Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Automated Inference and Forecasting for National Security and Cybersecurity


Published on

2016 ORAU Annual Meeting of the Council of Sponsoring Institutions
T. Charles Clancy, PhD
Director, Hume Center

Published in: Government & Nonprofit
  • Be the first to comment

  • Be the first to like this

Automated Inference and Forecasting for National Security and Cybersecurity

  1. 1. Institute for Critical Technology and Applied Science Automated Inference and Forecasting for National Security and Cybersecurity T. Charles Clancy, PhD Director, Hume Center 3/15/2016 Inference and Forecasting
  2. 2. Fundamental Shift 3/15/2016 Inference and Forecasting 2
  3. 3. Need for Autonomy Current System Model Emerging System Model 3/15/2016 Inference and Forecasting 3 Analyst (in the loop) Intelligence Platform Typical Delay 1 hour Analyst (on the loop) Intelligence Platform Target Delay <1 second Machine Intelligence
  4. 4. Range of Machine Intelligence 3/15/2016 Inference and Forecasting 4 “The Boom” Forecasting Inference Anomaly Detection Real-Time Response Automated Forensics Anticipatory Analytics Real-Time Analytics Machine Learning
  5. 5. Forecasting Work at Virginia Tech • EMBERS • IARPA-funded effort to forecast social events • Political instability, riots, protests, and election results • Financial instability, market crashes • Disease outbreak and impact • Forecasting events 9 days before the news with precision/recall greater than 0.80 • SIGINT-based Anticipation of Future Events (SAFE) • IARPA follow-on effort to forecast national security events • Integrate classified NSA metadata into the processing engine • Rearchitect processing core to operate within NSA MachineShop cloud • Program kicking off next month 3/15/2016 Inference and Forecasting 5 Archives Caches Selection - Fuse and select predictions - Deliver warnings Enrichment - Tokenization - Entity extraction - Date normalize - Geocoding Open sources Ingest - Read feeds - Convert to JSON - Add identifiers Modeling - Surrogate generation - Prediction generation
  6. 6. Forecasting for Cybersecurity • NIST Cybersecurity Framework is working to push more capability “left of the boom” in a closed-loop cycle • VT is working to adapt the framework to support cyber defense • Recent results have shown ability to forecast grid instability through use of PMU data • Wide range of sensor inputs • Dark web data • STIX/TAXII data feeds • Network IDS information • Malware Analyses 3/15/2016 Inference and Forecasting 6
  7. 7. Deep Learning • Fundamentally transforming image processing • Neural networks that rely on deep networks • Virginia Tech applying to wide range of classical problems • Event detection • Signal classification • Applications in new areas • Naïve learning to process information • Signal processing • Others have applied it to Python interpretation 3/15/2016 Inference and Forecasting 7
  8. 8. Probabilistic Graph Models • The world is full of complex systems generating noisy observations • We seek to infer the behavior and current state of those systems based on observations • Probabilistic graph models are a generalization of Bayesian networks and Markov networks • VT is applying to wide range of challenges • Inferring national security events • Predicting behavior of enemy weapons systems • Identifying relationships between cyber observables • General goal: get inside adversary’s OODA loop 3/15/2016 Inference and Forecasting 8