Share Email Print
cover

Proceedings Paper • new

Steps toward a principled approach to automating cyber responses
Author(s): Scott Musman; Lashon Booker; Andy Applebaum; Brian Edmonds
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

Cyber-attackers are likely to exploit advances in artificial intelligence to achieve faster, stealthier, and more effective operational effects. Defenders need to keep pace by developing their own advances, which may preclude human-in-theloop decision making. Consequently, future systems will have to rely on automated reasoning and automated responses to ensure mission success and continuously adapt to an evolving adversary. Automated reasoning about defensive cyber responses is essentially sequential decision making based on the projection of possible futures from a current situation. This problem is especially complicated in cyberspace, however, because the current situation and future projections are highly uncertain. Our research tackles these challenges using the formal framework of partially observable Markov decision problems (POMDPs). We show how to break the “curse of dimensionality” that makes these problems intractable by computing approximate solutions using a Monte Carlo online planner that incorporates a computationally feasible simulation of the cyber security problem. Our simulation is an extension of MITRE’s Cyber Security Game simulator, which explores the mission-impact-focused strategies of an adaptive, intelligent attacker. Preliminary results on small problems, where the optimal solution can be calculated precisely, show that our approach consistently finds the optimal answer, not just a good approximation. We are in the process of increasing the fidelity of the simulator and POMDP representation to model more realistic cyber environments by increasing attacker and defender actions, increasing the variety of sensor types (including sensing of both actions and states), accounting for multiple incident effects, and improving the scaling properties.

Paper Details

Date Published: 10 May 2019
PDF: 15 pages
Proc. SPIE 11006, Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications, 110061E (10 May 2019); doi: 10.1117/12.2518976
Show Author Affiliations
Scott Musman, The MITRE Corp. (United States)
Lashon Booker, The MITRE Corp. (United States)
Andy Applebaum, The MITRE Corp. (United States)
Brian Edmonds, The MITRE Corp. (United States)


Published in SPIE Proceedings Vol. 11006:
Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications
Tien Pham, Editor(s)

© SPIE. Terms of Use
Back to Top