520 likes | 956 Views
Shit Happens!. Robert Ghanea-Hercock Chief Researcher in Centre for Information & Security Systems Research, BT Innovate 2009. A D A S T R A L P A R K. EXCHANGE IN GREENOCK WITH OPERATORS CIRCA 1908. Unleashing open innovation. Customers. BT FON. BT Vision. Future services.
E N D
Shit Happens! Robert Ghanea-HercockChief Researcher in Centre for Information & Security Systems Research, BT Innovate 2009
Unleashing open innovation Customers BT FON BT Vision Future services BT Snap&Send
Motivation • Autonomous Cyber Defence Solutions • Where we are • In trouble! • Research • Biology & Artificial Immune Systems • Self* systems • Complex Networks, Dynamics and Topology • Conclusions
Next Generation Web Research Semantic Business Intelligence ICT Infrastructure Virtualisation Policy based management Service Management Research Adaptive ICT Automated management of network, storage and computing Information Security Research Security Architectures Research Enterprise Risk Research Overview of Centre for Information & Security Systems Research
Motivation • Static network security techniques are failing • Cyber Defence must become Adaptive & Autonomous • Goal: Resilient and self-healing Enterprise systems
Biological Defence as a model • Artificial Immune Systems (Forrest et al) • Biological defence examples • External (teeth, claws etc) • Internal (lymphatic network & immune system) • Social networks in animal groups (Soldier Ants, herding, swarms..)
The Problem • Attacks occur at machine speed 10-6 sec • Responses at human speed 103 sec • Economics trades cost of response with risk • Information Assurance boring • Business Continuity, dull and expensive • Humans are very, very, bad at risk assessment
Network Dynamics & Topology • Topology impacts spread of viral/self-replicating processes (Satorras & Vespignani 2001) • “Error and attack tolerance in complex networks”, Albert R., Jeong H., and Barabási A., Nature 406 , 378 (2000). • In a Small-World: Topology counts
BT Pervasive ICT Centre BT Exact - Agent Immunology Model Agent-based Modelling of Anti-viral systems • Two-dimensional discrete spatial world model, in which a population of artificial agents interact, move, and infect each other: based on the Sugarscape model (Epstein and Axtell 1996). • Cooperative exchange of simulated antibodies, used to create group immunity • Built on the REPAST agent toolkit from the University of Chicago (http://repast.sourceforge.net/).
Graph showing decrease in average viral infection level without, and with shared antibodies between agents.
Nexus Middleware • Smart middleware for resilient & agile ICT Services • Enables flexible applications composed of services + sensors in dynamic and unreliable networks • Emphasis on • Robustness • Adaptivity • Runtime flexibility/re-configurable • Rapid deployment • Low cost
Rules of Resilience • Engineer the Network to fail gracefully • Incorporate multiple-layers of defence (Defence in Depth) • Use robust response mechanisms • Design out human options: choices = threats • Resilience not Optimality
P2P Networks • A virtual overlay network • Very resilient • Highly adaptive • Low cost deployment • Automatic load balancing (e.g. Bittorrent) • BBC iPlayer = 5% UK traffic, 1 Million shows/week • But • Challenges: security and management e.g. Marine One
BT Pervasive ICT Centre PHOBOS P2P Agent Authentication Agent-based user authentication model
Goal Creation Goal Creation Service Interaction Service Interaction KnowledgeManipulation KnowledgeManipulation UserAssistance UserAssistance Execution Execution Composition Composition Querying/Retrieval Querying/Retrieval Discovery Discovery Monitoring Monitoring Substitution Substitution Selection/Allocation Selection/Allocation RPC/RMI RPC/RMI Publish/Subscribe Publish/Subscribe Streaming Streaming Multicast Multicast Technology Stack Interaction Layer Process Management Layer Resource ManagementLayer Communication Layer SOA P2P Semantic Web Information Integration Agents & AC
BT Pervasive ICT Centre Neural Adaptive Network Algorithm (SCAN) • Algorithms for resilience in P2P middleware • Frequency Rule • Feedback rule • Decay rule • Dynamic Growth Rule • Constrained virtual connection Rule
SCAN network resistance to a targeted attack (i.e. nodes with high degree k)
Cyclone • Visual Data Mining • Not just data visualisation • Mixed-initiative operation • Automatic clustering & User feedback • Learning to cluster better & auto-categorise • Artificial neural network • Minimising cognitive load / Maximising tag quality • Tag suggestion
Cyclone • Categorisation of unstructured information
The Cyclone Framework • Categorization Process 2009 IEEE International Symposium on Intelligent Agents (IA 2009), Nashville, Tennessee, USA - 30th March 2009
The Cyclone Framework • Force-based Visual Clustering 2009 IEEE International Symposium on Intelligent Agents (IA 2009), Nashville, Tennessee, USA - 30th March 2009
The Cyclone Framework • Force-based Visual Clustering • Simulated Physical Forces • Attracting and Repelling Forces • Cosine Similarity to determine Force weights 2009 IEEE International Symposium on Intelligent Agents (IA 2009), Nashville, Tennessee, USA - 30th March 2009
The Cyclone Framework 2009 IEEE International Symposium on Intelligent Agents (IA 2009), Nashville, Tennessee, USA - 30th March 2009
Conclusion • Cyber Defence must become autonomous • Self*, P2P, Topology design, Dynamics • Autonomy vs. Control debate • More research required • Resilience as a design principal • Pagodas • Dependability needs sophisticated risk analysis • Human Factors • Simpson's
Questions • How autonomous should Cyber Security become? • Is there any alternative? • Will AI become a threat?
Links • BT Security Solutions • http://www.counterpane.com/ • UK Cyber Security KTN • http://www.ktn.qinetiq-tim.net/ • Santa Fe Institute • www.arcs-workshop.org
Contact Dr Robert Ghanea-Hercock robert.ghanea-hercock@bt.com