Cyber adversaries are engaged in a perpetual arms race. They are continuously maneuvering to outwit the opposing posture. Replicating and studying the dynamics of these engagements provides a route to proactive, adversarially-hardened cyber defenses. The constant struggle can be computationally formulated as a competitive coevolutionary system which generates many arms races that can be harvested for robust solutions. We present a paradigm, techniques and tools that recreate the coevolutionary process in the context of network cyber security scenarios. We describe its current use cases and how we harvest defensive solutions from it.
The greatest concern a prepared cyber defender might raise is: “What if my assumptions are wrong?” It is common knowledge that the only certainty is that an intelligent adversary will always keep trying to gain an advantage. Moreover, once forced to react, a defender is too late. So, how can a defender use Artificial Intelligence (AI) to gain an edge in an environment that is stacked to the attacker’s advantage, where the defender seems doomed to always be one step behind?
One approach, adversarial AI, is to deploy defensive configurations, that consider multiple possible anticipated adversarial behaviors and already take into account their expected impact, goal, strategies or tactics. Note that the precise metrics in this accounting can vary. For example, impact can be any combination of financial cost, disruption level or outcome risk. Or, a defender could prioritize a worst case, average case or a trade-off configuration.
One way that such defensive configurations can be
found is by using stochastic search methods that first
explore the simulated competitive behavior of
adversaries and then generate ranked configurations
according to a variety of different objectives so a decision
maker can choose among them. In particular, the field
of coevolutionary algorithms
Herein we summarize a framework that we have used to generate robust defensive configurations (Prado Sanchez 2018; Pertierra 2018). It is composed of different coevolutionary algorithms to help it generate diverse behavior. The algorithms, for further diversity, use different “solution concepts”, i.e. measures of adversarial success. Because engagements are frequently computationally expensive and have to be pairwise sampled from two populations each generation, the framework has a number of enhancements that enable efficient use of a fixed budget of computation or time.
The framework supports a number of use-cases using
simulation and emulation of varying model
granularity. These include: A) Defending a peer-2-peer
network against Distributed Denial of Service (DDOS)
attacks
The framework is linked up to a decision support module named ESTABLO (Sanchez et al. 2018; Prado Sanchez 2018). The engagements of every run of any of the coevolutionary algorithms are cached and, later, ESTABLO gathers adversaries resulting from different algorithms for its compendium. It then competes the adversaries of each side against those of the other side and ranks each side’s members according to multiple criteria. It also provides visualizations and comparisons of adversarial behaviors. This information informs the decision process of a defensive manager.
The adversarial AI framework’s specific contributions are:
The use of coevolutionary algorithms to adaptively generate adversarial dynamics supporting preemptively investigating adversarial arms races that could occur.
A suite of different coevolutionary algorithms that diversify the behavior of the adversaries to broaden the potential dynamics.
Use cases that model a variety of adversarial threat and defensive models.
A decision support module that supports selection of a superior anticipatory defensive configuration.
Background provides context on modeling and simulation and coevolutionary search algorithm. Framework describes our coevolutionary method, engagement component and decision support module. Use Cases provides examples applying to cyber security and network attacks. Conclusions summarizes and addresses future work.
The strategy of testing the security of a system by
trying to successfully attack it is somewhat analogous
to software fuzzing
Coevolutionary algorithms, related to evolutionary
algorithms (
The representation of test s (and solutions) is customizable in any coevolutionary algorithm (Rothlauf 2011) under the design constraint that it be amenable to stochastic variation, e.g. “genetic crossover” or mutation. It may directly express the test or it may do so indirectly, e.g. with a grammar. In the latter case, an intermediate interpreter works with a rule-based grammar to map from a “genome” that undergoes variation to a “phenome” that expresses an executable behavior. Grammars (and GA representations, in general) offer design flexibility: changing out a grammar and the environment of behavioral execution does not require any changes to the rest of the algorithm.
