Skip to main content

Ant-based cyber defense

Ant-based cyber defense
                                                 Every computer attack is a battle between the owners of a computational infrastructure and adversaries bent on using these resources for their own purposes. The owners may span multiple organizations that have limited trust between them. Meanwhile, human adversaries are adaptively hostile, employing open-ended strategies and anti-forensic techniques. The problem of securing complex infrastructures in a dynamic hostile environment with changing adversaries cannot be solved with static defenses or uncoordinated unilateral measures. In today's large infrastructures comprised of many collaborating organizations, the way we typically monitor cyber defense is to gather all the cyber data from across the enterprise to a single point and analyze it centrally. While this gives excellent scope of information, this approach scales poorly.
To address this challenge, the Pacific Northwest National Laboratory has developed a framework for decentralized coordination based on the eusocial behaviors seen in ant colonies. The eusocial organization in the ant colony provides a highly adaptive common defense that achieves emergent behavior via stygmergic communication. PNNL has applied these ant behaviors to cyber security in its Ant-Based Cyber Defense where humans and various software agents share the responsibilities of securing an infrastructure comprised of enclaves that belong to member organizations.

Decentralized Hierarchy
The primary purpose of the Ant-Based Cyber Defense is to reduce the level of required human involvement in problem detection and resolution while retaining the human ability to intervene as desired. The second purpose is to enable separate enclaves to cooperate in their cyber defense while maintaining their privacy and proprietary data. A hierarchy is needed to give the humans at the top a single point of access to enclave-wide security information, but the monitoring and resolution are decentralized, bringing the sensor to the data rather than vice-versa.
The Ant-Based Cyber Defense is made of a set of collaborating enclave hierarchies of humans and software agents. An enclave is a collection of machines owned by a single organization and managed under a single policy. A human Supervisor may leads multiple enclaves, each of which is led by an agent called a Sergeant. Sentinel agents autonomically monitor enclave machines, and mobile Sensor agents wander through the enclave.

Supervisors
Human Supervisors provide guidance to and receive feed-back from one or more enclaves. They may take initiative as desired to inspect any element of the system, but we discourage direct human control that would destroy natural adaptation. Supervisors need take action only when the lower-level agents encounter a problem that requires human involvement.

Sergeants
Enclave-level agents called Sergeants are each responsible for the security state of an entire enclave. Sergeants dialogue with humans to gain guidance for running the system according to human-specified business drivers and security policies. Sergeants create and enforce executable policies for the entire enclave.

Sentinels and Sensors
A host-level Sentinel agent protects and configures each monitored machine. Sentinels interact with human supervisors only when they need clarification about how to classify ambiguous evidence from the swarm of Sensor agents. The Sensors roam from machine to machine within their enclave each searching for indicators of problems uniquely derived from the set of known problem indicators. They report discovered problems to the appropriate Sentinel. Sensors communicate by leaving digital pheromone messages that result it positive feedback, attracting a wide variety of Sensors to suspected problems.

Deployment Status
The Ant-Based Cyber Defense is a technology readiness level one project that has been implemented at the Sentinel and Sensor level on a cluster of 64 Linux virtual machines. This implementation rapidly identifies previously unknown malware based on real Linux worm code. Currently, development is underway in to use the digital ant approach as a security mechanism underlying the NSF GENI testbed laboratory.

Comments

Post a Comment

Popular posts from this blog

IBM iAccess for windows 7.1 "a system restart is pending" error

 IBM iAccess for windows 7.1 "a system restart is pending" error HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager 1. Look for the following key:  PendingFileRenameOperations or   FileRenameOperations ** 2. Right-click ->  Rename . 3. Add a prefix ### and press Enter. 4. Close regedit and attempt the installation.  Note:  Make sure to go back and remove the ### prefix. The installation should continue.
Post a Comment
Read more

Webex always using Microphone

 Webex always using Microphone 1). Navigate to Webex settings 2). Devices - Use Ultrasound 3). Remove ticket "Use Ultrasound"
2 comments
Read more

How to change processor name permanently to fool your friends

How to change processor name permanently to fool your friends ------------------------------ ------------------------------ -------------- Would you like to show a brand new processor name which may not even published on market? Yes, definitely you will like it! With this trick, you can change the name of your processor to a personalized one like Intel i12 or something extreme like AMD Radon 30 GHz . So follow the given steps, Steps you have to perform 1. Open Notepad. Copy and paste below code into file. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\HARDWARE\D ESCRIPTION\System\CentralProce ssor\0] "ProcessorNameString"="Intel(R ) Core(TM) i12-3470 CPU @ 32.5GHz " How to change processor name -- 2. Save the file with .reg extension, such as "anyname.reg". How to change processor name permanantly 3. Double click on file. You will get two prompt, Just allow them to install registry key. How to change processor n...
Post a Comment
Read more