Upload
duongtruc
View
218
Download
4
Embed Size (px)
Citation preview
Big Data for Government Symposium htt // tthttp://www.ttcus.com
Linkedin/Groups:Technology Training Corporation
@TECHTrain
Big Data Analytics
Dr. Randy Garrett
The views, opinions, and/or findings contained in this presentation are those of the author and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research Projects Agency
or the Department of Defense
Approved for Public Release, Distribution Unlimited
I2O: information to operations
• Cyber
Information Information is is a force multipliera force multiplier
• Cyber
• ISR exploitation
• New experts
Approved for Public Release, Distribution Unlimited
The Earth at Night
NASA Earth Observatory/NOAA NGDCDistribution Statement “A” (Approved for Public Release, Distribution Unlimited)
The views, opinions, and/or findings contained in this article/presentation are those of the author/presenter and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research
Projects Agency or the Department of Defense.
Interconnectivity
6
Distribution Statement “A” (Approved for Public Release, Distribution Unlimited)The views, opinions, and/or findings contained in this article/presentation are those of the author/presenter and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research
Projects Agency or the Department of Defense.
Democritization of Technology
A ailable to Indi id als State Go e nments
• Instantaneous global communications
• Capital Equipment• Jet fighters, Naval fighting vessels,
Available to Individuals: State Governments:
• Low cost, rapid global transportation
• Ubiquitous mass media
long range artillery• Missiles (but not UAV’s,
Tomahawks)• Nuclear Weapons (?)
• Encryption• High Resolution Satellite Imagery• Precision Navigation & Timing
• Nuclear Weapons (?)
• State-of-the-art sensors• Sophisticated C2• Large numbers of trained troops
• Design & fabrication of sophisticated: parts, electronics, biological materials
• IED’s EFP semi submersibles
• Large numbers of trained troops
• IED s, EFP, semi-submersibles
• High performance computing
7
Distribution Statement “A” (Approved for Public Release, Distribution Unlimited)The views, opinions, and/or findings contained in this article/presentation are those of the author/presenter and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research
Projects Agency or the Department of Defense.
Understanding Organizations and Their Relationships
Traditional DOD(Nation State)
Unexplored Territoryp y
Historic Military Counter-InsurgencyCounter Insurgency
Approved for Public Release, Distribution Unlimited
Our physical systems are vulnerable to cyber attacks…
Chinese cyber attack: “Highly sophisticated and targeted attack” on Google corporate i f t t (k A )
Small group of academics took control of a car using Bluetooth
infrastructure (known as Aurora)
gand OnStar. They were able to disable the brakes, control the
accelerator, and turn on the interior microphone.[1]p
False speedometer readingNote that the car is in park…[1] K. Koscher, et al. "Experimental Security Analysis of a Modern Automobile," in Proceedings of
the IEEE Symposium on Security and Privacy, Oakland, CA, May 16-19, 2010.
Approved for Public Release, Distribution Unlimited 9
Plan X
A single view of the cyber battlespace for planning, operation and situational awareness
Plan X System
Intuitive Interfaces
Cyber battlespace analytics
MissionPlanning
CapabilityDatabase
Platforms
Mission Execution
network mappingdata
deploy,operate,measure
Core Plan X Technology Base
analytics Platforms
• Real-time cyberspace analytics• Intuitive views and interactions• Single fused situational awareness• Machine execution
Approved for Public Release, Distribution Unlimited
• Machine execution• Assured and integrated battle damage assessment • Work with range of skill sets, novice to expert
Scalable analytics & data processing technologyTechnical Area 1 - XDATA
Quadratic scaling O(n^2)Correlation of subsets of data
Statistics for an n^2 scaling analytic based on 20K records with feature vector length of 8000 used to• Propagation of uncertainty
Challenges to achieve practical solutions with know accuracy in realistic environments
records with feature vector length of 8000 used to generate a correlation coefficient matrix.
Data locality (random access seek times) along with CPU usage are the primary factors in execution.
Propagation of uncertainty
• Measuring non-linear relationships
S li d ti tiSmall
Medium
Large
Huge
• Sampling and estimation techniques for distributed platforms
*Actual measured timesother times above are estimated
Huge
Massive• Methods for distributed dimensionality reduction, matrix factorization etc.
Reduction methods?
n^3 scaling O(n^3)PCA/SVD, betweenness, force-directed layout
“Betweenness” using 4.7 million nodes and 29 million edges1.
• Streaming data feeds
• Optimal cloud configurations and
111 AFRL 2011 Approved for public release; distribution is unlimited.
p gresource allocation with asymmetric components
Getting convergent:Manageable diversity (CRASH‡)
New architectures guided by biology
System Users
Make all systems look the same to the system users and managers,
but different to the attackers.
High-Level Visible Layers to User Remain Unchanged
System Users
System Managers
Management Interface & Dynamic Loader Component
M
Diversity Management Middleware
y g
MapDependency
Map
Randomization of Lower Layers Attacker• Preventing common attacksAddress space layout randomization
Instruction set randomization
Functional Redundancy
y AttackerPreventing common attacks.• Adapting in response to
unanticipated attacks.• Create diversity so attacker
has to deal with heterogeneity.
