Challenge Problems

Visible to the public 

C3E CHALLENGE PROBLEMS

Beginning in 2014, C3E has introduced challenge problems. C3E brings together a diverse set of experts in creative collaboration to tackle these tough intellectual challenges and point toward novel and practical solutions. The challenge problems for the past three years are listed below and linked to more information about each of the problems.

2018: AI/ML Cyber Defense
2016 & 2017: Modeling Consequences of Ransomware on Critical Infrastructures
2015: Cyber Security
2014: Metadata-based Malicious Cyber Discovery


C3E 2019 Challenge Problem

Cognitive Security (CS) and Human-Machine Teaming (HMT)
Jump to: CS | HMT

The Computational Cybersecurity in Compromised Environments Workshops (C3E) has introduced challenge problems since 2013. The Workshops bring together experts to tackle tough intellectual challenges and point toward novel and practical solutions. Last year, C3E 2018 looked into Adversarial Machine Learning (AML) and connections with Explainable Artificial Intelligence (XAI), and Decision Support Vulnerabilities.

For 2019, C3E will further examine a key element explored during the 2018 Workshop - the role of the human in cyber environments. Specifically, the 2019 C3E Workshop will explore cognitive security and human-machine teaming in cyber. We find ourselves in the midst of an era of social- information warfare - for which we are presently ill prepared to mount an effective defense. It is necessary to investigate hybrid approaches that account for both technological and human sides of the problem. Each track will address a challenge problem during the breakout sessions. Following the workshop, a follow-on program will seek to provide continuity by continuing research into issues identified at the workshop.

Follow-on Challenge Problem Research Projects

This project offers an opportunity to government, industry and academic researchers to add content and continuity to the SCORE C3E workshop 2019 Challenge Problems. We anticipate a study to explore in cognitive security and human behavior in cyber, engaging 4-6 researchers on a part time basis to identify and explore specific issues developed at the workshop and present their findings at the 2020 and 2021 C3E workshops. Funding will be sought to pay an honorarium to these researchers.

Some of the questions to be addressed include:

  • Are there multi-model approaches that can be implemented to mitigate the effects of adversary attacks on AI/ML-based systems and increase cyber defender's confidence in autonomous cybersecurity systems?
  • Are there any graph analytics, game theory, or generative adversarial networks (GAN) strategies that can be brought to bear to make cybersecurity AI/ML more resilient to adversarial machine learning?
  • Given the continuous and rapidly evolving cyber exploitation/attack patterns, what can be done to speed up the process of (re-)training AI/ML models without introducing adversary induced biases?
  • How can AI/ML models be trained to identify/classify malicious behaviors that have not been seen before without generating numerous false positives, such as zero-day exploits?

Cognitive Security Challenge Problem

Background. Ongoing research has developed cognitive models to predicts hacker's and defender's decisions in the abstract cyber security tasks. Cranford et al. (2018, 2019) developed an instance-based learning (IBL) cognitive model (Gonzalez, Lerch & Lebiere, 2003) of attackers that accurately predicts human decision making from experience. Currently, these models could predict hacker's actions using abstract information such as "attack on network node". Detailed information on the defender's features such as the ports, operating system, or data on the network that were attacked and the information about the information gathering, attack type, and exploits were not part of these models. Thus, there is a gap between current cognitive agents and developing human like agents for complex cyber security scenarios.

Challenge. The challenge is to develop cognitive models which consider contextual information of configurations, skills to exploit various systems, complex network structures etc. while predicting hacker's decisions. Such models can act as synthetic hackers to test various defense algorithms.

Task. The task is to develop a model that first probes the network to gather information on the number of nodes, open ports, operating systems, and service versions. After collecting this information, the attacker's model would decide to attack one node. The attack decision would include understanding of which exploit to be used for attacking a configuration of the node. In this task, the defender masks the true configuration of some nodes with different observable configuration.

Dataset. The CMU Dynamic Decision Making Laboratory (DDMLab) is conducting the above experiment using CyberVAN, i.e., a testbed for conducting cyber security research. The DDMLab is collecting human data to test the effectiveness of different masking strategies. This dataset could act as a dataset for the challenge problem. Alternatively, challenge problem researchers could use their own physical networks as a testbed to test the effectiveness of different masking strategies to generate datasets.

Outcome. A cognitive agent that can mimic human actions in the tasks involving probing and attacking different network nodes. The development of a predictive model for the hacker would also help in learning biases and taking advantage to improve cyber defense.

Some questions to be addressed are, for example:

  • What are the cognitive processes involved for an attacker's decision-making in cyberattack situations?

  • How accurately could cognitive models of attackers predict their actions?

  • What do we learn about attacker's biases using cognitive models?

  • Given an accurate model of an attacker, how can defensive algorithms be made adaptive?

  • Can cognitive models provide better information about the effectiveness of defensive decisions compared to an attacker's cyberattack models?

References:

  1. Cranford, E., Lebiere, C., Gonzalez, C., Cooney, S., Vayanos, P., & Tambe, M. (2018). Learning about Cyber Deception through Simulations: Predictions of Human Decision Making with Deceptive Signals in Stackelberg Security Games. In CogSci.
  2. Cranford, E. A., Gonzalez, C., Aggarwal, P., Cooney, S., Tambe, M., Lebiere, C. (2019). Towards personalized deceptive signaling for cyber defense using cognitive models. In Proceedings of the 17th Annual Meeting of the International Conference on Cognitive Modelling (in press). Montreal, CA
  3. Gonzalez, C., Lerch, F. J., & Lebiere, C. (2003). Instance-based learning in dynamic decision making. Cognitive Science, 27, 591-635.

