Research Team Status
- Ehab Al-Shaer, Distinguished Research Fellow, School of Computer Science (PI)
- David Garlan, Professor, School of Computer Science (Co-PI)
- Bradley Schmerl, Principal Systems Scientist, School of Computer Science (Research Engineer)
- Qi Duan, Research Scientist, School of Computer Science (Senior Researcher)
- Ryan Wagner, PhD student, School of Computer Science (PhD Student)
- Any new collaborations with other universities/researchers?
No collaborations with other universities/researchers yet.
Project Goals
What is the current project goal?
(1) Creating a formal specification for cyber threat mitigation playbook. Testing and evaluating the playbook specification using real-life use-cases.(2) Developing autonomous Deep Reinforcement Learning (DRL) agents for response for adaptive DDoS attackers. This was a case study of how dynamic playbook can be integrated with DRL.
How does the current goal factor into the long-term goal of the project?
Having a formal specification for playbooks is crucial as it serves as a foundational step towards accomplishing various long-term objectives. This includes validating the accuracy and efficiency of these playbooks, as well as dynamically generating playbooks in real-time using reinforcement learning to counteract attackers effectively.
The development of DRL agents for autonomous threat responses provides a deep understanding of the challenges of dynamic playbook synthesis using DRL. The ultimate goal to generalize this use case for general autonomous cyber threat response.
Accomplishments
Address whether project milestones were met. If milestones were not met, explain why, and what are the next steps.
Although the project started 8 weeks ago, we made good progress towards creating a formal specification language for threat response playbook. We also developed a use-case which is Target Breach to demonstrate the usability and expressiveness of the defined playbook specification. The Playbook Formal Specification (PFS) comprises a number of key criteria:
- Flexible – it defines any arbitrary courses of actions for cyber defense
- Verifiable – It has constructs to enable the verification of the correctness of playbook
- Adaptable– It enables courses of action to be adaptive based on the system observation
What is the contribution to foundational cybersecurity research? Was there something discovered or confirmed?
We aim to introduce a novel approach by offering cyber threat response playbooks that are adaptable, verifiable, and measurable. This represents a groundbreaking advancement in cybersecurity, as the majority of existing intrusion response systems are characterized by their static, ad hoc, and manual nature. Introducing this capability will enable dynamic optimization of playbook responses, filling a critical gap in current cyber defense systems.- Impact of research
Internal to the university (coursework/curriculum)
The principal investigator (PI) is instructing a graduate-level course on Self-Adaptive Systems employing Deep Reinforcement Learning at the School of Computer Science at Carnegie Mellon University. Within this course, the PI incorporates various use cases and examples from this project into the class material and presentations. Furthermore, one of the course's final projects involves creating a dynamic playbook tailored for advanced lateral movement attacks.
- External to the university (transition to industry/government (local/federal); patents, start-ups, software, etc.)
- Any acknowledgements, awards, or references in media?
Publications and presentations
- Ashutosh. Dutta, Ehab Al-Shaer, S. Chatterjee and Q. Duan, "Autonomous Cyber Defense Against Dynamic Multi-strategy Infrastructural DDoS Attacks," 2023 IEEE Conference on Communications and Network Security (CNS), Orlando, FL, USA, 2023, pp. 1-9