Training Automated Defense Strategies Using Graph-based Cyber Attack Simulations

We implemented and evaluated an automated cyber defense agent. The agent takes security alerts as input and uses reinforcement learning to learn a policy for executing predefined defensive measures. The defender policies were trained in an environment intended to simulate a cyber attack. In the simulation, an attacking agent attempts to capture targets in the environment, while the defender attempts to protect them by enabling defenses. The environment was modeled using attack graphs based on the Meta Attack Language language. We assumed that defensive measures have downtime costs, meaning that the defender agent was penalized for using them. We also assumed that the environment was equipped with an imperfect intrusion detection system that occasionally produces erroneous alerts based on the environment state. To evaluate the setup, we trained the defensive agent with different volumes of intrusion detection system noise. We also trained agents with different attacker strategies and graph sizes. In experiments, the defensive agent using policies trained with reinforcement learning outperformed agents using heuristic policies. Experiments also demonstrated that the policies could generalize across different attacker strategies. However, the performance of the learned policies decreased as the attack graphs increased in size.Comment: Presented at the Workshop on SOC Operations and Construction (WOSOC) 2023, colocated with NDSS 202

The Enterprise Architecture Analysis Tool – Support for the Predictive, Probabilistic Architecture Modeling Framework

The business of contemporary organizations is heavily dependent on information systems. Business processes and IT are interwoven and numerous technologies are in use. How the involved systems affect each other or impact the organizations’ business domain is often uncertain, thus decision-making regarding information technology is challenging. Enterprise architecture (EA) is a holistic, model-based management approach. Many of the available EA software tools focus on documenting and have limited analysis capabilities. In this article, a tool for EA analysis is presented, supporting the analysis of properties such as business fit, security, and interoperability. The tool is implemented to support the Predictive, Probabilistic Architecture Modeling Framework to specify and apply assessment frameworks for performing property analysis on EA models

Перспективы использования электронных наглядных пособий в процессе преподавания студентам инфекционных болезней

ОБРАЗОВАНИЕ МЕДИЦИНСКОЕВУЗЫМЕДИЦИНСКИЕ УЧЕБНЫЕ ЗАВЕДЕНИЯСТУДЕНТЫ МЕДИЦИНСКИХ УЧЕБНЫХ ЗАВЕДЕНИЙИНФЕКЦИОННЫЕ БОЛЕЗНИ (ДИСЦИПЛИНА)НАГЛЯДНЫЕ МАТЕРИАЛЫЭЛЕКТРОННЫЕ НАГЛЯДНЫЕ ПОСОБИ

The Yersinia pestis Effector YopM Inhibits Pyrin Inflammasome Activation

Type III secretion systems (T3SS) are central virulence factors for many pathogenic Gram-negative bacteria, and secreted T3SS effectors can block key aspects of host cell signaling. To counter this, innate immune responses can also sense some T3SS components to initiate anti-bacterial mechanisms. The Yersinia pestis T3SS is particularly effective and sophisticated in manipulating the production of pro-inflammatory cytokines IL-1beta and IL-18, which are typically processed into their mature forms by active caspase-1 following inflammasome formation. Some effectors, like Y. pestis YopM, may block inflammasome activation. Here we show that YopM prevents Y. pestis induced activation of the Pyrin inflammasome induced by the RhoA-inhibiting effector YopE, which is a GTPase activating protein. YopM blocks YopE-induced Pyrin-mediated caspase-1 dependent IL-1beta/IL-18 production and cell death. We also detected YopM in a complex with Pyrin and kinases RSK1 and PKN1, putative negative regulators of Pyrin. In contrast to wild-type mice, Pyrin deficient mice were also highly susceptible to an attenuated Y. pestis strain lacking YopM, emphasizing the importance of inhibition of Pyrin in vivo. A complex interplay between the Y. pestis T3SS and IL-1beta/IL-18 production is evident, involving at least four inflammasome pathways. The secreted effector YopJ triggers caspase-8- dependent IL-1beta activation, even when YopM is present. Additionally, the presence of the T3SS needle/translocon activates NLRP3 and NLRC4-dependent IL-1beta generation, which is blocked by YopK, but not by YopM. Taken together, the data suggest YopM specificity for obstructing the Pyrin pathway, as the effector does not appear to block Y. pestis-induced NLRP3, NLRC4 or caspase-8 dependent caspase-1 processing. Thus, we identify Y. pestis YopM as a microbial inhibitor of the Pyrin inflammasome. The fact that so many of the Y. pestis T3SS components are participating in regulation of IL-1beta/IL-18 release suggests that these effects are essential for maximal control of innate immunity during plague