Army Cyber Institute
Permanent URI for this collection
Browse
Browsing Army Cyber Institute by Author "Bastian, Nathaniel D."
Now showing 1 - 20 of 52
Results Per Page
Sort Options
Item A ranked solution for social media fact checking using epidemic spread modeling(2022-01) Smith, John H. ; Bastian, Nathaniel D.Within the past decade, social media has become a primary platform for consumption of information and current events. Unlike with traditional news sources, however, social media posts do not have to go through a rigorous validation process prior to publication. The 2019 Mueller Report illustrates how malicious actors have taken advantage of these lax requirements to sway public opinion on topics from the #blacklivesmatter movement to the 2016 U.S. Presidential election. Currently, social media companies rely primarily on communal-policing of misinformation; it is unlikely that this will happen with regularity. To counteract this, other literature on the topic is focused on using deep learning models to separate accurate from misleading content; however, the rapidly evolving nature of misinformation means that they will have to be retrained and redeployed on an iterative and time-consuming basis. This work, therefore, proposes a novel approach to the problem: treating misinformation as a virus. Specifically, we propose a ranking system that third-party fact checkers can utilize to prioritize posts for checking. This algorithm is then tested against multiple data sets with strong positive results, decreasing viral spread in a matter of minutes.Item A Sensitivity Analysis of Poisoning and Evasion Attacks in Network Intrusion Detection System Machine Learning Models(2021-12-30) Talty, Kevin ; Stockdale, John ; Bastian, Nathaniel D.As the demand for data has increased, we have witnessed a surge in the use of machine learning to help aid industry and government in making sense of massive amounts of data and, subsequently, making predictions and decisions. For the military, this surge has manifested itself in the Internet of Battlefield Things. The pervasive nature of data on today's battlefield will allow machine learning models to increase soldier lethality and survivability. However, machine learning models are predicated upon the assumptions that the data upon which these machine learning models are being trained is truthful and the machine learning models are not compromised. These assumptions surrounding the quality of data and models cannot be the status-quo going forward as attackers establish novel methods to exploit machine learning models for their benefit. These novel attack methods can be described as adversarial machine learning (AML). These attacks allow an attacker to unsuspectingly alter a machine learning model before and after model training in order to degrade a model's ability to detect malicious activity. In this paper, we show how AML, by poisoning data sets and evading well trained models, affect machine learning models' ability to function as Network Intrusion Detection Systems (NIDS). Finally, we highlight why evasion attacks are especially effective in this setting and discuss some of the causes for this degradation of model effectiveness.Item Advancing the Research and Development of Assured Artificial Intelligence and Machine Learning Capabilities(AAAI FSS-20, 2020) Shipp, Tyler J.; Clouse, Daniel J.; De Lucia, Michael J.; Ahiskali, Metin B.; Steverson, Kai; Mullin, Jonathan; Bastian, Nathaniel D.Artificial intelligence (AI) and machine learning (ML) have become increasingly vital in the development of novel defense and intelligence capabilities across all domains of warfare. An adversarial AI (A2I) and adversarial ML (AML) attack seeks to deceive and manipulate AI/ML models. It is imperative that AI/ML models can defend against these attacks. A2I/AML defenses will help provide the necessary assurance of these advanced capabilities that use AI/ML models. The A2I Working Group (A2IWG) seeks to advance the research and development of assured AI/ML capabilities via new A2I/AML defenses by fostering a collaborative environment across the U.S. Department of Defense and U.S. Intelligence Community. The A2IWG aims to identify specific challenges that it can help solve or address more directly, with initial focus on three topics: AI Trusted Robustness, AI System Security, and AI/ML Architecture Vulnerabilities.Item Adversarial machine learning in Network Intrusion Detection Systems(2021-12-30) Alhajjar, Elie ; Maxwell, Paul ; Bastian, Nathaniel D.Adversarial examples are inputs to a machine learning system intentionally crafted by an attacker to fool the model into producing an incorrect output. These examples have achieved a great deal of success in several domains such as image recognition, speech recognition and spam detection. In this paper, we study the nature of the adversarial problem in Network Intrusion Detection Systems (NIDS). We focus on the attack perspective, which includes techniques to generate adversarial examples capable of evading a variety of machine learning models. More specifically, we explore the use of evolutionary computation (particle swarm optimization and genetic algorithm) and deep learning (generative adversarial networks) as tools for adversarial example generation. To assess the performance of these algorithms in evading a NIDS, we apply them to two publicly available data sets, namely the NSL-KDD and UNSW-NB15, and we contrast them to a baseline perturbation method: Monte Carlo simulation. The results show that our adversarial