ABSTRACT
In computer security, guidance is slim on how to prioritize or configure the many available defensive measures, when guidance is available at all. We show how a competitive co-evolutionary algorithm framework can identify defensive configurations that are effective against a range of attackers. We consider network segmentation, a widely recommended defensive strategy, deployed against the threat of serial network security attacks that delay the mission of the network's operator. We employ a simulation model to investigate the effectiveness over time of different defensive strategies against different attack strategies. For a set of four network topologies, we generate strong availability attack patterns that were not identified a priori. Then, by combining the simulation with a co-evolutionary algorithm to explore the adversaries' action spaces, we identify effective configurations that minimize mission delay when facing the attacks. The novel application of co-evolutionary computation to enterprise network security represents a step toward course-of-action determination that is robust to responses by intelligent adversaries.1
- Akamai Technologies. 2017. State of the Internet quarterly security reports. (2017). https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jspGoogle Scholar
- Josh C Bongard and Hod Lipson. 2005. Nonlinear system identification using coevolution of models and tests. IEEE Transactions on Evolutionary Computation 9, 4 (2005), 361--384. Google ScholarDigital Library
- Christopher Bronk and Eneken Tikk-Ringas. 2013. The cyber attack on Saudi Aramco. Survival 55, 2 (2013), 81--96.Google ScholarCross Ref
- Sevan Gregory Ficici. 2004. Solution concepts in coevolutionary algorithms. Ph.D. Dissertation. Citeseer.Google Scholar
- D. Garcia, A. Erb Lugo, E. Hemberg, and U. O'Reilly. 2017. Investigating Coevolutionary Archive Based Genetic Algorithms on Cyber Defense Networks. In Proceedings of the 19th Annual Conference on Genetic and Evolutionary Computation (GECCO '17). ACM, 8. Google ScholarDigital Library
- Robert Gezelter. 2015. E-commerce and Web server safeguards. In Computer Security Handbook (6th ed.), Seymour Bosworth, Michel E. Kalbay, and Eric Whyne (Eds.). Wiley.Google Scholar
- Robin Harper. 2014. Evolving robocode tanks for Evo robocode. Genetic Programming and Evolvable Machines 15, 4 (2014), 403--431. Google ScholarDigital Library
- Mona Lange, Alexander Kott, Noam Ben-Asher, Wim Mees, Nazife Baykal, Cristian-Mihai Vidu, Matteo Merialdo, Marek Malowidzki, and Bhopinder Madahar. 2017. Recommendations for Model-Driven Paradigms for Integrated Approaches to Cyber Defense. arXiv preprint arXiv:1703.03306 (2017).Google Scholar
- Stuart McClure, Joel Scambray, and George Kurtz. 2009. Hacking exposed: network security secrets and solutions. (2009). Google ScholarDigital Library
- Thomas Miconi. 2009. Why coevolution doesnâĂŹt "work": superiority and progress in coevolution. In European Conference on Genetic Programming. Springer Berlin Heidelberg, 49--60. Google ScholarDigital Library
- National Security Agency Information Assurance Directorate. 2013. IAD's top 10 information assurance mitigation strategies. (2013).Google Scholar
- Michael O'Neill and Conor Ryan. 2003. Grammatical evolution: evolutionary automatic programming in an arbitrary language. Vol. 4. Springer. Google ScholarDigital Library
- Elena Popovici, Anthony Bucci, R Paul Wiegand, and Edwin D De Jong. 2012. Coevolutionary principles. In Handbook of Natural Computing. Springer, 987--1033.Google Scholar
- Antonio Roque. 2018. Validating computer security models. arXiv preprint arXiv:1710.01367 (2018).Google Scholar
- George Rush, Daniel R Tauritz, and Alexander D Kent. 2015. Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES). In Proceedings of the Companion Publication of the 2015 on Genetic and Evolutionary Computation Conference. ACM, 859--866. Google ScholarDigital Library
- Jerome H. Saltzer and Michael D. Schroeder. 1975. The protection of information in computer systems. Proc. IEEE 63, 9 (1975), 1278--1308.Google ScholarCross Ref
- Milind Tambe (Ed.). 2012. Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press. Google ScholarDigital Library
- Brian Thompson, James Morris-King, and Hasan Cam. 2016. Controlling risk of data exfiltration in cyber networks due to stealthy propagating malware. In Military Communications Conference, MILCOM 2016--2016 IEEE. IEEE, 479--484.Google ScholarCross Ref
- Neal Wagner, Cem Şafak Şahin, Jaime Pena, James Riordan, and Sebastian Neumayer. 2017. Capturing the security effects of network segmentation via a continuous-time Markov chain model. In Proceedings of the 50th Annual Simulation Symposium. ACM. Google ScholarDigital Library
- Neal Wagner, Cem Ş Şahin, Michael Winterrose, James Riordan, Diana Hanson, Jaime Peña, and William W Streilein. 2016. Quantifying the mission impact of network-level cyber defensive mitigations. The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology (2016).Google Scholar
- Peter A Whigham, Grant Dick, James Maclaurin, and Caitlin A Owen. 2015. Examining the Best of Both Worlds of Grammatical Evolution. In Proceedings of the 2015 on Genetic and Evolutionary Computation Conference. ACM, 1111--1118. Google ScholarDigital Library
- Michael L Winterrose and Kevin M Carter. 2014. Strategic evolution of adversaries against temporal platform diversity active cyber defenses. In Proceedings of the 2014 Symposium on Agent Directed Simulation. Society for Computer Simulation International, 9. Google ScholarDigital Library
- Shui Yu, Guofei Gu, Ahmed Barnawi, Song Guo, and Ivan Stojmenovic. 2015. Malware propagation in large-scale networks. IEEE Transactions on Knowledge and Data Engineering 27, 1 (2015), 170--179.Google ScholarCross Ref
Index Terms
- Adversarial co-evolution of attack and defense in a segmented computer network environment
Recommendations
Investigating coevolutionary archive based genetic algorithms on cyber defense networks
GECCO '17: Proceedings of the Genetic and Evolutionary Computation Conference CompanionWe introduce a new cybersecurity project named RIVALS. RIVALS will assist in developing network defense strategies through modeling adversarial network attack and defense dynamics. RIVALS will focus on peer-to-peer networks and use coevolutionary ...
Investigating algorithms for finding nash equilibria in cyber security problems
GECCO '19: Proceedings of the Genetic and Evolutionary Computation Conference CompanionDistributed Denial of Service (DDoS) cyber attacks continue to increase and cause disruptions in both industry and politics. As more critical information and services are provided through networks, it is important to keep these networks available. ...
Teaching security defense through web-based hacking at the undergraduate level
The attack surface for hackers and attackers is growing every day. Future cybersecurity professionals must have the knowledge and the skills to defend against these cyber attacks. Learning defensive techniques and tools can help defend against today's ...
Comments