Innovate Shit Happens! Robert Ghanea-Hercock Chief Researcher in Centre for Information & Security...
-
date post
18-Dec-2015 -
Category
Documents
-
view
216 -
download
0
Transcript of Innovate Shit Happens! Robert Ghanea-Hercock Chief Researcher in Centre for Information & Security...
Innovate
Shit Happens!Robert Ghanea-HercockChief Researcher in Centre for Information & Security Systems Research, BT Innovate2009
© British Telecommunications plc
A D A S T R A L P A R K
© British Telecommunications plc
EXCHANGE IN GREENOCK WITH OPERATORS CIRCA 1908
© British Telecommunications plc
Unleashing open innovation
Future services
BT Snap&Send
BT FON
Customers
BT Vision
© British Telecommunications plc
• Motivation– Autonomous Cyber Defence Solutions
• Where we are– In trouble!
• Research– Biology & Artificial Immune Systems– Self* systems– Complex Networks, Dynamics and Topology
• Conclusions
© British Telecommunications plc
• Next Generation Web Research
– Semantic Business Intelligence
• ICT Infrastructure Virtualisation
– Policy based management
• Service Management Research
– Adaptive ICT
• Automated management of network, storage and computing
• Information Security Research
– Security Architectures Research
– Enterprise Risk Research
Overview of Centre for Information & Security Systems Research
© British Telecommunications plc
© British Telecommunications plc
BT Pervasive ICT Centre
© British Telecommunications plc
Real-time performance & risk intelligence
© British Telecommunications plc
Motivation
• Static network security techniques are failing
• Cyber Defence must become Adaptive & Autonomous
• Goal: Resilient and self-healing Enterprise systems
© British Telecommunications plc
Biological Defence as a model
• Artificial Immune Systems (Forrest et al)• Biological defence examples
– External (teeth, claws etc)– Internal (lymphatic network & immune system)– Social networks in animal groups (Soldier Ants,
herding, swarms..)
© British Telecommunications plc
© British Telecommunications plc
© British Telecommunications plc
The Problem
• Attacks occur at machine speed 10-6 sec• Responses at human speed 103 sec• Economics trades cost of response with risk• Information Assurance boring• Business Continuity, dull and expensive• Humans are very, very, bad at risk assessment
© British Telecommunications plc
15
© British Telecommunications plc
Network Dynamics & Topology
• Topology impacts spread of viral/self-replicating processes (Satorras & Vespignani 2001)
• “Error and attack tolerance in complex networks”, Albert R., Jeong H., and Barabási A., Nature 406 , 378 (2000).
• In a Small-World: Topology counts
© British Telecommunications plc
Past & Future Defence
© British Telecommunications plc
Simulated tactical network under attack
© British Telecommunications plc
With adaptive link allocation
© British Telecommunications plc
NetStress Topology Analysis Toolkit
© British Telecommunications plc
BT Pervasive ICT Centre
BT Exact - Agent Immunology ModelAgent-based Modelling of Anti-viral systems
• Two-dimensional discrete spatial world model, in which a population of artificial agents interact, move, and infect each other: based on the Sugarscape model (Epstein and Axtell 1996).
• Cooperative exchange of simulated antibodies, used to create group immunity
• Built on the REPAST agent toolkit from the University of Chicago
(http://repast.sourceforge.net/).
© British Telecommunications plc
© British Telecommunications plc
0 200 400 600 800 10000
100
200
300
400
No. of iterations i.
Ave
rage
age
nt i
nfec
tion
lev
el
xi
zi
i
Graph showing decrease in average viral infection level without, and with shared antibodies between agents.
