Big Data for Government Symposium

Transcription

1 @TECHTrain Big Data for Government Symposium Linkedin/Groups: Technology Training Corporation

2 Big Data Analytics Dr. Randy Garrett The views, opinions, and/or findings contained in this presentation are those of the author and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research Projects Agency or the Department of Defense Approved for Public Release, Distribution Unlimited

3 DARPA History Approved for Public Release, Distribution Unlimited

4 I2O: information to operations Information is a force multiplier Cyber ISR exploitation New experts Approved for Public Release, Distribution Unlimited

5 The Earth at Night NASA Earth Observatory/NOAA NGDC Distribution Statement A (Approved for Public Release, Distribution Unlimited) The views, opinions, and/or findings contained in this article/presentation are those of the author/presenter and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research Projects Agency or the Department of Defense.

6 Interconnectivity Distribution Statement A (Approved for Public Release, Distribution Unlimited) The views, opinions, and/or findings contained in this article/presentation are those of the author/presenter and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research Projects Agency or the Department of Defense. 6

7 Democritization of Technology Available to Individuals: id Instantaneous global communications Low cost, rapid global transportation Ubiquitous mass media Encryption High Resolution Satellite Imagery Precision Navigation & Timing Design & fabrication of sophisticated: parts, electronics, biological materials IED s s, EFP, semi-submersiblessubmersibles High performance computing State Governments: Capital Equipment Jet fighters, Naval fighting vessels, long range artillery Missiles (but not UAV s, Tomahawks) Nuclear Weapons (?) State-of-the-art sensors Sophisticated C2 Large numbers of trained troops Distribution Statement A (Approved for Public Release, Distribution Unlimited) The views, opinions, and/or findings contained in this article/presentation are those of the author/presenter and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research Projects Agency or the Department of Defense. 7

8 Understanding Organizations and Their Relationships Traditional DOD (Nation State) Unexplored p Territory y Historic Military Counter Insurgency Counter-Insurgency Approved for Public Release, Distribution Unlimited

9 Our physical systems are vulnerable to cyber attacks Chinese cyber attack: Highly sophisticated and targeted attack on Google corporate infrastructure t (known as Aurora) Small group of academics took control of a car using Bluetooth and OnStar. They were able to disable the brakes, control the accelerator, and turn on the interior microphone. [1] [1] K. Koscher, et al. "Experimental Security Analysis of a Modern Automobile," in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 16-19, False speedometer reading Note that the car is in park Approved for Public Release, Distribution Unlimited 9

10 Plan X A single view of the cyber battlespace for planning, operation and situational awareness Plan X System Intuitive Interfaces network mapping data Cyber battlespace analytics Mission Planning Capability Database Platforms Mission Execution deploy, operate, measure Core Plan X Technology Base Real-time cyberspace analytics Intuitive views and interactions Single fused situational awareness Machine execution Assured and integrated battle damage assessment Work with range of skill sets, novice to expert Approved for Public Release, Distribution Unlimited

11 Scalable analytics & data processing technology Technical Area 1 - XDATA Challenges to achieve practical solutions with know accuracy in realistic environments Propagation of uncertainty Measuring non-linear relationships Sampling and estimation techniques for distributed platforms Quadratic scaling O(n^2) Correlation of subsets of data Statistics for an n^2 scaling analytic based on 20K records with feature vector length of 8000 used to generate a correlation coefficient matrix. Data locality (random access seek times) along with CPU usage are the primary factors in execution. Small Medium Large Methods for distributed dimensionality reduction, matrix factorization etc. Huge Massive *Actual measured times other times above are estimated Reduction methods? Streaming data feeds Optimal cloud configurations and resource allocation with asymmetric components n^3 scaling O(n^3) PCA/SVD, betweenness, force-directed layout Betweenness using 4.7 million nodes and 29 million edges 1. 1 AFRL 2011 Approved for public release; distribution is unlimited. 11

12 Getting convergent: Manageable diversity (CRASH ) New architectures guided by biology Make all systems look the same to the system users and managers, but different to the attackers. System Users High-Level Visible Layers to User Remain Unchanged System Managers Management Interface & Dynamic Loader Diversity Management Middleware Component Map Dependency Map Preventing common attacks. Adapting in response to unanticipated attacks. Create diversity so attacker has to deal with heterogeneity. Randomization of Lower Layers Address space layout Instruction set randomization randomization Functional Redundancy Attacker Method ij Task i Clean-slate design of Resilient, Adaptive, Secure Hosts Approved for Public Release, Distribution Unlimited 12