Coevolutionary algorithms can encounter
problematic dynamics where tests are unable improve
solutions, or drive toward a solution that is the a priori
intended goal. There are accepted remedies to specific
coevolutionary pathologies
A coevolutionary algorithm includes an environment
that supports executing the tests and solutions to
compete against each other in each engagement. We use
modeling and simulation for this purpose. Mod-sim
systems range in complexity, level of abstraction and
resolution. Modeling and simulation comprise a powerful
approach, “ mod-sim”, for investigating general security
scenarios (Tambe 2012), computer security
The framework supports diverse behavior by executing
algorithms that vary in synchronization of the two
populations and solution concepts. (Prado Sanchez 2018;
Pertierra 2018). Working within a fixed time or fitness
evaluation budget, the framework also
1. Caches engagements to avoid repeating them;
2. Uses Gaussian process estimation to identify and
evaluate the most uncertain engagement (Pertierra
2018);
3. Uses a recommender technique to approximate some
adversary’s fitnesses (Pertierra 2018); and
4. Uses a spatial grid to reduce complete
pairwise engagements to a Moore neighborhood
quantity
The engagement component is flexible and can support a problem-specific network testbed, simulator or model. The abstraction level of the use case determines the choice of a simple to more detailed mod-sim or even Parameters Search Algorithm Grammar rewriting
CFG Parser Integer inputsequence
Context Free Grammar
Output Sentence (Strategy) Search
Engagement
Interpreter
Fitness Evaluator CoevolutionaryAlgorithm Fitness Value the actual engagement environment. Mod-sim is appropriate when testbeds incur long experimental cycle times or do not abstract away irrelevant detail.
The framework uses grammars to express open ended
behavioral action sequences for attack and defense
strategies (a.k.a controllers). See Figure 2 and
A grammar is introduced in Backus Naur Form (BNF) and describes a language in the problem domain. The BNF description is parsed to a context free grammar representation. Its (rewrite) rules express how a sentence, i.e. test or solution, can be composed by rewriting a start symbol. The adversaries are fixed length integer vectors that are use to control the rewriting. To interpret them, in sequence each of the vector’s integers is referenced. This resulting sentence is the strategy that is executed. For solving different problems, it is only necessary to change the BNF grammar, engagement environment and fitness function of the adversaries. This modularity, and reusability of the parser and rewriter are efficient software engineering and problem solving advantages. The grammar additionally helps communicate the framework’s functionality to stakeholders by enabling conversations and validation at the domain level. This contributes to stakeholder confidence in solutions and the framework.
Competitive coevolution has the following challenges (Sanchez et al. 2018; Prado Sanchez 2018): 1. Solutions and tests are not on comparable on a “level playing field” because fitness is based solely on the context of engagements. 2. Blind spots, unvisited by the algorithms may exist. 3. From multiple runs, with one or more algorithms, it is unclear how to automatically select a “best” solution.
The framework’s decision support module, ESTABLO, see Figure 3, addresses these challenges. ESTABLO: A) runs competitive coevolutionary search algorithms with different solution concepts; B) combines the best solutions and tests at the end of each run into a compendium; C) competes each solution against different test sets, including the compendium and a set of unseen tests, to measure its performance according to different solution concepts; D) selects the “best” solutions from the compendium using a ranking and filtering process; and E) visualizes the best solutions to support a transparent and auditable decision.
In this section we demonstrate use cases of the Adversarial AI framework. Broadly their goal is to identify defensive configurations that are effective against a range of potential adversaries.
A peer-to-peer (P2P) network is a robust and resilient
means of securing mission reliability in the face of
extreme distributed denial of service (DDOS) attacks.
The project named RIVALS
RIVALS models DDOS attack strategies using a variety of behavioral languages ranging from simple to complex. A simple language e.g. allows a strategy to select one or more network servers to disable for some duration. Defenders can choose one of three different network routing protocols: shortest path, flooding and a peer-to-peer ring overlay to try to maintain their performance. A more complex one allows a varying number of steps over which the attack is modulated in duration, strength and targets and can even include online adaptation based on observed impact. Defenders can adapt based on local or global network conditions. Attack completion and resource cost minimization serve as attacker objectives. Mission completion and resource cost minimization are the reciprocal defender objectives. RIVALS has a suite of coevolutionary algorithms that use archiving to maintain progressive exploration and that support different solution concepts as fitness metrics.
An example of attackers from ESTABLO on a mobile resource allocation defense used in RIVALS (Sanchez et al. 2018) is shown in Figure 4. The mobile asset placement defense challenge is to optimize the strategic placement of assets in the network. While under the threat of node-level DDOS attack, the defense must enable a set of tasks. It does this by fielding feasible paths between the nodes that host the assets which support the tasks. A mobile asset is, for example, mobile personnel or a software application that can be served by any number of nodes. A task is, for example, the connection that allows personnel to use a software application.
Attackers also often introduce malware into networks.
