Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

A Cognitive Approach to Cyber Data Analytics

24 views

Published on

2016 ORAU Annual Meeting of the Council of Sponsoring Institutions
Dr. Thomas C Eskridge, Florida Institute of Technology (FIT)

Published in: Government & Nonprofit
  • Be the first to comment

  • Be the first to like this

A Cognitive Approach to Cyber Data Analytics

  1. 1. A Cognitive Approach to Cyber Data Analytics Dr. Thomas C Eskridge, Florida Institute of Technology (FIT)
  2. 2. • 6 Faculty Members involved on Several Sponsored Research Efforts • 7 Full Time Research Associates • Active Research projects with the NSA, DHS, AFRL, MDA, ARL, NSF, and Industry • Several Graduate students and Research Assistants ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology Designated a National Center of Academic Excellence in Information Assurance Research (CAE/R) by the National Security Agency and the U.S. Department of Homeland Security. For Academic Years 2014-2019 Executive Director: Dr. Marco Carvalho SEAL: Chip Willard/NSA 2
  3. 3. Three Main Objectives • Research (Primary) – Several sponsored research efforts with Industry and DoD (NSA, AFRL, DoE, etc.) • Education – Student engagement in research activity – To produce excellent students who have mastered the IA domain • Outreach – Organization of several workshops in the areas of Cyber Physical Systems Security and Resilience. ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 3
  4. 4. Some of our Current Research Areas in Cyber Security • Cyber Resilience Theory and Resilient Systems • Dynamic, and Moving Target Defense • Defense Coordination • SCADA and Cyber Physical Systems Security • Cyber Visualization and Cyber Situation Awareness • Usable security and Mobile Device Security • Behavior-based authentication and security • Biologically-Inspired Security • Multi-agent Systems and Machine Learning • Low-level platform and operating system security • Malicious code – both novel defense and vulnerabilities ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 4
  5. 5. Research Goal • Anticipate – Maintain a state of informed preparedness to better absorb or avoid potential adversary attacks • Withstand – Continue essential missions despite successful adversary attacks • Recover – Restore mission functionality to the maximum extent possible after successful attacks • Evolve – Change mission functions to minimize the impact from current (or future) adversary attacks ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology Enabling Resilient Cyber Systems • Through the coordination and control of multiple sensors, defense, and response mechanisms. 9
  6. 6. Cyber Resilience The resilience of a cyber defense systems lies not in any one tool, control, or defense, but on the ability of the system to properly and contextually adapt to the environment, missions, and threats, appropriately choosing the right sensors, defenses, and configurations for different operational conditions Humans play an important role in contextualizing the the control infrastructure (framing) ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 10
  7. 7. Analytics Reasoning Cycle ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 11
  8. 8. Cyber Analytics Environment ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 12
  9. 9. Cyber Analytics Environment ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 13
  10. 10. Cyber Analytics Environment ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 14
  11. 11. Analytic Results ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 15
  12. 12. Representation of Hosts ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 16
  13. 13. Human-Agent Teamwork Supporting Mixed-Initiative Defense Infrastructures Critical Service Monitor Defense Sensor Defense MT Def. MT Def. MovingTargetCommandandControl ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology • Design security infrastructures to enhance human capabilities and performance on monitoring, diagnostics and control of complex and critical systems. • Design new human-in-the-loop defense infrastructures with significant automation but which are capable of mixed-initiative interaction • Design for Interdependence between humans and automation 17
  14. 14. The MIRA System • Mission-aware Infrastructure for Resilient Agents • The MIRA Agent System is Composed of: – The Mira Execution Environment • Provides service infrastructure • Includes default service providers – The Mira Agents • User-defined software components • Provides interface to sensor and defenses • Interfaces to services, independent of providers An agent-based modular infrastructure that allows plug-and-play of different services and agents. ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 18
  15. 15. Reasoning with data streams ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 19
  16. 16. Reasoning with data streams • Shims link the knowledge-rich MIRA agent environment with data streams • Based on current situation assessments, input streams may generate events in a different way ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 20
  17. 17. Constructing Hypotheses ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 21
  18. 18. Human on the loop • Operators construct hypotheses and evaluate results in real-time or using historical data • Useful hypotheses can be compiled into analytics for continued use • Contexts arise where additional information is needed • Operators set the context for system operation ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 22
  19. 19. Cognitive Analytics Cycle ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 23
  20. 20. Cognitive Analytics Cycle ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 24
  21. 21. Cognitive Analytics Cycle ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 25
  22. 22. Research Questions • What is the right level to share information between systems and operators? • Are contexts a good description of system status? • What kinds of additional background knowledge be used to reason about new ways to generate required data? • What additional visual representations might be useful? ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 26
  23. 23. Acknowledgement: This research project is partially sponsored by the U.S. Department of Defense. Any opinions, findings and conclusions or recommendations presented in this material are those of the author(s) and do not necessarily reflect the views of the Department of Defense. Questions? ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 27
  24. 24. BACKUPS ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 28
  25. 25. Connecting Traffic to Mission Mission Mapping Mission Mapping in Context ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 29
  26. 26. Mission Mapping ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 30
  27. 27. Mission Mapping ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 31
  28. 28. Process Maps ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 32
  29. 29. Agent-based Modeling and Control • Hierarchical Temporal Models • Spatio-temporal Transition Models ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 33
  30. 30. Agent-based Modeling and Control • Graphical Causal Models • Distributed Reinforcement Learning ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology Size: 3 α β ϕ γ d1 Size: 10 d2 Size: 5 d3 Size: 7 d4 100 150 200 40 1 n 4 n2n 3n 6 n 5 n7 n 1l2l 3l 4l 5l 6l 7l 8l 2030 40 60 40 50 45 40 70 20 20 30 40 20 50 9l 25 { , }α β { , , }α β γ { }β { , }α β { }α { , }ϕ γ { , }α ϕ NET DST 34
  31. 31. Markov Equivalent Graphs True Causal Graph Markov Equivalent Class ORAU Annual Meeting 2016. Copyright (c) 2015 - All Rights Reserved. Florida Institute of Technology 35

×