Visible to the public Model-Based Explanation For Human-in-the-Loop Security - October 2019Conflict Detection Enabled

Submitted by Jamie Presken on Mon, 09/23/2019 - 7:50am

PI(s), Co-PI(s), Researchers: David Garlan, Bradley Schmerl (CMU)

HARD PROBLEM(S) ADDRESSED
Human Behavior
Metrics
Resilient Architectures

We are addressing human behavior by providing understandable explanations for automated mitigation plans generated by self-protecting systems that use various models of the software, network, and attack. We are addressing resilience by providing defense plans that are automatically generated as the system runs and accounting for current context, system state, observable properties of the attacker, and potential observable operations of the defense.

PUBLICATIONS

Cody Kinneer, Ryan Wagner, Fei Fang, Claire Le Goues and David Garlan. Modeling Observability in Adaptive Systems to Defend Against Advanced Persistent Threats. In In Proceedings of the 17th ACM-IEEE International Conference on Formal Methods and Models for Systems Design (MEMCODE\'19), San Diego, USA, 9-11 October 2019.

PUBLIC ACCOMPLISHMENT HIGHLIGHTS

Advanced persistent threats (APTs) are a particularly troubling challenge for software systems. The adversarial nature of the security domain, and APTs in particular, poses unresolved challenges to the design of self-* systems, such as how to defend against multiple types of attackers with different goals and capabilities. In this interaction, the observability of each side is an important and under-investigated issue in the self-* domain. We propose a model of APT defense that elevates observability as a first-class concern. We evaluate this model by showing how an informed approach that uses observability improves the defender's utility compared to a uniform random strategy, can enable robust planning through sensitivity analysis, and can inform observability-related architectural design decisions. In this work we build decision trees to explain how the parameters of the game influence the optimal strategies played by each side. This allows us to see which parameters have the biggest impact on the player's strategic behavior, for example, the lesser the probability is that there is an attacker in the system, the longer that the defender is willing to wait and gather information versus acting.

COMMUNITY ENGAGEMENTS (If applicable)

Presented the work above to the Cylab Partners Conference on October 2, 2019.

EDUCATIONAL ADVANCES (If applicable)

Groups: