Towards Autonomous Cyber Defense

Abstract

Project Abstract: Cyber security is one of the most challenging issues we are facing today. The damage and loss caused by variouscyber attacks keep rising. While continuous efforts are being made to defend such attacks, the arms race between the attacker and the defender is getting more and more intensive. Today most defenses, such as various intrusion detection systems (IDS), firewalls,and middleboxes, are still mostly static and heavy. On the one hand, these defenses not only constrain the attacker s capability,but also pose significant challenges on the legitimate users due to imposed overhead in order to support its operation, such as packet filtering. On the other hand, efficiency and effectiveness of such systems are often heavily relying on the operator and domain experts and their knowledge, and such systems are often hard to optimize (e.g., a human operator needs to manually add a new rule to block traffic from a particular source, but this rule may conflict with existing rules). In this project, we propose to build automation capability into the cyber defense systems by leveraging the advanced machine learning techniques. To achieve this goal, first, we propose to leverage the latest networking technology offered by the software defined networks (SDN) and programmable data planes to achieve low overhead network event collector. This is essential to any cyber defense systems. Such a lightweight framework will enable flexible and scalable event collection. Second, to relieve the human burden (so as to transition from human-in-the-loop to human-on-the-loop) in operating such systems, we propose to build a bias learning based dual reinforcement learning model to automate the operation of the systems based on the collected events. Such a model can self-adapt to the monitored events by guiding the operations of the defense system. To validate and demonstrate the effectiveness of our proposed system, we will perform both simulations and real-world tests with the implemented prototype. If successful, the models and tools developed in this project can be directly applied for autonomous cyber defense in the real world army network systems. Furthermore, the experience gained formthis project can be applied to other intelligent things needed in military as well, such as Intelligent off-road ground mover, intelligent information collector, and intelligent coordinator. The outcomes of this project will help these intelligent things operate on a highly complex and dynamic battlefield. Distribution Statement. Approved for Public Release.

Document Details

Document Type

DoD Grant Award

Publication Date

Feb 06, 2023

Source ID

N000142312137

Entities

Tags