Predictive Cyber Emulation
Developed at Sandia, Emulytics is a state-of-the-art tool set to define cyber-experiment models and testbeds at scale for complex, distributed systems. These systems present challenges related to high-dimensionality, sparseness of data, and expensive forward models. Thus, it is still poorly understood how representation fidelity impacts predictive capabilities in real-world cyber systems, especially in situations with unknown/unobserved or pervasive threats where only the effects are observable. SECURE will develop Emulytics methods that scientifically address the well-posedness and fidelity of our models and testbeds under deep uncertainty in the threat space. Our in silico laboratory will enable reproducible and replicable results for a variety of testbed states and threats to produce inputs to Research Element 2. Also, the emulation of threat mitigation strategies and extreme scenarios will be used to characterize risk management options for the model parameterization in Research Element 3.
Our UQ capabilities will assess the confidence in computational predictions given a variety of information streams, including models, experimental data, boundary conditions, and expert opinion. Cyber systems present unique research challenges in terms of model validation due to the presence of discontinuous and discrete outputs, the necessity for effective network inference for unknown network structures and topologies, and the tractability of high-dimensional structural and model uncertainties. We will develop a set of capabilities to perform validation and forward propagation of uncertainties—including configuration parameters and threats—to handle discreteness and discontinuities, dimension reduction, and multi-level multi-fidelity representations. Proposed methods for scenario generation and uncertainty distributions will produce data for the stochastic adversarial optimization models in Research Element 3. Research Element 2 will perform sensitivity analysis, drive experimental design, and develop reduced order models as input to Research Element 1, in order to develop abstractions that are cheaper than the full fidelity models but sufficient to properly represent the effects of uncertainties for forward UQ.
Stochastic Adversarial Optimization
We will develop scalable, general-purpose decision-making capabilities for the risk management of both known and unknown cyber threats. The current state-of-the-art in adversarial optimization consists of domain specific models and algorithms that generally assume perfect knowledge on the part of the adversary, perfect execution of adversarial attacks, simultaneous attack vectors, known outcomes of specific attacks, and perfect execution of defender response. The simplest problems are strongly NP-hard, and there is a current lack of well-established solution procedures even for simplified models. We will develop a suite of scalable stochastic adversarial optimization techniques to address (a) structural and design uncertainties, (b) parametric uncertainties, (c) unobservable uncertainties that naturally arise in cyber, and (d) temporally structured attacks. We will work closely with Research Element 2 to identify plausible cyber models that are represented as alternatives against which we can probabilistically devise and evaluate threat mitigation strategies. Our main objective is to determine optimal investment and runtime defense strategies for interdicting future, possible adversarial threats. These risk management strategies will become inputs to Research Element 1, where we will then evaluate the performance of proposed solutions with emulation.