Cybersecurity Systems for Human Cognition Augmentation

The notions of situational awareness, sensemaking, and situation understanding are used in the literature to denote different components in the repertoire of cognitive activities exercised by analysts in the prosecution of cyber warfare. This chapter discusses the relative role of these components in cyber analysis and the nature of cognitive challenges they present, focusing on situation understanding. The purpose is threefold: to clarify the notions, to elevate the role of understanding to that of the key determinant of successful performance, and to offer suggestions for the design of decision aids that are likely to facilitate situation understanding. These issues are tackled from a number of different perspectives. Accordingly, the text is divided into six brief sections: Sects. 1.1–1.4 develop a framework and set the stage for design suggestions in Sect. 1.5. Section 1.6 considers the future of intelligent support is cyber warfare predicting transition from “machine learning” to “machine understanding.” (Throughout the chapter, the terms “situation comprehension” and “situation understanding” will be used interchangeably).

The growth of digital content and information through the World Wide Web is increasing rapidly and more of this traffic is generated by smart mobile low size, weight, and power (SWaP) devices that are constantly sending/receiving information to/from the network for up-to-date operation. In terms of data, according to an IDC report by Gantz and Reinsel in 2012 [1], from 2005 to 2020, the digital universe will grow by a factor of 300, from 130 to 40,000 exabytes, and from now until 2020, the digital universe will about double every 2 years. The size of the digital universe in 2010 was estimated at 1,227 exabytes [1] in particular. Therefore, it can be expected that an increasing number of low SWaP devices will be implemented to offer enhanced functionality in terms of the complexity and number of services offered to users within the physically and electronically constrained form factor architecture. From a network security stand point, it will be important for the Army to ensure security and trust in the operation and functionality of smart mobile tactical devices. However, from the user’s point of view, performance degradation due to security add-ons may degrade device performance during operation and during operations where speed is critical, enhanced security could degrade operational effectiveness. Therefore, it is the main goal of this effort to perform basic research in methods and techniques to provide security to mobile tactical networks while ensuring low SWaP technical requirements for operation. In this pursuit, we have considered two basic research areas that could provide a revolutionary solution to the problem. The first technology area is memristor-based computing and the second area is artificial neural networks. It is expected that memristor-based physical computing architectures will deliver ultra-low SWaP and neural networks will enable parallelism and reconfiguration benefits. This chapter will provide a brief overview of the memristor technology and its applications within neural networks and their potential application to enabling human cognition augmentation in the Cyber-domain.

An ever increasing number of critical missions rely today on complex Information Technology infrastructures, making such missions vulnerable to a wide range of potentially devastating cyber-attacks. Attackers can exploit network configurations and vulnerabilities to incrementally penetrate a network and compromise critical systems, thus rendering security monitoring and intrusion detection much more challenging. It is also evident from the ever growing number of high-profile cyber-attacks reported in the news that not only are cyber-attacks growing in sophistication but also in numbers. For these reasons, cyber-security analysts need to continuously monitor large amounts of alerts and data from a multitude of sensors in order to detect attacks in a timely manner and mitigate their impact. However—given the inherent complexity of the problem—manual analysis is labor-intensive and error-prone, and distracts the analyst from getting the “big picture” of the cyber situation.

The Global cyber infrastructure presents many challenges because of the complexity and massive amounts of information transferred across the global network daily. The cyber infrastructure is a made up of the data resources, network protocols, computing platforms, and computational services that bring people, information, and computational tools together. Data mining techniques are necessary as a need emerges to be able to automatically analyze, classify and summarize the massive amount of data to be considered. Cyber operators and analyst need to quickly be able to identify key indicators and discover and analyze trends in the data. They often could greatly benefit from automated tools to flag anomalies or high priority events of interest. This chapter presents some of the key research areas, trends, and some methods for addressing the big data challenges in cyber operations.

In today’s computing environments, one must assume that a subset of the system is currently, or will eventually be compromised. The proposed architecture supports design separation for high reliability and information assurance. By leveraging a hybrid fault model with multiple, parallel execution paths and resultant execution trace comparison, the proposed cognitive trust architecture identifies suspect nodes and assures trusted execution. Furthermore, the modeled architecture may be scaled through proactive thread diversity for additional assurance during threat escalation. The solution provides dynamic protection through distributing critical information across federated cloud resources that adopt a metamorphic topology, redundant execution, and the ability to break command and control of malicious agents.

Today’s networks and their users are under attack from an ever-expanding universe of threats and malware. Malware are malicious software codes that typically damage or disable, take control of, or steal information from a computer system. Malware broadly includes botnets, viruses, worms, Trojan horses, logic bombs, rootkits, boot kits, backdoors, spyware, adware, and other types of threats. The ever increasing danger of the future threat is its ability to evolve for avoiding system defenses. Future threats will be using machine learning to outsmart the defenses. Defense techniques will in turn learn new attackers tricks to defend against. Therefore the future of cybersecurity is a warfare of machine learning techniques. The more capable machine learning technique will win.

