GCAS, Inc., Carnegie Mellon University, and Lockheed Martin Corporation have partnered to research how to model and forecast a cyberthreat’s future maneuvers in a compromised IT or OT network. Our approach is to use methods and models studied and developed for attack warning and attack assessment of ballistic missile defense, such as probabilistic multi-model filters and multi-hypotheses tracking, Specifically, a Multi Hypothesis Method (MHM) within a Bayesian framework is presented, including Utility and Game Theory for decision making. The result is an approach for determining the most likely past threat vector and providing a prioritized list of most likely future maneuvers by the threat agent.
This proven technology is being leveraged to track and forecast cyberthreat attack vectors to effectively defend organizational high value assets and neutralize those threats. The approach has the advantage over current state of the art techniques (e.g., rule-based systems and neural networks) in that it adds the ability to predict the potential future next move in the attack vector.
A simple proof-of-concept study was performed, simulating a cyberattack by a single intruder with a limited number of maneuver tactics , which validated the feasibility of the approach.
Three planned outcomes of our research are:
- Efficient algorithms and methods for predicting future movement of a cyberthreat,
- Cyber Simulation & Modeling (S&M) tool for digital twin, cyber wargaming, training and validating CMMC compliance, and
- An advanced probabilistic S&M system for modeling complex non-deterministic problems across a wide domain of applications.
Keywords
BAYESIAN NETWORKS,BEHAVIOR MODELING,CYBER,DECISION,DISCRETE EVENT SIMULATION,M&S,PROBABILITY,RISK ASSESSMENT,SIMULATIONS,THREAT MODELING,VULNERABILITY MODELS
Additional Keywords
probabilistic multi-model filters, multi-hypotheses tracking, decision networks