© British Telecommunications plc
Nexus Middleware
• Smart middleware for resilient & agile ICT Services
• Enables flexible applications composed of services + sensors in dynamic and unreliable networks
• Emphasis on– Robustness – Adaptivity – Runtime flexibility/re-configurable– Rapid deployment– Low cost
© British Telecommunications plc
25
© British Telecommunications plc
Rules of Resilience
• Engineer the Network to fail gracefully– Incorporate multiple-layers of defence (Defence
in Depth)• Use robust response mechanisms• Design out human options: choices = threats
• Resilience not Optimality
© British Telecommunications plc
P2P Networks
• A virtual overlay network • Very resilient • Highly adaptive• Low cost deployment
• Automatic load balancing (e.g. Bittorrent)• BBC iPlayer = 5% UK traffic, 1 Million shows/week• But• Challenges: security and management e.g. Marine One
© British Telecommunications plc
BT Pervasive ICT Centre
PHOBOS P2P Agent Authentication
Java TransceiverNode
Java TransceiverNode
Sockets and HTTP / SSL
Plugin Adapter Plugin Adapter
PhobosAgent
PhobosAgentMessage DB
Message Loggingand Forwarding
Module
Agent-based user authentication model
© British Telecommunications plc
Technology Stack
Resource Management
Layer
Process Management Layer
Communication Layer
Interaction Layer
SOA P2P Semantic Web Information Integration
MonitoringMonitoringDiscoveryDiscovery SubstitutionSubstitution Selection/AllocationSelection/Allocation
CompositionCompositionExecutionExecution Querying/RetrievalQuerying/Retrieval
Publish/SubscribePublish/
SubscribeRPC/RMIRPC/RMI StreamingStreaming MulticastMulticast
KnowledgeManipulationKnowledge
ManipulationGoal
CreationGoal
CreationService
InteractionService
InteractionUser
AssistanceUser
Assistance
MonitoringMonitoringDiscoveryDiscovery SubstitutionSubstitution Selection/AllocationSelection/Allocation
CompositionCompositionExecutionExecution Querying/RetrievalQuerying/Retrieval
Publish/SubscribePublish/
SubscribeRPC/RMIRPC/RMI StreamingStreaming MulticastMulticast
KnowledgeManipulationKnowledge
ManipulationGoal
CreationGoal
CreationService
InteractionService
InteractionUser
AssistanceUser
Assistance
Agents & AC
© British Telecommunications plc
Neural Adaptive Network Algorithm (SCAN)
• Algorithms for resilience in P2P middleware
– Frequency Rule
– Feedback rule
– Decay rule
– Dynamic Growth Rule
– Constrained virtual connection Rule
BT Pervasive ICT Centre
© British Telecommunications plc
0 2000 4000 6000 8000 1 104
0
0.5
1
No. of iterations i.
Avg
. nod
e co
nnec
tions
as
a pe
rcen
tage
SCAN network resistance to a targeted attack (i.e. nodes with high degree k)
© British Telecommunications plc
Nexus Architecture
© British Telecommunications plc
© British Telecommunications plc
© British Telecommunications plc
• Visual Data Mining– Not just data visualisation
• Mixed-initiative operation– Automatic clustering & User feedback
• Learning to cluster better & auto-categorise– Artificial neural network
• Minimising cognitive load / Maximising tag quality– Tag suggestion
Cyclone
© British Telecommunications plc
Cyclone
• Categorisation of unstructured information
© British Telecommunications plc
MoD CWID 2008
© British Telecommunications plc
The Cyclone Framework
2009 IEEE International Symposium on Intelligent Agents (IA 2009), Nashville, Tennessee, USA - 30th March 2009
Categorization Process
© British Telecommunications plc
2009 IEEE International Symposium on Intelligent Agents (IA 2009), Nashville, Tennessee, USA - 30th March 2009
The Cyclone Framework Force-based Visual Clustering
© British Telecommunications plc
• Simulated Physical Forces– Attracting and Repelling Forces
– Cosine Similarity to determine Force weights
2009 IEEE International Symposium on Intelligent Agents (IA 2009), Nashville, Tennessee, USA - 30th March 2009
The Cyclone Framework Force-based Visual Clustering
© British Telecommunications plc
2009 IEEE International Symposium on Intelligent Agents (IA 2009), Nashville, Tennessee, USA - 30th March 2009
The Cyclone Framework
© British Telecommunications plc
© British Telecommunications plc
Human factors
43
© British Telecommunications plc
44
© British Telecommunications plc
Conclusion
• Cyber Defence must become autonomous– Self*, P2P, Topology design, Dynamics
• Autonomy vs. Control debate– More research required
• Resilience as a design principal– Pagodas
• Dependability needs sophisticated risk analysis• Human Factors
– Simpson's
© British Telecommunications plc
Questions
• How autonomous should Cyber Security become?
• Is there any alternative?
• Will AI become a threat?
46
© British Telecommunications plc
Links
• BT Security Solutions– http://www.counterpane.com/
• UK Cyber Security KTN – http://www.ktn.qinetiq-tim.net/
• Santa Fe Institute– www.arcs-workshop.org
© British Telecommunications plc
BT Pervasive ICT Centre
© British Telecommunications plc