13 Encrypted computing in the cloud as privately as in your data center (PROCEED ) It is theoretically possible to perform arbitrary computations on encrypted data without decrypting. Thus, preserving security even on untrustworthy computational infrastructure. [Gentry, 2009] [1] What if all computation could be done on encrypted data? Secure computational outsourcing System hardware and software provenance concerns reduced Data provenance and availability remain concerns Will your foreign-built computer steal your data? Program Approach PROCEED is searching for efficient ways to compute on encrypted data that can be implemented on modern computers Potential applications High assurance network guards Training simulators Image processing PROgramming Computation on EncryptEd Data (PROCEED) [1] Craig Gentry. Fully Homomorphic Encryption Using Ideal Lattices. 41st ACM Symposium on Theory of Computing (STOC), Approved for Public Release, Distribution Unlimited 13

14 Active Authentication Objective Validate the individual id at the keyboard by those unique factors that make up the individual. Approach Ridge Ending Ridge Bifurcation Fingerprint Beyond passwords Mouse tracking Time over a single location Drifting while reviewing topics Average word length Forensic authorship Type-token ratio Focus on software biometrics (those without hardware sensors). Rotate many different biometrics as the human at the keyboard is working, resulting in an invisible authentication method. Island Core Source: epdeatonville.org\wp-content uploads\ \fingerprint.jpg Existing Technology Double click Source: google search for "real estate" with mouse tracking provided by IOGraph Hovering to review alt-text Repurposed Technology Use of unique words Source: The Mancurian Candidate, Robert Graves, P2, Amazon Preview Use of Punctuation New Technology Biometric Identity Modalities Approved for Public Release, Distribution Unlimited.

15 Automated Program Analysis for Cybersecurity (APAC) Objective Develop new program analysis tools and techniques for detecting malicious functionality in mobile applications. Seek fundamental advances in program analysis that might enable DoD to vet other kinds of software, too. Approach Produce practical automated analysis tools designed to keep malicious code out of DoD mobile application marketplaces. Translate goal of keeping malicious code out of DoD mobile bl application marketplaces into lower-level properties that can be proven with automated program analysis tools. Third-party developers submit mobile apps to DoD. Some contain hidden malicious functionality. APP APP STORE Develop new tools and techniques for vetting mobile apps. DoD analysts keep mobile app store free of malicious apps. Approved for Public Release, Distribution Unlimited 15

16 VET: Vetting Commodity IT Software and Firmware Objective Fully-automated checks for broad classes of malicious features and dangerous flaws in software and firmware Approach Detect attacks we have never seen before that are not based on signatures Define malice: Determine broad classes of hidden malicious functionality to rule out Confirm the absence of malice: Demonstrate the absence of those broad classes of hidden malicious functionality Examine equipment at scale: Scale to non-specialist technicians who must vet every individual new device used by DoD prior to deployment Examples Routers Smart Phones Printers Images of specific hardware are for illustration only and should not be interpreted as implying vulnerabilities Approved for Public Release, Distribution Unlimited 16

17 High Assurance Cyber Military Systems Objective: Cost-effective construction of highassurance cyber-physical y systems. Functionally correct. Satisfy appropriate safety and security properties. Approach: Use clean-slate formal methods Produce high-assurance operating system components and control systems. Develop a suite of program synthesizers and formal-methods tools. Generate an integration workbench containing all HACMS tools and assured components. Verified Libraries Safety Policy Functional Specification Resource Constraints Code Proof Synthesizer Security Policy Hardware Description Environment Description Diagnostic Information Clean-slate formal-methods-based approach Approved for Public Release, Distribution Unlimited 17

18 Cyber Grand Challenge Objective: A Cyber Grand Challenge for automated defenders similar to DEFCON Capture the Flag Approach: Create automated t systems that t can sense and respond to cyber attacks more rapidly than human operators Compete systems that can engage in counter-adaptation cycles and repel novel threats from networks Anomaly detection, big data analytics, case-based reasoning, heuristics, game theory, and stochastic optimization Compete at a high level in cyber competitions Competition Testbed Key Flag Monitoring Vulnerability Scan Service Poller Mixed Inputs Further dissemination only as directed by DARPA Public Release Center or higher DoD authority

19 Dark Nebula Distribution Statement A (Approved for Public Release, Distribution Unlimited) The views, opinions, and/or findings contained in this article/presentation are those of the author/presenter and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research Projects Agency or the Department of Robert Traube

20 Distribution Statement A (Approved for Public Release, Distribution Unlimited) The views, opinions, and/or findings contained in this article/presentation are those of the author/presenter and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research Projects Agency or the Department of Defense. 20