2,768 research outputs found
Strategic Learning for Active, Adaptive, and Autonomous Cyber Defense
The increasing instances of advanced attacks call for a new defense paradigm
that is active, autonomous, and adaptive, named as the \texttt{`3A'} defense
paradigm. This chapter introduces three defense schemes that actively interact
with attackers to increase the attack cost and gather threat information, i.e.,
defensive deception for detection and counter-deception, feedback-driven Moving
Target Defense (MTD), and adaptive honeypot engagement. Due to the cyber
deception, external noise, and the absent knowledge of the other players'
behaviors and goals, these schemes possess three progressive levels of
information restrictions, i.e., from the parameter uncertainty, the payoff
uncertainty, to the environmental uncertainty. To estimate the unknown and
reduce uncertainty, we adopt three different strategic learning schemes that
fit the associated information restrictions. All three learning schemes share
the same feedback structure of sensation, estimation, and actions so that the
most rewarding policies get reinforced and converge to the optimal ones in
autonomous and adaptive fashions. This work aims to shed lights on proactive
defense strategies, lay a solid foundation for strategic learning under
incomplete information, and quantify the tradeoff between the security and
costs.Comment: arXiv admin note: text overlap with arXiv:1906.1218
To What Extent Are Honeypots and Honeynets Autonomic Computing Systems?
Cyber threats, such as advanced persistent threats (APTs), ransomware, and
zero-day exploits, are rapidly evolving and demand improved security measures.
Honeypots and honeynets, as deceptive systems, offer valuable insights into
attacker behavior, helping researchers and practitioners develop innovative
defense strategies and enhance detection mechanisms. However, their deployment
involves significant maintenance and overhead expenses. At the same time, the
complexity of modern computing has prompted the rise of autonomic computing,
aiming for systems that can operate without human intervention. Recent honeypot
and honeynet research claims to incorporate autonomic computing principles,
often using terms like adaptive, dynamic, intelligent, and learning. This study
investigates such claims by measuring the extent to which autonomic principles
principles are expressed in honeypot and honeynet literature. The findings
reveal that autonomic computing keywords are present in the literature sample,
suggesting an evolution from self-adaptation to autonomic computing
implementations. Yet, despite these findings, the analysis also shows low
frequencies of self-configuration, self-healing, and self-protection keywords.
Interestingly, self-optimization appeared prominently in the literature. While
this study presents a foundation for the convergence of autonomic computing and
deceptive systems, future research could explore technical implementations in
sample articles and test them for autonomic behavior. Additionally,
investigations into the design and implementation of individual autonomic
computing principles in honeypots and determining the necessary ratio of these
principles for a system to exhibit autonomic behavior could provide valuable
insights for both researchers and practitioners.Comment: 18 pages, 3 figures, 5 table
Agents Need Not Know Their Purpose
Ensuring artificial intelligence behaves in such a way that is aligned with
human values is commonly referred to as the alignment challenge. Prior work has
shown that rational agents, behaving in such a way that maximizes a utility
function, will inevitably behave in such a way that is not aligned with human
values, especially as their level of intelligence goes up. Prior work has also
shown that there is no "one true utility function"; solutions must include a
more holistic approach to alignment. This paper describes oblivious agents:
agents that are architected in such a way that their effective utility function
is an aggregation of a known and hidden sub-functions. The hidden component, to
be maximized, is internally implemented as a black box, preventing the agent
from examining it. The known component, to be minimized, is knowledge of the
hidden sub-function. Architectural constraints further influence how agent
actions can evolve its internal environment model. We show that an oblivious
agent, behaving rationally, constructs an internal approximation of designers'
intentions (i.e., infers alignment), and, as a consequence of its architecture
and effective utility function, behaves in such a way that maximizes alignment;
i.e., maximizing the approximated intention function. We show that,
paradoxically, it does this for whatever utility function is used as the hidden
component and, in contrast with extant techniques, chances of alignment
actually improve as agent intelligence grows
Leverage AI to Learn, Optimize, and Wargame (LAILOW) for Strategic Laydown and Dispersal (SLD) of the USN Operating Forces
