ADELPHI, Md. — Army researchers are creating technologies for decision makers to identify and execute the best-course-of-action cybersecurity defense in near-real-time and time-constrained situations.
The team, including Dr. Jaime C. Acosta, U.S. Army Combat Capabilities Development Command, known as DEVCOM, Army Research Laboratory South site lead at the University of Texas at El Paso, DEVCOM ARL researcher Dr. Frederica Nelson, UTEP students Stephanie Medina and Luisana Clark, and UTEP professors Shahriar Hossain and Monika Akbar, developed a novel software tool called the repeatable experimentation system, or RES.
The system integrates virtualization, emulation, simulation and container technologies to allow analysts to characterize the benefits of particular algorithms in particular situations by running several parallel experiments at once, and then to package those scenarios and results for other researchers to repeat and build upon.
“Moving target defense, or MTD, is a very promising approach to defense,” Acosta said. “This technique constantly shuffles, or changes, system properties in order to nullify any intelligence information that an adversary may have, and that may be used to compromise systems. There are many existing theories, algorithms and models for this novel type of defense, but until now, it has been nearly impossible to conduct comparative analyses to generate situation-specific decision support.”
The scientific method emphasizes that repeatable experimentation is critical for several reasons: to facilitate comparative analysis, to recreate experiments, to re-validate reported results, to critique and propose improvements, and to augment the work, Acosta said.
“In the field of cybersecurity moving target defense, where assets are shuffled to thwart attackers, it is critical to know what strategies work best, the success factors, and how these strategies may impact system performance,” Acosta said.
While some researchers make their algorithms, models and tools available as open source, it is difficult and, in some cases, impossible to recreate studies due to the lack of the original operating environment or no support for software components used within that environment, he said.
The researchers have developed a standardized mechanism for researchers to create and share experimentation workflows and results using a tool built using the open-source model.
“In our work, we created a baseline MTD algorithm and scenario,” Acosta said. “We demonstrate that RES can be used to efficiently characterize MTD performance, when pinned against network scans, and that using the inherent and efficient parallelization execution features of RES does not impact the results of the experiments.”
Acosta said he is very confident that this research and tool will shape a cornerstone for the Army of the future’s defense technologies.
“This research is critical because it helps decision makers understand which technologies are best suited under different circumstances, which is essential in the multi-domain operations area, along with several others,” Acosta said. “Our work enables researchers to develop and share experiments and their results with select partners in an efficient way, using the same grounding. I see this as a necessity for standing on the shoulders of giants and moving forward to ensure the Army's success.”
Moving forward, the researchers plan to make incremental improvements to RES based on community feedback. More importantly, they plan to use this tool to conduct comparative analysis on different defense techniques.
The data generated from the executions of different defense mechanisms will become inputs to an autonomous decision support system that will provide insights into which mechanisms may work better under different conditions.
The team will present their research virtually at the upcoming International Conference on Security and Privacy in Communication Systems in September.
As the Army’s national research laboratory, ARL is operationalizing science to achieve transformational overmatch. Through collaboration across the command’s core technical competencies, DEVCOM leads in the discovery, development and delivery of the technology-based capabilities required to make Soldiers more successful at winning the nation’s wars and come home safely. DEVCOM Army Research Laboratory is an element of the U.S. Army Combat Capabilities Development Command. DEVCOM is a major subordinate command of the Army Futures Command.