example generation techniques cause high misclassification rates in eleven different machine learning models, along with a voting classifier. Our work highlights the vulnerability of machine learning based NIDS in the face of adversarial perturbation.Item Algorithm selection framework for cyber attack detection(2020-07) Chalé, Marc ; Bastian, Nathaniel D. ; Weir, JefferyThe number of cyber threats against both wired and wireless computer systems and other components of the Internet of Things continues to increase annually. In this work, an algorithm selection framework is employed on the NSL-KDD data set and a novel paradigm of machine learning taxonomy is presented. The framework uses a combination of user input and meta-features to select the best algorithm to detect cyber attacks on a network. Performance is compared between a rule-of-thumb strategy and a meta-learning strategy. The framework removes the conjecture of the common trial-and-error algorithm selection method. The framework recommends five algorithms from the taxonomy. Both strategies recommend a high-performing algorithm, though not the best performing. The work demonstrates the close connectedness between algorithm selection and the taxonomy for which it is premised.Item An Adversarial Training Based Machine Learning Approach to Malware Classification under Adversarial Conditions(Proceedings of the 54th Hawaii International Conference on System Sciences, 2021) Devine, Sean; Bastian, Nathaniel D.The use of machine learning (ML) has become an established practice in the realm of malware classification and other areas within cybersecurity. Characteristic of the contemporary realm of intelligent malware classification is the threat of adversarial ML. Adversaries are looking to target the underlying data and/or models responsible for the functionality of malware classification to map its behavior or corrupt its functionality. The ends of such adversaries are bypassing the cybersecurity measures and increasing malware effectiveness. We develop an adversarial training-based ML approach for malware classification under adversarial conditions that leverages a stacking ensemble method, which compares the performance of 10 base ML models when adversarially trained on three data sets of varying data perturbation schemes. This comparison ultimately reveals the best performing model per data set, which includes random forest, bagging and gradient boosting. Experimentation also includes stacking a mixture of ML models in both the first and second levels in the stack. A first level stack across all 10 ML models with a second level support vector machine is top performing. Overall, this work reveals that a malware classifier can be developed to account for potential forms of training data perturbation with minimal effect on performance.Item Approximate dynamic programming for the aeromedical evacuation dispatching problem: Value function approximation utilizing multiple level aggregation(Omega, 2020) Robbins, Matthew J.; Jenkins, Phillip R.; Bastian, Nathaniel D.; Lunday, Brian J.Sequential resource allocation decision-making for the military medical evacuation of wartime casualties consists of identifying which available aeromedical evacuation (MEDEVAC) assets to dispatch in response to each casualty event. These sequential decisions are complicated due to uncertainty in casualty demand (i.e., severity, number, and location) and service times. In this research, we present a Markov decision process model solved using a hierarchical aggregation value function approximation scheme within an approximate policy iteration algorithmic framework. The model seeks to optimize this sequential resource allocation decision under uncertainty of how to best dispatch MEDEVAC assets to calls for service. The policies determined via our approximate dynamic programming (ADP) approach are compared to optimal military MEDEVAC dispatching policies for two small-scale problem instances and are compared to a closest-available MEDEVAC dispatching policy that is typically implemented in practice for a large-scale problem instance. Results indicate that our proposed approximation scheme provides high-quality, scalable dispatching policies that are more easily employed by military medical planners in the field. The identified ADP policies attain 99.8% and 99.5% optimal for the 6- and 12-zone problem instances investigated, as well as 9.6%, 9.2%, and 12.4% improvement over the closest-MEDEVAC policy for the 6-, 12-, and 34-zone problem instances investigated.Item Artificial intelligence for defense applications(2021-06-28) Bastian, Nathaniel D.Item Autonomous cyber warfare agents: dynamic reinforcement learning for defensive cyber operations(Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications V, 2023) Bierbrauer, David A.; Schabinger, Robert M.; Carlin, Caleb; Mullin, Jonathan; Pavlik, John; Bastian, Nathaniel D.; Solomon, Latasha ; Schwartz, Peter J.In this work, we aim to develop novel cybersecurity playbooks by exploiting dynamic reinforcement learning (RL) methods to close holes in the attack surface left open by the traditional signature-based approach to Defensive Cyber Operations (DCO). A useful first proof-of-concept is provided by the problem of training a scanning defense agent using RL; as a first line of defense, it is important to protect sensitive networks from network mapping tools. To address this challenge, we developed a hierarchical, Monte Carlo-based RL framework for the training of an autonomous agent which detects and reports