NPS NRP Technical ReportThe SECNAV disperses Navy forces in a deliberate manner to support DoD guidance, policy and budget. The current SLD process is labor intensive, takes too long, and needs AI. The research questions are: - How does the Navy weight competing demands for naval forces between the CCMDs to determine an optimal dispersal of operating forces? - How does the Navy optimize force laydown to maximize force development (Fd) and force generation (Fg) efficiency? We propose LAILOW to address the questions. LAILOW was derived from the ONR funded project and focuses on deep analytics of machine learning, optimization, and wargame. Learn: When there are data, data mining, machine learning, and predictive algorithms are used to analyze data. Historical Phased Force Deployment Data (TPFDDs) and SLD Report Cards data among others, one can learn patterns of what decisions were made and how they are executed with in the past. Optimize: Patterns from learn are used to optimize future SLD plans. A SLD plan may include how many homeports, home bases, hubs, and shore posture locations (Fd) and staffs (Fg). The optimization can be overwhelming. LAILOW uses integrated Soar reinforcement learning (Soar-RL) and coevolutionary algorithms. Soar-RL maps a total SLD plan to individual ones used in excursion modeling and what if analysis. Wargame: There might be no or rare data for new warfighting requirements and capabilities. This motivates wargame simulations. A SLD plan can include state variables or problems (e.g., future global and theater posture, threat characteristics), which is only observed, sensed, and cannot be changed. Control variables are solutions (e.g., a SLD plan). LAILOW sets up a wargame between state and control variables. Problems and solutions coevolve based on evolutionary principles of selection, mutation, and crossover.N3/N5 - Plans & StrategyThis research is supported by funding from the Naval Postgraduate School, Naval Research Program (PE 0605853N/2098). https://nps.edu/nrpChief of Naval Operations (CNO)Approved for public release. Distribution is unlimited.
Three Decades of Deception Techniques in Active Cyber Defense -- Retrospect and Outlook
Deception techniques have been widely seen as a game changer in cyber
defense. In this paper, we review representative techniques in honeypots,
honeytokens, and moving target defense, spanning from the late 1980s to the
year 2021. Techniques from these three domains complement with each other and
may be leveraged to build a holistic deception based defense. However, to the
best of our knowledge, there has not been a work that provides a systematic
retrospect of these three domains all together and investigates their
integrated usage for orchestrated deceptions. Our paper aims to fill this gap.
By utilizing a tailored cyber kill chain model which can reflect the current
threat landscape and a four-layer deception stack, a two-dimensional taxonomy
is developed, based on which the deception techniques are classified. The
taxonomy literally answers which phases of a cyber attack campaign the
techniques can disrupt and which layers of the deception stack they belong to.
Cyber defenders may use the taxonomy as a reference to design an organized and
comprehensive deception plan, or to prioritize deception efforts for a budget
conscious solution. We also discuss two important points for achieving active
and resilient cyber defense, namely deception in depth and deception lifecycle,
where several notable proposals are illustrated. Finally, some outlooks on
future research directions are presented, including dynamic integration of
different deception techniques, quantified deception effects and deception
operation cost, hardware-supported deception techniques, as well as techniques
developed based on better understanding of the human element.Comment: 19 page
Intelligent-Reflecting-Surface-Assisted UAV Communications for 6G Networks
In 6th-Generation (6G) mobile networks, Intelligent Reflective Surfaces
(IRSs) and Unmanned Aerial Vehicles (UAVs) have emerged as promising
technologies to address the coverage difficulties and resource constraints
faced by terrestrial networks. UAVs, with their mobility and low costs, offer
diverse connectivity options for mobile users and a novel deployment paradigm
for 6G networks. However, the limited battery capacity of UAVs, dynamic and
unpredictable channel environments, and communication resource constraints
result in poor performance of traditional UAV-based networks. IRSs can not only
reconstruct the wireless environment in a unique way, but also achieve wireless
network relay in a cost-effective manner. Hence, it receives significant
attention as a promising solution to solve the above challenges. In this
article, we conduct a comprehensive survey on IRS-assisted UAV communications
for 6G networks. First, primary issues, key technologies, and application
scenarios of IRS-assisted UAV communications for 6G networks are introduced.
Then, we put forward specific solutions to the issues of IRS-assisted UAV
communications. Finally, we discuss some open issues and future research
directions to guide researchers in related fields
- …