising effective metrics.
△ Less
Submitted 25 December, 2015;
originally announced December 2015.
-
Toward a Research Agenda in Adversarial Reasoning: Computational Approaches to Anticipating the Opponent's Intent and Actions
Authors:
Alexander Kott,
Michael Ownby
Abstract:
This paper defines adversarial reasoning as computational approaches to inferring and anticipating an enemy's perceptions, intents and actions. It argues that adversarial reasoning transcends the boundaries of game theory and must also leverage such disciplines as cognitive modeling, control theory, AI planning and others. To illustrate the challenges of applying adversarial reasoning to real-worl…
▽ More
This paper defines adversarial reasoning as computational approaches to inferring and anticipating an enemy's perceptions, intents and actions. It argues that adversarial reasoning transcends the boundaries of game theory and must also leverage such disciplines as cognitive modeling, control theory, AI planning and others. To illustrate the challenges of applying adversarial reasoning to real-world problems, the paper explores the lessons learned in the CADET - a battle planning system that focuses on brigade-level ground operations and involves adversarial reasoning. From this example of current capabilities, the paper proceeds to describe RAID - a DARPA program that aims to build capabilities in adversarial reasoning, and how such capabilities would address practical requirements in Defense and other application areas.
△ Less
Submitted 24 December, 2015;
originally announced December 2015.
-
An Experimental Evaluation of Computational Techniques for Planning and Assessment of International Interventions
Authors:
Alexander Kott,
Jeff Hansberger,
Edward Waltz,
Peter Corpac
Abstract:
We describe the experimental methodology developed and employed in a series of experiments within the Defense Advanced Research Projects Agency (DARPA) Conflict Modeling, Planning, and Outcomes Exploration (COMPOEX) Program. The primary purpose of the effort was development of tools and methods for analysis, planning and predictive assessment of plans for complex operations where integrated politi…
▽ More
We describe the experimental methodology developed and employed in a series of experiments within the Defense Advanced Research Projects Agency (DARPA) Conflict Modeling, Planning, and Outcomes Exploration (COMPOEX) Program. The primary purpose of the effort was development of tools and methods for analysis, planning and predictive assessment of plans for complex operations where integrated political-military-economic-social-infrastructure and information (PMESII) considerations play decisive roles. As part of the program, our team executed several broad-based experiments, involving dozens of experts from several agencies simultaneously. The methodology evolved from one experiment to another because of the lessons learned. The paper presents the motivation, objectives, and structure of this interagency experiment series; the methods we explored in the experiments; and the results, lessons learned and recommendations for future efforts of such nature.
△ Less
Submitted 24 December, 2015;
originally announced December 2015.
-
Towards Approaches to Continuous Assessment of Cyber Risk in Security of Computer Networks
Authors:
Alexander Kott,
Curtis Arnold
Abstract:
We review the current status and research challenges in the area of cyber security often called continuous monitoring and risk scoring (CMRS). We focus on two most salient aspects of CMRS. First, continuous collection of data through automated feeds; hence the term continuous monitoring. Typical data collected for continuous monitoring purposes include network traffic information as well as host i…
▽ More
We review the current status and research challenges in the area of cyber security often called continuous monitoring and risk scoring (CMRS). We focus on two most salient aspects of CMRS. First, continuous collection of data through automated feeds; hence the term continuous monitoring. Typical data collected for continuous monitoring purposes include network traffic information as well as host information from host-based agents. Second, analysis of the collected data in order to assess the risks - the risk scoring. This assessment may include flagging especially egregious vulnerabilities and exposures, or computing metrics that provide an overall characterization of the network's risk level. Currently used risk metrics are often simple sums or counts of vulnerabilities and missing patches.
The research challenges pertaining to CMRS fall mainly into two categories. The first centers on the problem of integrating and fusing highly heterogeneous information. The second group of challenges is the lack of rigorous approaches to computing risk. Existing risk scoring algorithms remain limited to ad hoc heuristics such as simple sums of vulnerability scores or counts of things like missing patches or open ports, etc. Weaknesses and potentially misleading nature of such metrics are well recognized. For example, the individual vulnerability scores are dangerously reliant on subjective, human, qualitative input, potentially inaccurate and expensive to obtain. Further, the total number of vulnerabilities may matters far less than how vulnerabilities are distributed over hosts, or over time. Similarly, neither topology of the network nor the roles and dynamics of inter-host interactions are considered by simple sums of vulnerabilities or missing patches.
△ Less
Submitted 24 December, 2015;
originally announced December 2015.
-
Science of Cyber Security as a System of Models and Problems
Authors:
Alexander Kott
Abstract:
Terms like "Science of Cyber" or "Cyber Science" have been appearing in literature with growing frequency, and influential organizations initiated research initiatives toward develo** such a science even though it is not clearly defined. We propose to define the domain of the science of cyber security by noting the most salient artifact within cyber security -- malicious software -- and defining…
▽ More
Terms like "Science of Cyber" or "Cyber Science" have been appearing in literature with growing frequency, and influential organizations initiated research initiatives toward develo** such a science even though it is not clearly defined. We propose to define the domain of the science of cyber security by noting the most salient artifact within cyber security -- malicious software -- and defining the domain as comprised of phenomena that involve malicious software (as well as legitimate software and protocols used maliciously) used to compel a computing device or a network of computing devices to perform actions desired by the perpetrator of malicious software (the attacker) and generally contrary to the intent (the policy) of the legitimate owner or operator (the defender) of the computing device(s). We further define the science of cyber security as the study of relations -- preferably expressed as theoretically-grounded models -- between attributes, structures and dynamics of: violations of cyber security policy; the network of computing devices under attack; the defenders' tools and techniques; and the attackers' tools and techniques where malicious software plays the central role. We offer a simple formalism of these key objects within cyber science and systematically derive a classification of primary problem classes within cyber science.
△ Less
Submitted 29 November, 2015;
originally announced December 2015.