Once an attacker has compromised a device on a
network, they can move to connected devices, akin to
contagion. This use case considers network
segmentation, a widely recommended defensive strategy,
deployed against the threat of serial network security
attacks that delay the mission of the network’s
operator
Network segmentation divides the network topologically into enclaves that serve as isolation units to deter inter-enclave contagion. How much network segmentation is helpful is a tradeoff. On the one hand, a more segmented network provides less mission efficiency because of increased overhead in inter-enclave communication. On the other hand, smaller enclaves contain compromise by limiting the spread rate, and their cleansing incurs fewer mission delays. Adding complexity, given some segmentation, a network operator can further use threat monitoring and network cleansing policies to detect and dislodge attackers but they come with a tradeoff of cost versus efficacy.
The use case assumes a network supports an enterprise in carrying out its business or mission, and that an adversary employs availability attacks against the network to disrupt this mission. Specifically, the attacker starts by using an exploit to compromise a vulnerable device on the network. This inflicts a mission delay when a mission critical device is infected. Then, the attacker moves laterally to compromise additional devices and maximally delay the mission. The network and its segments are pre-determined but the placement of critical devices within an enclave and the deployment of defensive threat monitoring device are open to optimization.
The use case employs a simulation model as its
engagement environment. Malware contagion of a specific
spread rate is assumed. The defender decides placement
of mission devices and tap sensitivities in the enclaves.
The attacker decides the strength, duration and
number of attacks in an attack plan targeting all enclaves.
For a network with a set of four enclave topologies, the
framework is able to generate strong availability attack
patterns that were not identified a priori. It also
identifies effective configurations that minimize mission delay
when facing these attacks.
Once an adversary has compromised a network
endpoint, they can perform network reconnaissance (Sood
and Enbody 2013). After reconnaissance provides a
view of the network and an understanding of where
vulnerable nodes are located, they are able to execute
a plan of attack. One way to protect against
reconnaissance is by obfuscating the network to delay the
attacker. This approach is well suited to software defined
networks (SDN) such as those being used in many cloud
server settings because it requires programmability that
they support
One such multi-component deceptive defense system
We have described an AI framework that recreates, in an abstract way, the adversarial, competitive coevolutionary process that occurs in security scenarios. We presented its current use cases and how we harvest defensive solutions from it. Future work includes extending it to support more cyber security applications, considering other use cases and developing more efficient or true to reality algorithms.
This material is based upon work supported by DARPA. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements. Either expressed or implied of Applied Communication Services, or the US Government.
Pertierra, M. 2018. Investigating coevolutionary algorithms for expensive fitness evaluations in cybersecurity. Master’s thesis, Massachusetts Institute of Technology.
Prado Sanchez, D. 2018. Visualizing adversaries - transparent pooling approaches for decision support in cybersecurity. Master’s thesis, Massachusetts Institute of Technology.
Rothlauf, F. 2011. Design of modern heuristics: principles and application. Springer Science & Business Media.
Rush, G.; Tauritz, D. R.; and Kent, A. D. 2015. Coevolutionary agent-based network defense lightweight event system (candles). In Proceedings of the Companion Publication of the 2015 on Genetic and Evolutionary Computation Conference, 859–866. ACM. Sanchez, D. P.; Pertierra, M. A.; Hemberg, E.; and O’Reilly, U.-M. 2018. Competitive coevolutionary algorithm decision support. In Proceedings of the Genetic and Evolutionary Computation Conference Companion, 300–301. ACM.
Sood, A., and Enbody, R. 2013. Targeted cyberattacks: a superset of advanced persistent threats. IEEE security & privacy 11(1):54–61.
Tambe, M., ed. 2012. Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press.
Team, M. 2018. Mininet - realistic virtual sdn network emulator. http://mininet.org/. [Online; accessed 6July-2018].
Thompson, B.; Morris-King, J.; and Cam, H. 2016. Controlling risk of data exfiltration in cyber networks due to stealthy propagating malware. In Military Communications Conference, MILCOM 2016-2016 IEEE, 479–484. IEEE.
Williams, N., and Mitchell, M. 2005. Investigating the success of spatial coevolution. In Proceedings of the 7th annual conference on Genetic and evolutionary computation, 523–530. ACM.
Winterrose, M. L., and Carter, K. M. 2014. Strategic evolution of adversaries against temporal platform diversity active cyber defenses. In Proceedings of the 2014 Symposium on Agent Directed Simulation, 9. Society for Computer Simulation International.