2 research outputs found
Strategic Evolution of Adversaries Against Temporal Platform Diversity Active Cyber Defenses
Adversarial dynamics are a critical facet within the cyber security domain,
in which there exists a co-evolution between attackers and defenders in any
given threat scenario. While defenders leverage capabilities to minimize the
potential impact of an attack, the adversary is simultaneously developing
countermeasures to the observed defenses. In this study, we develop a set of
tools to model the adaptive strategy formulation of an intelligent actor
against an active cyber defensive system. We encode strategies as binary
chromosomes representing finite state machines that evolve according to
Holland's genetic algorithm. We study the strategic considerations including
overall actor reward balanced against the complexity of the determined
strategies. We present a series of simulation results demonstrating the ability
to automatically search a large strategy space for optimal resultant fitness
against a variety of counter-strategies
Adaptive Attacker Strategy Development Against Moving Target Cyber Defenses
A model of strategy formulation is used to study how an adaptive attacker
learns to overcome a moving target cyber defense. The attacker-defender
interaction is modeled as a game in which a defender deploys a temporal
platform migration defense. Against this defense, a population of attackers
develop strategies specifying the temporal ordering of resource investments
that bring targeted zero-day exploits into existence. Attacker response to two
defender temporal platform migration scheduling policies are examined. In the
first defender scheduling policy, the defender selects the active platform in
each match uniformly at random from a pool of available platforms. In the
second policy the defender schedules each successive platform to maximize the
diversity of the source code presented to the attacker. Adaptive attacker
response strategies are modeled by finite state machine (FSM) constructs that
evolve during simulated play against defender strategies via an evolutionary
algorithm. It is demonstrated that the attacker learns to invest heavily in
exploit creation for the platform with the least similarity to other platforms
when faced with a diversity defense, while avoiding investment in exploits for
this least similar platform when facing a randomization defense. Additionally,
it is demonstrated that the diversity-maximizing defense is superior for
shorter duration attacker-defender engagements, but performs sub-optimally in
extended attacker-defender interactions