the presence of Nmap scans in near real-time, efficiently and with near-perfect accuracy. Our algorithm is powered by a reduction of the state space given by a transformer, CLAPBAC, an anomaly detection tool which applies natural language processing to cybersecurity in a manner consistent with state-of-the-art. In a realistic scenario emulated in CyberVAN, our approach generates optimized playbooks for effective defense against malicious insiders inappropriately probing sensitive networks.Item Autonomous cyber warfare agents: dynamic reinforcement learning for defensive cyber operations(SPIE, 2023) Bastian, Nathaniel D.; Bierbrauer, David A.; Schabinger, Robert M.; Carlin, Caleb; Mullin, Jonathan; Pavlik, JohnIn this work, we aim to develop novel cybersecurity playbooks by exploiting dynamic reinforcement learning (RL) methods to close holes in the attack surface left open by the traditional signature-based approach to Defensive Cyber Operations (DCO). A useful first proof-of-concept is provided by the problem of training a scanning defense agent using RL; as a first line of defense, it is important to protect sensitive networks from network mapping tools. To address this challenge, we developed a hierarchical, Monte Carlo-based RL framework for the training of an autonomous agent which detects and reports the presence of Nmap scans in near real-time, efficiently and with near-perfect accuracy. Our algorithm is powered by a reduction of the state space given by a transformer, CLAPBAC, an anomaly detection tool which applies natural language processing to cybersecurity in a manner consistent with state-of-the-art. In a realistic scenario emulated in CyberVAN, our approach generates optimized playbooks for effective defense against malicious insiders inappropriately probing sensitive networks.Item Beyond traditional architecture for MDO applications: The Erlang VM and its potential(2020-04-21) Wilkinson, Chris ; Bastian, Nathaniel D. ; Kwon, Minseok ; Pham, Tien ; Solomon, Latasha ; Rainey, KatieIn order to scale for speed, technology often builds upon the earliest proven systems and architectures. As the context changes, from a civilian application domain to a military application domain, the priority of functional requirements can and often do change. The hardware, software, and language development environment set the foundation for the constraints and potential of a system. This along with the fact the information technology revolution, since early 2000, has primarily been driven by the commercial sector, requires engineers to consider whether nontraditional, less well-known architectures may have a role in the Multi-Domain Operations (MDO) application space. This paper will highlight features inherent to traditional architectures, the challenges associated with these architectural features, and how the Erlang VM represents an opportunity to develop an architectural foundation suitable to the MDO application domain. Finally, this paper will highlight a future technology concept integrating demonstrated neural interface technology with an Erlang VM supported architecture. This foundation will help enable human-machine teaming by empowering a human agent to interact with sensors and AI-enabled autonomous systems with a dynamic user interface allowing the human agent to accomplish MDO applications. The great potential for the concept depends on a fault-tolerant, distributed system permitted by the Erlang VM to exibly integrate the capabilities required to address the diverse challenges of a complex operating environment.Item CHALLENGES AND OPPORTUNITIES FOR GENERATIVE METHODS IN THE CYBER DOMAIN(2021 Winter Simulation Conference (WSC), 2021-12-15) Chalé, Marc ; Bastian, Nathaniel D.Large, high quality data sets are essential for training machine learning models to perform their tasks accurately. The lack of such training data has constrained machine learning research in the cyber domain. This work explores how Markov Chain Monte Carlo (MCMC) methods can be used for realistic synthetic data generation and compares it to several existing generative machine learning techniques. The performance of MCMC is compared to generative adversarial network (GAN) and variational autoencoder (VAE) methods to estimate the joint probability distribution of network intrusion detection system data. A statistical analysis of the synthetically generated cyber data determines the goodness of fit, aiming to improve cyber threat detection. The experimental results suggest that the data generated from MCMC fits the true distribution approximately as well as the data generated from GAN and VAE; however, the MCMC requires a significantly longer training period and is unproven for higher dimensional cyber data.Item Constrained optimization based adversarial example generation for transfer attacks in network intrusion detection systems(Optimization Letters, 2023) Chalé, Marc; Cox, Bruce; Weir, Jeffery; Bastian, Nathaniel D.Deep learning has enabled network intrusion detection rates as high as 99.9% for malicious network packets without requiring feature engineering. Adversarial machine learning methods have been used to evade classifiers in the computer vision domain; however, existing methods do not translate well into the constrained cyber domain as they tend to produce non-functional network packets. This research views the payload of network packets as code with many functional units. A meta-heuristic based generative model is developed to maximize classification loss of packet payloads with respect to