"DARPA Announces SMOKE Program"
US military network-security researchers have launched a new program to discover more about the tactics of malicious hackers. The Signature Management Using Operational Knowledge and Environments (SMOKE) program was announced on Tuesday. SMOKE is asking the computer industry to develop methods to identify, model, and mitigate the typical behaviors of threat actors. The program aims to develop technologies to generate evasive cyberinfrastructure that accelerates red team cyber operations (CO). DARPA stated that SMOKE will develop data-driven tools to automate the discovery of distinguishable patterns of sophisticated cyber threat infrastructure (i.e., signatures). The agency outlined two key technical objectives of the project. The first is to include informing operators of adversary signatures as they prepare cyberinfrastructure in real-time, and the second is to find a way to provide attribution risk assessments for planning and surveillance of the cyberinfrastructure that is in use. The program's key research challenges include finding a way to automatically build and traverse associations in large-scale cyber datasets, expanding the use of attribution techniques to non-experts, and discovering latent associations between infrastructure elements. Researchers will also be tasked with generating useful statistics for planners to predict how well infrastructure configurations will break from, or conform to, desired infrastructure signatures. DARPA noted that possible approaches that the industry could apply to these challenges include using machine learning to model infrastructure associations through automated pattern recognition and graph-based inference. The start date of the program is anticipated to be August of next year. The deadline to submit proposals to the program is January 31, 2022.