MethodijMethodijTaskiTaski
‡ Clean-slate design of Resilient, Adaptive, Secure Hosts
Approved for Public Release, Distribution Unlimited 12
Encrypted computing in the cloud as privately as in your data center (PROCEED‡)
It is theoretically possible to perform arbitrary computations on encrypted data without decrypting. Thus, preserving security even on untrustworthy computational infrastructure. [Gentry, 2009] [1]
What if all computation could be done on encrypted data?• Secure computational outsourcing
Will your foreign-built computer steal Secure computational outsourcing
• System hardware and software provenance concerns reduced
• Data provenance and availabilityremain concerns
your data?
Program Approach• PROCEED is searching for efficient ways to compute on encrypted data that can be
implemented on modern computers• Potential applications
• High assurance network guards• Training simulators• Image processing ‡ PROgramming Computation on EncryptEd Data (PROCEED)
[1] Craig Gentry. Fully Homomorphic Encryption Using Ideal Lattices. 41st ACM Symposium on Theory of Computing (STOC), 2009.
Approved for Public Release, Distribution Unlimited 13
Active Authentication
Fingerprint Forensic authorshipMouse tracking
Beyond passwordsObjective
V lid t th i di id l t thRidge Ending
Ridge Bifurcation
Average word length
Type-token ratioTime over a single location
Drifting while reviewing topics
Validate the individual at the keyboard by those unique factors that make up the individual.
Approach
Core
Island
Use of Punctuation
Use of unique wordsDouble click
Approach
Focus on software biometrics (those without hardware sensors).
Rotate many different biometricsHovering to review
alt-text
Repurposed TechnologyExisting Technology New Technology
Source: epdeatonville.org\wp-content uploads\2011 04\fingerprint.jpg Source: The Mancurian Candidate, Robert Graves, P2, Amazon PreviewSource: google search for "real estate" with mouse tracking provided by IOGraph
Rotate many different biometrics as the human at the keyboard is working, resulting in an invisible authentication method.
Biometric Identity Modalities
Approved for Public Release, Distribution Unlimited.
Automated Program Analysis for Cybersecurity (APAC)
Objective• Develop new program analysis tools
and techniques for detecting malicious q gfunctionality in mobile applications.
• Seek fundamental advances in program analysis that might enable DoD to vet other kinds of software,
Third-party developers submit mobileDoD to vet other kinds of software,
too.Approach• Produce practical automated analysis
tools designed to keep malicious code
submit mobile apps to DoD.
Some contain hidden malicious functionality.
DoD analysts keep mobile app store free of malicious apps.
APP APP STORE
tools designed to keep malicious code out of DoD mobile application marketplaces.
• Translate goal of keeping malicious d f b l l
y malicious apps.
Develop new tools and techniques for vetting mobile apps.
code out of DoD mobile application marketplaces into lower-level properties that can be proven with automated program analysis tools.
Approved for Public Release, Distribution Unlimited 15
VET: Vetting Commodity IT Software and Firmware
Objective• Fully-automated checks for broad classes
of malicious features and dangerous flaws in software and firmware
Approach• Detect attacks we have never seenDetect attacks we have never seen
before that are not based on signatures• Define malice:
• Determine broad classes of hidden malicious functionality to rule out Examplesy
• Confirm the absence of malice:• Demonstrate the absence of those broad
classes of hidden malicious functionality
• Examine equipment at scale:• Scale to non-specialist technicians who must
vet every individual new device used by DoD prior to deployment
Smart Phones
Routers Printers
Approved for Public Release, Distribution Unlimitedhttp://www.dtic.mil/whs/esd/cmd/index.htmhttp://broadband.mt.gov/providers.aspxhttp://www.benning.army.mil/library/content/MCoELibrariesEResources/mcoelibrarieseresources.htmhttp://www.mc4.army.mil/hardware/Printers
Images of specific hardware are for illustration only and should not be
interpreted as implying vulnerabilities
16
High Assurance Cyber Military Systems
Objective: • Cost-effective construction of high-
assurance cyber-physical systems.
Safety Policy
Security Policy y p y y
• Functionally correct.• Satisfy appropriate safety and security
properties.
Approach:
Functional Specification
Hardware Description
Approach:• Use clean-slate formal methods• Produce high-assurance operating system
components and control systems.l f h
Resource Constraints
Environment Description
SynthesizerVerified Libraries• Develop a suite of program synthesizers
and formal-methods tools.• Generate an integration workbench
containing all HACMS tools and assured
Synthesizer
Code
Proof
Diagnostic Information
Libraries
components.Proof
Clean-slate formal-methods-based approach
Approved for Public Release, Distribution Unlimited 17
Cyber Grand Challenge
Objective:A Cyber Grand Challenge for
automated defenders similar to
Competition Testbed
automated defenders similar to DEFCON Capture the Flag
Approach:C t t t d t th t
Flag Monitoring
Vulnerability Scan
Key
Create automated systems that can sense and respond to cyber attacks more rapidly than human operators
Service Poller
Mixed Inputs
pCompete systems that can engage in
counter-adaptation cycles and repel novel threats from networks
• Anomaly detection, big data analytics, case-based reasoning, heuristics, game theory, and stochastic optimization
Compete at a high level in cyber competitions
Further dissemination only as directed by DARPA Public Release Center or higher DoD authority
Dark Nebula
© Robert TraubeDistribution Statement “A” (Approved for Public Release, Distribution Unlimited)
The views, opinions, and/or findings contained in this article/presentation are those of the author/presenter and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research Projects Agency or the Department of
www.darpa.mil
20
Distribution Statement “A” (Approved for Public Release, Distribution Unlimited)The views, opinions, and/or findings contained in this article/presentation are those of the author/presenter and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research
Projects Agency or the Department of Defense.