Cohesive and Robust Human-Bot Cybersecurity Teams

Abstract

Cybersecurity is the biggest challenge that the DoD faces today, which has led to the foundation of the US-Cybercom in 2010. A typical analyst in a cybersecurity team has to process vast amounts of information, such as intrusion logs, network flows, executables, and provenance information for files. Even in a limited setting, such as the National collegiate cyber defense competitions (https://www.nationalccdc.org/), participants deal with a staggering amount of information. Real cybersecurity scenarios are even more challenging. To explore these challenges, in 2014, DARPA launched the Cyber Grand Challenge, a competition for creating automatic defensive systems capable of reasoning about flaws, formulating patches and deploying them on a network in real time. Achieving this bold vision required breakthrough approaches in a variety of disciplines, including applied computer security, program analysis, data visualization and cognitive science. The DARPA Cyber Grand Challenge further highlighted the challenges of an active adversarial environment, with large amounts of information and techniques that neither humans nor machines can handle alone; there is too much data for an analyst to observe and process, and machines lack high-level context and a sense of the mission that can be comprehended by an analyst. The challenge thus clearly demonstrated that human analysts and bots need to work together to address the challenges of automated cyberdefense. Consequently, the single major challenge in cybersecurity analysis today is successful coordination among human-bot teams Ð as failure to coordinate can have disastrous consequences in the cyber battlefield. Unfortunately, while we know a lot about how humans use tools to work in teams, little is known about how to manage, observe and improve hybrid teams that comprise of humans and bots. The area of team science that involves human-machine teams is still in its infancy, and in particular how to coordinate these teams in the presence of active adversaries (who are also adapting to changing conditions) and a dynamic landscape is far from understood. Team science refers to techniques to observe, measure, and improve team dynamics and performance for a specific task. In this proposal, we focus on teams engaged in cybersecurity tasks or cybersecurity teams, such as threat intelligence and cyber defense. We propose to bring together a team of 8 US and 8 Australian PIs with diverse expertise spanning computer security, machine learning, psychology, decision sciences, and human-computer interaction to address this challenge. Technical challenges in our context are: active adversaries, dynamic environment, rare black-swan events, and common goal/mission for the entire human-bot team. Our technical approach and five research thrusts have been designed to address these technical challenges.

Document Details

Document Type

DoD Grant Award

Publication Date

Aug 01, 2023

Source ID

W911NF2110317

Entities

Tags