As anyone who’s tried it knows, it’s not easy to correctly configure all of the cybersecurity protection features of the applications, devices, host servers, firewalls, and other components that make up today’s communications networks. And of course misconfigurations of these cyber elements can mean exposed data, security breaches, and other grave dangers.
Would the use of artificial intelligence make systems configurations more effective? Maybe even automate some or all of the configuration process?
We’re exploring this in partnership with our colleagues at Vanderbilt University, and envision a stepwise approach to ensure the optimal configuration of a network to maximize its security:
We call this approach “Secure Optimal Configurator with Cross-Component Examination and Reasoning,” or SOCCER for short. SOCCER can provide a long-needed critical capability that uses modeling and machine-based reasoning to securely configure cyber systems and enable their autonomous defense.
Machine Learning
A periodic scan and survey of the target system will build and track awareness of network topologies and the constituent devices and hosts. We apply natural language processing to continually extract knowledge on attack surfaces from external vulnerability knowledge-bases such as Cyber Vulnerability Enumeration (CVE) and Common Weakness Enumeration (CWE) and apply it to our target system. Additionally, we propose to use machine learning (both support vector and deep learning techniques) to identify and prioritize for protection, the high value target system nodes, using labeled samples, network conditions, usage patterns, and topological changes.
Domain-Specific Modeling Languages
We propose to use Vanderbilt’s DARPA-proven Web Generic Modeling Environment (WebGME) tool to model and analyze the target as a composed system, as well as represent human operator behaviors as business process models.
Target System Configurations
We propose to apply automatic constraint-guided design space exploration techniques to provide computationally efficient inference without enumerating all possible configurations.
Selecting Optimal Candidates
Treating configuration selection as a multi-objective optimization problem allows for the use of Satisfiability Modulo Theories (SMT) solvers to reason over the post-pruning space and identify Pareto-optimal solutions that are optimized against attack surfaces, security metrics, and functional requirements.
Click here for more information on LGS cyber resilience and threat analytics