Human-Machine Teaming Challenge Problem

Background. The traditional model of users operating automated processes and analytics in cyber operations may no longer be valid for modern cyber defense operations centers where automation is often adaptive and generally works at larger scales and much faster than people. Modern cyber operations are becoming much more akin to environments where people and machines work as team, leveraging from one another's strengths, actions, and decisions. These new roles for both humans and machines in cyber operations will inevitably raise important challenges including the need for supporting shared mind models between humans and machines, new ways to better define and share context in human-machine teaming, novel interaction modes and visualizations, and new ways to evaluate the performance and effectives of human-machine teams. These are important areas of research that will be topics of discussion at C3E 2019.

Motivation for the Challenge Problem. The proposed challenge problem is two-fold. First it involves the identification of some of the issues associated with HMT in a cyber defense scenario and uses that information to better understand the underlying events taking place in the scenario. The second part of the challenge problem is to propose approaches to solutions to mitigate the problems identified in the first of the challenge.

Proposed Scenario. The cyber defense scenario used for the challenge problem is based on a set of stages of one or more kill-chains taking place over an emulated enterprise network. The network is monitored by different algorithms that are making their own analysis and assessment of the events and situation. The user has partial visibility of the network events but has full access to the assessment provided by all algorithms and analysts, as well as background information about the types of algorithms, and the training data used for each algorithm both prior and during the scenario.

Challenge Problem. The analyst is provided with a description of the network and some information about the possible events taking place in the scenario, which includes information about the different defensive autonomous systems monitoring and responding to network events. The analyst also has information about the types of automation being used and details about the way they have been trained prior to the scenario. Based on that information the analyst is expected to make an assessment of the underlying autonomous defensive events taking place and create a narrative describing the reasoning process. The second part of the problem is the identification of approaches or processes to mitigate any issues observed in the first part of the analysis or to improve the effectiveness of the process by better leveraging the human-machine teaming.

Expected Results. The anticipated outcome of the challenge problem will include two parts. First a description of the critical security events taking place in the scenario and the reasoning process followed by the analyst. That process is expected to include details on how the assessment was taken into account, and possible issues or limitations associated with the support provided by the automation. The second outcome is the recommendation of approaches to better leverage the automation process and mitigate the issues observed in the first part of the problem.

Some questions to be addressed are, for example:

  1. What research must be accomplished to begin to create human machines teams defending cyber networks?
  2. How do humans and automation/intelligent systems share internal states (beliefs, intentions, etc.) with one another?
  3. How do we create and maintain a shared context between humans and automation/intelligent systems?
  4. What are the most appropriate modes of interaction between humans and automation/intelligent systems in cyber operations?
  5. How do we quantify the performance or effectiveness of human-machine teams?

References:

  1. Rabinowitz, N., Perbet, F., Song, H. Francis, Zhang, C., Eslami, S.M. Ali, Botvinick, M., Machine Theory of Mind
  2. Madni, A., Madni, C., Architectural Framework for Exploring Adaptive Human-Machine Teaming Options in Simulated Dynamic Environments, Systems 2018, 6,44
  3. Don Norman (2017) Design, Business Models, and Human-Technology Teamwork, Research-Technology Management, 60:1, 26-30, DOI: 10.1080/08956308.2017.1255051
  4. Damacharla, P., Javaid, A., Devabhaktuni, V., Common Metrics to Benchmark Human-Machine Teams (HMT): A Review, IEEE Access, Vol 6, 2018
  5. Soule, N., Carvalho, M., Last, D., et al., Quantifying & Minimizing Attack Surfaces Containing Moving Target Defenses, Systems 2018, 6,44

How are we going to do this?

In 2016 the NSF provided a workshop grant for the Ransomware Challenge Problem. Through that grant, the C3E Support Team provided honoraria to seven persons who researched the Challenge Problem and reported at the next C3E Workshop and other venues. The support team is applying for another grant for the C3E 2019 Challenge Problem. Hopefully, our proposal will be successful.

The work plan will be first, to discuss the issues related to Cognitive Security and Human Machine Teaming at the 2019 Workshop. In early October, the PIs will request an initial, short concept paper of 3-5 pages from researchers outlining their research problem identification and their approach to the Challenge Problem. In November, the PIs will assemble an Advisory Board comprised of recognized experts on these themes to peer review this first round of papers. The Advisory Board will winnow the papers down to 4 to 6 concept papers. The authors of these papers will develop a more detailed presentation for the C3E Midyear event and at the 2020 C3E Workshop. Assuming a successful NSF grant award for this project, these authors will have a small amount of funding in the range of $5,000-$15,000 each to cover the costs of the principal PI, a graduate student or assistant, and use of laboratories and office facilities for the project. The completed materials will receive a critique from the Advisory Board and be coordinated for presentation at the 2020 C3E Workshop. Acceptable actual deliverables include a scholarly paper, a model, and/or a computer implementation of a concept or approach to the problem, and a poster presentation. In each case, this would include a panel presentation and discussion at the C3E workshop in 2020. It is anticipated that the documentation will be widely shared among government, academe, and industry.