ASU part of 6-university initiative to defend against cyberattacks

Friday, June 30, 2017

In “The Art of War,” famed Chinese general Sun Tzu advised, “if you know the enemy and know yourself, you need not fear the result of a hundred battles.”

Along with five other universities, researchers from Arizona State University are bringing this age-old concept to digital battlefields to combat advanced persistent cyber threats and other forms of cyber malfeasance.

The project — titled "Realizing Cyber Inception: Towards a Science of Personalized Deception for Cyber Defense" — brings together experts in computer science, cybersecurity, game theory and cognition to conduct research on defending against cyberattacks by profiling the attackers. The work is supported by a $6.2 million Multidisciplinary University Research Initiative award, granted to the six partnering universities by the Army Research Office last month.

Nancy Cooke (pictured above, standing) explains the aim of the project in simple terms: “We’re trying to deceive the deceiver.” Cooke is a professor and human systems engineering graduate program chair and professor at the Polytechnic School, one of the six Ira A. Fulton Schools of Engineering.

As a cognitive psychologist, Cooke’s role in the project is to gather data on human behavior using her DEXTAR (Cyber Defense EXercises for Team Awareness Research) simulator. The lab, which seats six people, will simulate cyberattack and defense scenarios for participating graduate students that Cooke will use to gather data.

That data will go to researchers at Carnegie Mellon University, who in turn will create cognitive models of decision-making by attackers. Paired with a mathematical framework for modeling defenders and attackers in a cybersecurity environment, the cognitive models are used to develop examples of multilayered environments that can monitor attacks.

“What we’re doing is developing a personalized form of deception,” Cooke said. “We try to understand the attacker. Instead of a using a generalized honeypot, we specialize the offense against them, creating an environment in which they don’t know what’s real and what’s not.”

The types of attacks Cooke and her fellow researchers look to guard against have seen an uptick in recent years. For instance, in January, an assessment by the Office of the Director of National Intelligence concluded with high confidence that the Russian government interfered in the 2016 U.S. presidential election through hacking.

“These kind of attacks are dangerous because they start out personal but become persistent and pervasive,” said Cooke, citing the 2014 cyber attacks against JPMorgan Chase and Sony Pictures, both of which resulted in extended data and communication breaches.

“A lot can happen once they’re in the system, opening doors to espionage and threats to national security,” said Cooke.

The University of Southern California leads the project, with Milind Tambe, a professor of computer science, at the helm. Carnegie Mellon; the University of North Carolina, Chapel Hill; North Carolina State University; and the University of Texas, El Paso round out the partner institutions in addition to ASU.

“When the call went out for this, as it often happens, people at different universities started calling around to see if one another were interested,” said Cooke. “We thought our different skill sets would make for a good team, and evidently so did the ARO.”

This marks the third MURI award Cooke has been a part of, the previous two awarded by the Office of Naval Research and the Army Research Office. One examined macro-cognition in a naval setting and how to improve teamwork during operations, while the other studied situational awareness in cybersecurity.

 

Top photo: Professor Nancy Cooke works with a student in the Cyber Defense EXercises for Team Awareness Research simulator, known as DEXTAR, on ASU's Polytechnic campus. Photo by Jessica Hochreiter/ASU