This talk will discuss research at the Army Research Laboratory related to computer security focused on developing foundational knowledge that will lead to the development of novel techniques capable of dealing with real-world cybersecurity scenarios of the future, i.e., sophisticated threats. Future cybersecurity scenarios will necessitate moving away from strictly signature and pattern–based detection techniques and aiding analysts in dealing with the scale of ever increasing numbers of events. Specific research includes:
* Models that aid comprehension of the cyber domain and the challenges and interrelationships therein.
* Development of techniques to aid in “fighting through” attacks and compromises such that missions can be accomplished even under the most adverse conditions, e.g., moving target defense and agility paradigms.
* Novel detection and support techniques. The desire is to develop breakthrough intrusion detection techniques through revolutionary approaches and views of the problem or solution domain. Additionally, how can we support the intrusion detection process to make it more efficient and effective? The goal is to consider redesigning sensors, data transmission and storage paradigms, computational algorithms, incorporate data semantics and context, etc.
* Enable better training, more effective cyber tool development, and reduced cognitive load through the derivation of models of cyber defender cognitive processes.
* Enable novel cognitively oriented display techniques to visually analyze the cyber domain, assess situational awareness, and identify sophisticated adversaries with reduced cognitive load based on proven scientific foundations. Focus especially on the development of the underlying scientific foundations of display approaches.
* The ultimate goal of our research is the defense of complex networks, i.e., tactical networks and the associated soldiers in the field. Such tactical networks incorporate unique challenges due to the dynamic nature of the environment and resource constraints.