Moving target defenses (MTDs) are widely used as an active defense strategy for thwarting cyberattacks on cyber-physical systems by increasing diversity of software and network paths. Recently, machine Learning (ML) and deep Learning (DL) models have been demonstrated to defeat some of the cyber defenses by learning attack detection patterns and defense strategies. It raises concerns about the susceptibility of MTD to ML and DL methods. In this article, we analyze the effectiveness of ML and DL models when it comes to deciphering MTD methods and ultimately evade MTD-based protections in real-time systems. Specifically, we consider a MTD algorithm that periodically randomizes address assignments within the MIL-STD-1553 protocol - a military standard serial data bus. Two ML and DL-based tasks are performed on MIL-STD-1553 protocol to measure the effectiveness of the learning models in deciphering the MTD algorithm: 1) determining whether there is an address assignments change i.e., whether the given system employs a MTD protocol and if it does 2) predicting the future address assignments. The supervised learning models (random forest and k-nearest neighbors) effectively detected the address assignment changes and classified whether the given system is equipped with a specified MTD protocol. On the other hand, the unsupervised learning model (K-means) was significantly less effective. The DL model (long short-term memory) was able to predict the future addresses with varied effectiveness based on MTD algorithm's settings.
A broad set of data science and engineering questions may be organized as graphs, providing a powerful means for describing relational data. Although experts now routinely compute graph algorithms on huge, unstructured graphs using high performance computing (HPC) or cloud resources, this practice hasn't yet broken into the mainstream. Such computations require great expertise, yet users often need rapid prototyping and development to quickly customize existing code. Toward that end, we are exploring the use of the Chapel programming language as a means of making some important graph analytics more accessible, examining the breadth of characteristics that would make for a productive programming environment, one that is expressive, performant, portable, and robust.
The purpose of this work is to determine MTD effectiveness and cost for protecting non-IP C2 networks, experiment on networks used in satellite systems, and randomize features (e.g. device address) to prevent adversary from conducting reconnaissance.
This report highlights overall design consideration regarding automation and database collection and extrapolation prototype for Farmpod, LLC. There are potentially many combinations of software, hardware, and networking which suffices for the requirements. For this report, we suggest a Raspberry Pi 2 Model B for the hardware. We suggest the Mako application server for the user interface and RPIO python modules for automated software processes. At the present moment, security is not a major concern, but should be addressed during the initial design phase. The software stack consists of two primary components: the automated processes and application server to implement a user interface.
As the field of determined and increasingly sophisticated adversaries multiplies, the risk to integrity of deployed computing devices magnifies. Given the ubiquitous connectivity, substantial storage, and accessibility, the increased reliance on computer platforms make them a significant target for attackers. Over the past decade, malware has transitioned from attacking a single program to subverting the operating system (OS) kernel by means of what is commonly known as a rootkit. While computer systems require patches to fix newly discovered vulnerabilities, undiscovered vulnerabilities remain Furthermore, typical solutions utilize mechanisms that operate within the OS. If the OS becomes compromised, these mechanisms may be vulnerable to being disabled or upon detection of the potential compromise, being "shut down" until patched or otherwise mitigated. We propose an innovative approach to designing computer systems that allows the behavior or functionality of the computer system to change based on the integrity of the system. Instead of attempting to prevent or detect all malware attacks, our proposed approach allows possible graceful degradation of functionality according to the security policy specification as anomalies of security concern are detected. We believe this innovative paradigm can determine the "integrity lever of the system. Based on the integrity level, the computer system may behave differently or limit access to data.