The U.S. faces constant attacks in cyber-space which have the potential to cripple the U.S. military infrastructure. Given the ramifications of such attacks, the Department of Defense has recently adjusted its strategy for cyber-defense toward maintaining mission-critical functionality in the face of cyber-attacks which have compromised critical portions of the mission-support infrastructure. The ARMEVA system (Attack Recognition and Mitigation by Expert Virtual Assistant) implements this strategy by using virtual and machine learning technologies to ascertain the security state of the system infrastructure. ARMEVA identifies not only if the system is under attack, but also which components of the system have been compromised. If the mission is endangered, ARMEVA automatically invokes contingency measures designed to mitigate the effects of the attack. ARMEVAs cognitive representation paradigm allows arbitrary attack mitigation strategies to be implemented, from informing the commander as to which parts of the system are no longer trustworthy to implementing automated fail-over to replace entire suites of critical processes. This approach maximizes the potential for mission success even when critical portions of the system have been severely compromised.
Benefit: A recently revealed exploit in the U.S. security system reveals the extent of the danger posed to the United States and its allies by cyber-threats. An exploit which started with the installation of a rogue program via a flash drive in the Middle East, was the most serious breach of U.S. Military computers ever according to William J. Lynn 3d, deputy secretary of defense, said recently in Foreign Affairs. Mr. Lynn described the tremendous difficulty of protecting digital military communications over a vast array 15,000 networks and 7 million computing devices all over the world against determined adversaries who, with limited means and a certain level of ingenuity, can inflict enormous damage. A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United Statess global logistics network, steal its operational plans, blind its intelligence capabilities or hinder its ability to deliver weapons on target, Mr. Lynn stated. mZeals proposed ARMEVA (Attack Recognition and Mitigation by Expert Virtual Assistant) system provides a powerful combination of automated attack detection, mitigation, and decision support capabilities which will act to minimize mission risk in the face of potentially crippling cyber-attacks. For example, the exploit mentioned above would have been detected and eliminated by ARMEVA. This is due to the fact that each input to the system is tracked on a machine instruction basis, and trustworthiness and sensitivity levels of data and processes adjusted in accordance with how they interact with other processes and data. Since the rogue process did not originate from a trusted source, and/or would have pushed sensitive data out of the system, ARMEVA would have generated a low trustworthiness level for the rogue process and acted to eliminate the exploit. The basis of the ARMVEVA technology is to host the mission-critical application/s in a protected virtual environment. As the application interacts with its environment, the effect of each interaction is tracked at the machine instruction level. Relevant information is then stored in a Knowledge Model which reflects the security status of the protected application. Rules which to take into account sensitivity, trust and the role of the processes and data involved are used to update the protected systems security status on an ongoing basis. The Knowledge Model thus provides a valuable assessment of the level of confidence in which various assets of the protected system can be held. This represents a powerful decision support capability which will enable commanders to understand when and how the system has been compromised when a
Keywords: Mission Assurance, Critical Infrastructure Protection, Operation Through Cyber Attack, Mission Assurance Analysis Protocol (Maap), Cyber-Attack Mitigation, Novel Attack Detect
