Series
Institute for Information Security & Privacy Cybersecurity Lecture Series

Permanent Link
https://hdl.handle.net/1853/70914
Series Type
Event Series
Description
Associated Organization(s)
Associated Organization(s)
Organizational Unit
Organizational Unit

Filters
2018 - 2019 2 2020 - 2021 1
3
3
3
3
Reset filters

Settings
Author: Kam, Ambrose ×

Publication Search Results

Now showing 1 - 3 of 3
  • Thumbnail Image
    Item
    Applying Deep Reinforcement Learning (DRL) in a Cyber Wargaming Engine
    (Georgia Institute of Technology, 2021-03-19) Kam, Ambrose
    Cybersecurity is inherently complicated due to the dynamic nature of the threats and ever-expanding attack surfaces. Ironically, this challenge is exacerbated by the rapid advancement of many new technologies like Internet of Things (IoT) devices, 5G infrastructure, cloud-based computing, etc. This is where artificial intelligence (AI) and machine learning (ML) techniques can be called into service, and provide potential solutions in terms of threat detection and mitigation responses in a rapidly changing environment. Contrarily humans are often limited by their innate inability to process information and fail to recognize/respond to attack patterns in the multi-dimensional, multi-faceted world. The recent DARPA AlphaDogFight has proven machines can defeat even the best human pilot in air-to-air combat. This prompted our engineers to develop a minimum viable product (MVP) that demonstrates the value of a deep reinforcement learning (DRL) architecture in a simulated cyber wargaming environment. By using our simulation framework, we essentially “trained” the machine to produce the optimum combination/permutation of cyber attack vectors in a given scenario. This cyber wargaming engine allows our analysts to examine tactics, techniques, and procedures (TTPs) potentially employed by our adversaries.
  • Thumbnail Image
    Item
    Simulation-Based Cyber Wargaming
    (Georgia Institute of Technology, 2019-09-27) Kam, Ambrose
    Cyber threats are rampant and their potential damages to enterprises continue to soar over time. Hence, cyber resilience techniques need to be examined and assessed for their effectiveness before deployment. Red Teaming and vulnerability scans are useful tools but they do not effectively address zero-day threats. Risk analysis and resilience assessments should be performed relative to existing and emergent attack vectors. Simulations would be the next best thing to answer the What-If questions. Wargaming is increasingly popular not just for Defense Industry but also in commercial enterprises. Industries are turning to simulation-based cyber wargaming to discover new tactics, techniques and processes (TTP) that enhances mission resiliency. Additionally, cyber wargaming can be an useful tool for operator training.
  • Thumbnail Image
    Item
    Cyber Simulation and Threat Assessment
    (Georgia Institute of Technology, 2018-10-05) Kam, Ambrose
    Modeling and simulation (M&S) have long been considered a critical element within systems engineering. Up until recently, M&S has not been applied to the cybersecurity domain area. Part of the reason is the maturity of the cybersecurity modeling tools to aid in the analyses of this multi-faceted problem. M&S techniques have been applied to the sensor, weapons, command & control and logistics within the Department of Defense industry; but these areas are typically not as dynamic as cyber where threats are evolving within seconds or minutes, as opposed to years or decades. This talk will discuss a new modeling & simulation framework that cybersecurity subject matter experts can leverage to better understand the issue. Called the Cyber Attack Network Simulation Tool Suite, this framework can be applied to both academic research projects and DoD contract work. The National Vulnerability Database (NVD) and Common Attack Pattern Enumeration and Classification (CAPEC) are valuable resources to understand cyber threats and their assessments; they are commonly referenced by network professionals, software developers and cyber analysts over the course of the information system development process. The M&S framework in this talk highlights the need to parse the NVD and CAPEC so that validated cyber threats can be ingested in a simulation environment.