Malicious attacks are constantly evolving to inflict even more damage on the nation's infrastructure systems, corporate information technology (IT) systems, and our digital lives. A fundamental obstacle to achieving effective defense is information asymmetry, through which, under current static and passive defense schemes, the attacker has essentially limitless time to observe and learn about the defender, while the defender knows very little about the attacker. A promising approach to reverse information asymmetry is Moving Target Defense (MTD), whereby the defender dynamically updates system configurations to impede the attacker's learning process. Although MTD has been successfully applied in various domains, existing solutions typically assume an attacker with fixed capabilities and behavioral patterns that are known to the defender. The overarching goal of this project is to develop the foundations for the design and analysis of robust MTD mechanisms that can provide a guaranteed level of protection in the face of unknown and adaptive attacks. The proposed research contributes to the emerging field of the science of security via a cross-disciplinary approach that combines techniques from cybersecurity, game theory, and machine learning. The investigator will disseminate the research findings to industry to help impact real systems. Elements from this research are to be incorporated into new courses on cybersecurity at Tulane University. The project engages underrepresented students and K-12 students and provides rich research experience to undergraduate students.
Developing robust MTD faces three major challenges induced by (1) the coupling of system dynamics and incentives; (2) the hidden behavior of stealthy attacks; (3) the necessity of coordinating multiple defenders in large systems. To tackle these challenges, the investigator will focus on three interrelated thrust areas. In the first thrust, a dynamic two-timescale MTD game that captures a variety of attack patterns and feedback structures is designed and techniques for handling games with large state spaces are investigated. In the second thrust, reinforcement learning-based MTD policies for thwarting unknown attacks are studied. The focus is on developing approximately optimal solutions with low complexity that can effectively exploit the delayed and noisy feedback during the game. In the third thrust, the MTD game and learning framework are extended to incorporate multiple attackers and defenders, and information sharing and mediation schemes for enabling coordinated MTD are investigated. The developed game models and defense strategies are validated via testbed implementations and trace-driven simulations. The research outcomes are expected to provide new insights and novel mechanisms that will significantly advance our understanding of how strategic thinking and learning can help achieve more adaptive cyber defense against advanced attacks.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