Due to the exponential increase in the use of smart mobile devices, malware threats on those devices have been growing and posing security risks. To address this critical issue, we developed an Artificial Neural Network (ANN)-based malware detection system to detect unknown malware. In our system, we consider both permissions requested by applications and system calls associated with the execution of applications to distinguish between benign applications and malware. We used ANN, a representative machine learning technique, to understand the anomaly behavior of malware by learning the characteristic permissions and system calls used by applications. We then used the trained ANN to detect malware. Using real-world malware and benign applications, we conducted experiments on Android devices and evaluated the effectiveness of our developed system.

Energy is the major commodity for the industrial society. In general, energy is an ability to move matter, which in one way or another shows up universally. As physical processes unfold energy goes from one form to another, and the total sum of different energy values in commeasurable units remains constant (see [1]). This constitutes the law of conservation of energy—an important operational principle affirming that energy can neither come out of nowhere nor disappear into nothingness.

Cyberthreat security is a rapidly evolving landscape, where the diversity and number of attacks is constantly changing, requiring new approaches to defense. In the past, it was sufficient to predict likely attack methods and to monitor potential vulnerabilities, however, today the attacks are too varied and change too quickly for the traditional defenses to be effective. We need structures that are capable of identifying probable attacks and responding without human intervention. Due to the increasing rate of new attack methodologies, these structures need to be able to identify and respond to attacks that have never been seen before. That is, we need structures which are capable of learning.

Intrusion detection systems (IDS) are commonly utilized to prevent cyber-attacks. With the wide proliferation of network connected devices, running IDS algorithms on all devices (including mobile devices) within a network can help bolster security. However, the cost of running IDS algorithms on all networked devices can be high in terms of power and physical resources (especially battery operated ones). Several recent studies have proposed mapping applications to neural network form and then running these on specialized neural network accelerators [1, 2] to reduce power consumption. Neural accelerators can result in power reduction from about 2 times to several thousand times compared to RISC processors [3]. Hence utilizing these neural network accelerators can enabling the deployment of IDS algorithms across all devices in a network.

The memristor device was first described in 1971 by Leon Chua [1] as the fourth basic circuit element. Recently, the memristor has received much attention since the publication of the paper titled “The missing memristor found” in 2008 describing the memristive characteristics of metal-oxide-based memristor devices [2]. The memristor name is a contraction for memory resistor [1]. It is a two terminal passive device whose resistance state depends on its previous state. Given their two terminal structural simplicity and electronic passivity, the applications for memristor technology range from non-volatile memory, instant on computers, reconfigurable electronics and neuromorphic computing [3, 4]. Several device models have been presented to describe the electrical behavior of memristor devices [1, 2, 4–6]. However, there is no paper to the best of our knowledge in the published literature that shows model versus hardware plot correlations within a SPICE microelectronics industry standard environment. Recently, we developed an empirical model that accurately describes the electrical behavior of ion-conductor chalcogenide-based memristors [7]. In this work, we present a SPICE-based version of our memristor device compact model.

Reconfigurable computing logic describes the ability to transform the functionally of a Boolean function from let us say a logic AND gate to a logic OR gate functionality without physical rewiring and vice versa. Today, this type of logic reconfiguration is not possible as the operational functionality of transistors, resistors, capacitors, and inductors is fixed and electronically unchangeable. However, there exists a new electronic device whose impedance state is electronically variable and non-volatile. The name of such device is the memristor. The electronic operational and behavioral characteristics of memristor devices have been reported recently in the literature by the authors [1, 2]. Pino and Bohl have described mathematically that memristors can operate within a range of impedance states bounded by a maximum, RHigh, and minimum, RLow, resistance values. The switching characteristics of the memristor devices between their ON and OFF states, RHigh and RLow, are governed by discrete threshold voltages, VHigh and VLow, that switch the device ON and OFF respectively [1]. In addition, the memristor device whose name stands for memory resistor is of particular interest because it is a passive device that when power is turned off, it remembers its previous impedance state [3–5]. In this work, we make use of the memristor device as a memory element within our reconfigurable computing logic architecture.

The class of reconfigurable systems, which include the digital field programmable gate array (FPGA) and emerging new technologies such as neuromorphic computation and memristive devices, represent a type of frontier for cyber security. In this chapter, we provide a brief sketch of the field of reconfigurable systems, introduce a few basic ideas about cyber security, and consider the implications of cyber security as it applies to present and future devices. We also attempt to provide some insights on how to add robustness to reconfigurable systems technologies.