A cyber security ecosystem is characterized by intelligent, adaptive adversaries. Defenders engage in an arms race with attackers as both sides take turns crafting new responses to each other’s actions. Adversarial arms races occur in multiple cyber domains. Domains include networks, malware detection, regulatory circumvention, data exfiltration, capture-the-flag exercises and even the decades-running "War in Memory" in C/C++. Problematically, the current paradigm cannot handle the scale, severity and adaptive strategy of forthcoming threats. Defenses are largely reactive. Each new attack typically requires identification, human response, and design intervention to prevent it. Our research questions revolve around how to develop autonomous, proactive cyber defenses that are anticipatory and adaptable to counter attacks. We have a variety of ongoing projects:
  • The STEALTH CyberSecurity project: This project centers on network defenses under extreme DDOS attacks. We are developing new co-evolutionary genetic algorithms capable of directing both attack and defense adaptations in controlled settings, providing insights on network designs for mission resilience and robustness. This project is funded under DARPA's Extreme DDOS Program. Our collaborators are Dr. H. Shrobe and a team led by Dr. S. Beitzel of Vencoe Labs.
  • The CASCADE Enclave Modeling Project: Here we investigate cyber defense in computer networks base on network enclaves. We are interested in how defensive strategies works over time against differnt attacker strategies. This is a funded collaboration with MIT Lincoln Labs with Neal Wagner, Richard Skowyra and Joseph Zipkin who are members of the CASCADE project team.
  • Malware Development and Detection Arms Races: This effort centers on developing leading edge cooperative machine learning system that drive a malware arms race into a position where attack cost is so high that no incentive remains. It is motivated by recent work that uses machine learning to obfuscate malware that escapes detection. We seek a practical technique where the detector effectively responds.
  • The Arms Race of Deceptive Defenses: Invesigate adversarial deception in SDNs Deception. This project has partial funding from the CSAIL CyberSec Initiative.