a surrogate model by repeatedly substituting units of code with functionally equivalent counterparts. The perturbed packets are then transferred and tested against three test network intrusion detection system classifiers with various evasion rates that depend on the classifier and malicious packet type. If the test classifier is of the same architecture as the surrogate model, near-optimal adversarial examples penetrate the test model for 69% of packets whereas the raw examples succeeds for only 5% of packets. This confirms hypotheses that NIDS classifiers are vulnerable to adversarial attacks, motivating research in robust learning for cyber.Item Context-aware Collaborative Neuro-Symbolic Inference in IoBTs(IEEE, 2022) Abdelzaher, Tarek; Bastian, Nathaniel D.; Jha, Susmit; Kaplan, Lance; Srivastava, Mani; Veeravalli, VenugopalIoBTs must feature collaborative, context-aware, multi-modal fusion for real-time, robust decision-making in adversarial environments. The integration of machine learning (ML) models into IoBTs has been successful at solving these problems at a small scale (e.g., AiTR), but state-of-the-art ML models grow exponentially with increasing temporal and spatial scale of modeled phenomena, and can thus become brittle, untrustworthy, and vulnerable when interpreting large-scale tactical edge data. To address this challenge, we need to develop principles and methodologies for uncertainty-quantified neuro-symbolic ML, where learning and inference exploit symbolic knowledge and reasoning, in addition to, multi-modal and multi-vantage sensor data. The approach features integrated neuro-symbolic inference, where symbolic context is used by deep learning, and deep learning models provide atomic concepts for symbolic reasoning. The incorporation of high-level symbolic reasoning improves data efficiency during training and makes inference more robust, interpretable, and resource-efficient. In this paper, we identify the key challenges in developing context-aware collaborative neuro-symbolic inference in IoBTs and review some recent progress in addressing these gaps.Item Counter-AI Tool System Design for AI System Adversarial Testing and Evaluation(Proceedings of the Annual General Donald R. Keith Memorial Conference, 2022) Byington, Nathan; Davis, Carter; Meehan, Matthew; Vincent, Caroline; Woodward, David; Bastian, Nathaniel D.This work consists of the initial recommendations and conclusions found while soliciting functional requirements for the research, design and development of a Counter-AI Tool for conducting adversarial testing and evaluation of artificial intelligence (AI) systems. The report includes a literature review of relevant AI concepts and extensive research within the adversarial AI domain. An intensive stakeholder analysis, consisting of requirement elicitation from over twenty governmental and non-governmental organizations, assisted in determining what functional requirements should be included in the system design of a Counter-AI Tool. The subsequent system architecture diagram takes user input, tests for various types of adversarial AI attacks, and outputs the vulnerabilities of the AI model. Prior to the operationalization of this tool, iterative experimentation will be conducted by partner organizations, which is the next step in the development and deployment of this Counter-AI Tool.Item Cybersecurity Anomaly Detection in Adversarial Environments(Cornell University, 2021) Bierbrauer, David A.; Kritzer, Will; Chang, Alexander; Bastian, Nathaniel D.The proliferation of interconnected battlefield information sharing devices, known as the Internet of Battlefield Things (IoBT), introduced several security challenges. Inherent to the IoBT operating environment is the practice of adversarial machine learning, which attempts to circumvent machine learning models. This work examines the feasibility of cost-effective unsupervised learning and graph-based methods for anomaly detection in the network intrusion detection system setting, and also leverages an ensemble approach to supervised learning of the anomaly detection problem. We incorporate a realistic adversarial training mechanism when training supervised models to enable strong classification performance in adversarial environments. The results indicate that the unsupervised and graph-based methods were outperformed in detecting anomalies (malicious activity) by the supervised stacking ensemble method with two levels. This model consists of three different classifiers in the first level, followed by either a Naive Bayes or Decision Tree classifier for the second level. The model maintains an F1-score above 0.97 for malicious samples across all tested level two classifiers. Notably, Naive Bayes is the fastest level two clas sifier averaging 1.12 seconds while Decision Tree maintains the highest AUC score of 0.98.Item Deep VULMAN: A deep reinforcement learning-enabled cyber vulnerability management framework(Expert Systems with Applications, 2023) Hore, Soumyadeep; Shah, Ankit; Bastian, Nathaniel D.Cyber vulnerability management is a critical function of a cybersecurity operations center (CSOC) that helps protect organizations against cyber-attacks on their computer and network systems. Adversaries hold an asymmetric advantage over the CSOC, as the number of deficiencies in these systems is increasing at a significantly higher rate compared to the expansion rate of the security teams to mitigate them. The current approaches in cyber vulnerability management are deterministic and one-time decision-making