CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 11006 > Article
Paper
10 May 2019 Steps toward a principled approach to automating cyber responses
Scott Musman, Lashon Booker, Andy Applebaum, Brian Edmonds
Author Affiliations +
Proceedings Volume 11006, Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications; 110061E (2019) https://doi.org/10.1117/12.2518976
Event: SPIE Defense + Commercial Sensing, 2019, Baltimore, MD, United States
Abstract
Cyber-attackers are likely to exploit advances in artificial intelligence to achieve faster, stealthier, and more effective operational effects. Defenders need to keep pace by developing their own advances, which may preclude human-in-theloop decision making. Consequently, future systems will have to rely on automated reasoning and automated responses to ensure mission success and continuously adapt to an evolving adversary. Automated reasoning about defensive cyber responses is essentially sequential decision making based on the projection of possible futures from a current situation. This problem is especially complicated in cyberspace, however, because the current situation and future projections are highly uncertain. Our research tackles these challenges using the formal framework of partially observable Markov decision problems (POMDPs). We show how to break the “curse of dimensionality” that makes these problems intractable by computing approximate solutions using a Monte Carlo online planner that incorporates a computationally feasible simulation of the cyber security problem. Our simulation is an extension of MITRE’s Cyber Security Game simulator, which explores the mission-impact-focused strategies of an adaptive, intelligent attacker. Preliminary results on small problems, where the optimal solution can be calculated precisely, show that our approach consistently finds the optimal answer, not just a good approximation. We are in the process of increasing the fidelity of the simulator and POMDP representation to model more realistic cyber environments by increasing attacker and defender actions, increasing the variety of sensor types (including sensing of both actions and states), accounting for multiple incident effects, and improving the scaling properties.
© (2019) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Scott Musman, Lashon Booker, Andy Applebaum, and Brian Edmonds "Steps toward a principled approach to automating cyber responses", Proc. SPIE 11006, Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications, 110061E (10 May 2019); https://doi.org/10.1117/12.2518976
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 15 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
GET CITATION
Lens.org Logo
CITATIONS
Cited by 3 scholarly publications.
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Monte Carlo methods
Systems modeling
Computer simulations
Defense systems
Stochastic processes
Computing systems
Defense and security
RELATED CONTENT
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top