Shit Happens!

Innovate

Shit Happens!Robert Ghanea-HercockChief Researcher in Centre for Information & Security Systems Research, BT Innovate2009

© British Telecommunications plc

A D A S T R A L P A R K


EXCHANGE IN GREENOCK WITH OPERATORS CIRCA 1908


Unleashing open innovation

Future services

BT Snap&Send

BT FON

Customers

BT Vision


• Motivation– Autonomous Cyber Defence Solutions

• Where we are– In trouble!

• Research– Biology & Artificial Immune Systems– Self* systems– Complex Networks, Dynamics and Topology

• Conclusions


• Next Generation Web Research

– Semantic Business Intelligence

• ICT Infrastructure Virtualisation

– Policy based management

• Service Management Research

– Adaptive ICT

• Automated management of network, storage and computing

• Information Security Research

– Security Architectures Research

– Enterprise Risk Research

Overview of Centre for Information & Security Systems Research



BT Pervasive ICT Centre


Real-time performance & risk intelligence


Motivation

• Static network security techniques are failing

• Cyber Defence must become Adaptive & Autonomous

• Goal: Resilient and self-healing Enterprise systems


Biological Defence as a model

• Artificial Immune Systems (Forrest et al)• Biological defence examples

– External (teeth, claws etc)– Internal (lymphatic network & immune system)– Social networks in animal groups (Soldier Ants,

herding, swarms..)




The Problem

• Attacks occur at machine speed 10-6 sec• Responses at human speed 103 sec• Economics trades cost of response with risk• Information Assurance boring• Business Continuity, dull and expensive• Humans are very, very, bad at risk assessment


15


Network Dynamics & Topology

• Topology impacts spread of viral/self-replicating processes (Satorras & Vespignani 2001)

• “Error and attack tolerance in complex networks”, Albert R., Jeong H., and Barabási A., Nature 406 , 378 (2000).

• In a Small-World: Topology counts


Past & Future Defence


Simulated tactical network under attack


With adaptive link allocation


NetStress Topology Analysis Toolkit



BT Exact - Agent Immunology ModelAgent-based Modelling of Anti-viral systems

• Two-dimensional discrete spatial world model, in which a population of artificial agents interact, move, and infect each other: based on the Sugarscape model (Epstein and Axtell 1996).

• Cooperative exchange of simulated antibodies, used to create group immunity

• Built on the REPAST agent toolkit from the University of Chicago

(http://repast.sourceforge.net/).



0 200 400 600 800 10000

100

200

300

400

No. of iterations i.

Ave

rage

age

nt i

nfec

tion

lev

el

xi

zi

i

Graph showing decrease in average viral infection level without, and with shared antibodies between agents.


Nexus Middleware

• Smart middleware for resilient & agile ICT Services

• Enables flexible applications composed of services + sensors in dynamic and unreliable networks

• Emphasis on– Robustness – Adaptivity – Runtime flexibility/re-configurable– Rapid deployment– Low cost


25


Rules of Resilience

• Engineer the Network to fail gracefully– Incorporate multiple-layers of defence (Defence

in Depth)• Use robust response mechanisms• Design out human options: choices = threats

• Resilience not Optimality


P2P Networks

• A virtual overlay network • Very resilient • Highly adaptive• Low cost deployment

• Automatic load balancing (e.g. Bittorrent)• BBC iPlayer = 5% UK traffic, 1 Million shows/week• But• Challenges: security and management e.g. Marine One



PHOBOS P2P Agent Authentication

Java TransceiverNode

Java TransceiverNode

Sockets and HTTP / SSL

Plugin Adapter Plugin Adapter

PhobosAgent

PhobosAgentMessage DB

Message Loggingand Forwarding

Module

Agent-based user authentication model


Technology Stack

Resource Management

Layer

Process Management Layer

Communication Layer

Interaction Layer

SOA P2P Semantic Web Information Integration

MonitoringMonitoringDiscoveryDiscovery SubstitutionSubstitution Selection/AllocationSelection/Allocation

CompositionCompositionExecutionExecution Querying/RetrievalQuerying/Retrieval

Publish/SubscribePublish/

SubscribeRPC/RMIRPC/RMI StreamingStreaming MulticastMulticast

KnowledgeManipulationKnowledge

ManipulationGoal

CreationGoal

CreationService

InteractionService

InteractionUser

AssistanceUser

Assistance

MonitoringMonitoringDiscoveryDiscovery SubstitutionSubstitution Selection/AllocationSelection/Allocation

CompositionCompositionExecutionExecution Querying/RetrievalQuerying/Retrieval

Publish/SubscribePublish/

SubscribeRPC/RMIRPC/RMI StreamingStreaming MulticastMulticast

KnowledgeManipulationKnowledge

ManipulationGoal

CreationGoal

CreationService

InteractionService

InteractionUser

AssistanceUser

Assistance

Agents & AC


Neural Adaptive Network Algorithm (SCAN)

• Algorithms for resilience in P2P middleware

– Frequency Rule

– Feedback rule

– Decay rule

– Dynamic Growth Rule

– Constrained virtual connection Rule



0 2000 4000 6000 8000 1 104

0

0.5

1

No. of iterations i.

Avg

. nod

e co

nnec

tions

as

a pe

rcen

tage

SCAN network resistance to a targeted attack (i.e. nodes with high degree k)


Nexus Architecture




• Visual Data Mining– Not just data visualisation

• Mixed-initiative operation– Automatic clustering & User feedback

• Learning to cluster better & auto-categorise– Artificial neural network

• Minimising cognitive load / Maximising tag quality– Tag suggestion

Cyclone


Cyclone

• Categorisation of unstructured information


MoD CWID 2008


The Cyclone Framework

2009 IEEE International Symposium on Intelligent Agents (IA 2009), Nashville, Tennessee, USA - 30th March 2009

Categorization Process



The Cyclone Framework Force-based Visual Clustering


• Simulated Physical Forces– Attracting and Repelling Forces

– Cosine Similarity to determine Force weights


The Cyclone Framework Force-based Visual Clustering



The Cyclone Framework



Human factors

43


44


Conclusion

• Cyber Defence must become autonomous– Self*, P2P, Topology design, Dynamics

• Autonomy vs. Control debate– More research required

• Resilience as a design principal– Pagodas

• Dependability needs sophisticated risk analysis• Human Factors

– Simpson's


Questions

• How autonomous should Cyber Security become?

• Is there any alternative?

• Will AI become a threat?

46


Links

• BT Security Solutions– http://www.counterpane.com/

• UK Cyber Security KTN – http://www.ktn.qinetiq-tim.net/

• Santa Fe Institute– www.arcs-workshop.org


Contact

Dr Robert Ghanea-Hercock

[email protected]

48




Documents

Shit Happens!