methods, which do not consider future uncertainties when prioritizing and selecting vulnerabilities for mitigation. These approaches are also constrained by the sub-optimal distribution of resources, providing no flexibility to adjust their response to fluctuations in vulnerability arrivals. We propose a novel framework, Deep VULMAN, consisting of a deep reinforcement learning agent and an integer programming method to fill this gap in cyber vulnerability management process. Our sequential decision-making framework, first, determines the near-optimal amount of resources to be allocated for mitigation under uncertainty for a given system state, and then determines the optimal set of prioritized vulnerability instances for mitigation. Results show that our framework outperforms the current methods in prioritizing the selection of important organization-specific vulnerabilities, on both simulated and real-world vulnerability data, observed over a one-year period.Item Dehallucinating Large Language Models Using Formal Methods Guided Iterative Prompting(IEEE, 2023) Jha, Susmit; Jha, Sumit Kumar; Lincoln, Patrick; Bastian, Nathaniel D.; Velasquez, Alvaro; Neema, SandeepLarge language models (LLMs) such as ChatGPT have been trained to generate human-like responses to natural language prompts. LLMs use a vast corpus of text data for training, and can generate coherent and contextually relevant responses to a wide range of questions and statements. Despite this remarkable progress, LLMs are prone to hallucinations making their application to safety-critical applications such as autonomous systems difficult. The hallucinations in LLMs refer to instances where the model generates responses that are not factually accurate or contextually appropriate. These hallucinations can occur due to a variety of factors, such as the model’s lack of real-world knowledge, the influence of biased or inaccurate training data, or the model’s tendency to generate responses based on statistical patterns rather than a true understanding of the input. While these hallucinations are a nuisance in tasks such as text summarization and question-answering, they can be catastrophic when LLMs are used in autonomy-relevant applications such as planning. In this paper, we focus on the application of LLMs in autonomous systems and sketch a novel self-monitoring and iterative prompting architecture that uses formal methods to detect these errors in the LLM response automatically. We exploit the dialog capability of LLMs to iteratively steer them to responses that are consistent with our correctness specification. We report preliminary experiments that show the promise of the proposed approach on tasks such as automated planning.Item Empirical Evaluation of Autoencoder Models for Anomaly Detection in Packet-based NIDS(Proceedings of the 2023 IEEE Conference on Dependable and Secure Computing, 2023) Hore, Soumyadeep; Nguyen, Quoc; Xu, Yulun; Shah, Ankit; Bastian, Nathaniel D.; Le, TrungAnomaly detection is critical for network security. Unsupervised learning models trained on benign network traffic data aim to detect anomalies without relying on attack data sets. Autoencoder-based models have emerged as a promising approach for detecting anomalies in network intrusion data. While autoencoder models have predominantly been utilized in flow-based approaches, which are suitable for offline analysis, there is a notable gap in research concerning unsupervised learning, particularly autoencoder-based techniques, for packetbased network intrusion detection. Packet-based network intrusion detection systems (NIDS) enable real-time detection at a granular level, making this area of investigation crucial. In this work, we compare autoencoder models for anomaly detection in packet-based NIDS. A methodological framework is presented for implementing an autoencoder-based network intrusion detection mechanism with packet data. A novel reconstruction error metric is proposed for autoencoders, which is evaluated at different threshold levels to compare the detection accuracies of network traffic anomalies. The effectiveness of autoencoder models is demonstrated on various network attacks and adversarial samples obtained from publicly available network intrusion data sets. The analysis highlights the strengths and limitations of different autoencoders for network traffic anomaly detection. The insights obtained from the empirical evaluation offer valuable guidance to researchers and practitioners aiming to develop an autoencoder-based network intrusion detection mechanism.Item Evaluating Model Robustness to Adversarial Samples in Network Intrusion Detection(2021-12) Schneider, Madeleine ; Aspinall, David ; Bastian, Nathaniel D.Adversarial machine learning, a technique which seeks to deceive machine learning (ML) models, threatens the utility and reliability of ML systems. This is particularly relevant in critical ML implementations such as those found in Network Intrusion Detection Systems (NIDS). This paper considers the impact of adversarial influence on NIDS and proposes ways to improve ML based systems. Specifically, we consider five feature robustness metrics to determine which features in a model are most vulnerable, and four defense methods. These methods are tested on six ML models with four adversarial sample generation techniques. Our results show that across different models and adversarial generation techniques, there is limited consistency in vulnerable features or in effectiveness of defense method.
- «
- 1 (current)
- 2
- 3
- »