Defending against Adversarial Cyberspace Participants

Overview Detection Approaches Entropic Defense Unholy Present/Future Epilogue Sources

Defending against Adversarial CyberspaceParticipants by Morphing The Gameboard

Daniel Bilar

University of New OrleansDepartment of Computer Science

Sandia National LabsCyber Security Forum

Albuquerque, NM

October 7, 2010


Speaker

A bit about me

Domicile Born in the US, grew up in Germany, France, mostly Switzerland.Came to the US for post-secondary studies. Been here almost twenty yearsEducation Business, law, economics; philosophy, history, political science,computer science; operations research, industrial engineering, engineeringsciences, theologyWork Salesman, software engineer, financial analyst, consultant,college/university professor.

Research Field: Security Studies

Background As PhD student, founding member of the Institute for Securityand Technology Studies at Dartmouth (counter-terror, defense research forUS DoJ and US DHS)Security Studies Solutions cannot be mere math/technical - spans differentdimensions such as psychology, technology, computer science, operationsresearch, history, law, sociology and economicsFunding DoD/NSA, NASA, Navy SPAWAR, Louisiana BoR


Talk Roadmap

Status Quo

Classic AV byte-pattern matching has reached its practical and theoretical limits withmodern malware

Why? Problem Setup favors Adversary

They pose hard problems Through design dissimulation techniques, theirfunctionality and intent difficult to ascertainWe are easy Targets situated on a predominantly WYSIWYG “gameboard”→ Defenses forced to solve time-intensive (minutes, hours, days) haltingproblems while adversarial cyberspace participants do notHence, have to turn tables to achieve required subsecond defense responses

Autonomous Baiting, Control and Deception (ABCD)

Inversion of Problem Setup By means of morphing adversary’s view of gameboard,increase adversarial participant’s footprint, noise levels, decision complexityBait, Control and Deceive By means of a repeated dynamic stimuli-response game,framework decides probabilistically nature of participant and engages appropriatedefensive measuresEnd vision AI-assisted, sub-second decision cycle, autonomic stimuli responseframework that probabilistically determines, impedes, quarantines, subverts, possiblyattributes and possibly inoculates against suspected adversarial cyberspace participants


Signals from Above

AF Chief Scientist Werner Dahms on USAF Science & Technology 2010-2030 [Dah10]

Augmentation of Human Performance Use of highly adaptable autonomoussystems to provide significant time-domain operational advantages over adversarieslimited to human planning and decision speedsMassive virtualization Agile hypervisors, inherent polymorphism complicateadversary’s ability to plan and coordinate attacks by reducing time over whichnetworks remain static, and intruder to leave behind greater forensic evidence forattribution.Resilience Make systems more difficult to exploit once entry is gained; cyberresilience to maintain mission assurance across entire spectrum of cyber threat levels,including large-scale overt attacksSymbiotic Cyber-Physical-Human Augmentation through increased use ofautonomous systems and close coupling of humans and automated systemsDirect augmentation of humans via drugs or implants to improve memory, alertness,cognition, or visual/aural acuity, screening (brainwave patterns or genetic correlators)

2011 IEEE Symposium on Computational Intelligence in Cyber Security (April 2011)

Mission Assurance Track Explore theoretical and applied research work in theacademic, industrial, and military research communities related to mission assurance.Selected Topics Mission representation, modeling, simulation, visualization, impactestimation and situational awareness; Decision making and decision support;Engineering for mission assurance and resilience strategies.


Detection Rates: Malware Increasingly Resistant

Bad: Empirical AV Results

Report Date AV Signature Update MW Corpus Date False Negative (%)2010/05 Feb. 10th Feb. 11th -18th [37-89]2010/02 Feb. 10th Feb. 3rd [0.4-19.2]2009/011 Aug. 10th Aug. 11th -17th [26-68]2009/08 Aug. 10th Aug. 10th [0.2-15.2]2009/05 Feb. 9th Feb. 9th -16th [31-86]2009/02 Feb. 9th Feb. 1st [0.2-15.1]2008/11 Aug. 4th Aug. 4th -11th [29-81]2008/08 Aug. 4th Aug. 1st [0.4-13.5]2008/05 Feb. 4th Feb. 5th -12th [26-94]2008/02 Feb. 4th Feb. 2nd [0.2-12.3]

Table: Empirical miss rates for sixteen well-known, reputable AV products (AV-Comparatives.org).After failing to update signatures for one week, the best AV missed between 26-31 % of the newmalicious software, the worst missed upwards of 80 %

Worse: Theoretical Findings

Hitherto tractable linear time struggling against NP-completeness andundecidability. Detection of interactive malware is at least in complexity class

NPNPNPoracleoracle [EF05, JF08]

Blacklisting Deadend Infeasibility of modeling polymorphic shellcode [YSS07]


1st Fingerprint: Win32 API Calls

Synopsis

Observe and record Win32 API calls made by malicious code duringexecution, then compare them to calls made by other malicious codeto find similarities

Goal

Classify malware quickly into a familySet of variants make up a family

Main Result (2005) [Rie05]

Simple (tuned) Vector Space Model yields over 80% correctclassificationBehaviorial angle seems promising


Win32 API Calls: Results

Figure: 77 malware samplesclassified

Figure: Threshold parameter

Classification and AV Corroboration

Classification by 17 AV scanners yields 21families. > 80 % correspondence (csm

threshold = 0.8).


2nd Fingerprint: Opcode Frequency

Synopsis

Statically disassemble the binary, tabulate the opcode frequencies andconstruct a statistical fingerprint with a subset of said opcodes

Goal

Compare opcode fingerprint across non-malicious software andmalware classes for quick identification purposes

Main Result (2006) [Bil07b]

For differentiation purposes, infrequent opcodes explain more datavariation than common onesStatic makeup Not good enough as discriminator.Exacerbating: ROP [RBSS09][CSR10], ‘malicious computation’ (Sept.2010: Adobe 0-day CVE-2010-2883 used ROP attack to bypass DEP)


3rd Fingerprint: Callgraph Properties

Synopsis

Represent executables as callgraph, and construct graph-structuralfingerprint for software classes

Goal

Compare ‘graph structure’ fingerprint of unknown binaries acrossnon-malicious software and malware classes

Main Result (2007) [Bil07a]

Malware tends to have a lower basic block count, implying a simplerfunctionality: Less interaction, fewer branches, limited goalsBehavioral Angle Can we use simpler decision structure to ‘outplay’malware?


Callgraph: Overview

Procedure

1 Booted VMPlayer with XPimagea Goodware: Sampled 280 files

from XP boxb Malware: Fixed 7 classes and

sampled 120 specimens

2 Structural parsing with IDA(with FLIRT) and IDAPython

3 Structural data into MySQL

4 Analyzed callgraph data withBinNavi, Python and Matlab


Callgraph: Degree Distribution

Figure: Pareto fitted ECCDF with Hill estimator α̂(n)

Power (Pareto) Law

Investigate whether indegreedindeg(f), outdegree doutdeg(f)and basic block count dbb(f)distributions of executable’sfunctions follows a truncatedpower law of form

Pd∗(f)(m) ∼ mαd∗(f)e−mkc

with α a power law exponent,kc distribution cutoff point,α̂(n) Hill estimator (inset) usedfor consistency check [CSN09]


Callgraph: Flowgraph Example

Figure: Backdoor.Win32.Livup.c: Flowgraph of sub_402400,consisting of six basic blocks. The loc_402486 basic block islocated in the middle of the flowgraph given above

Metrics Collected

Basic block count offunctionInstruction count of agiven basic blockFunction ‘type’ as normal,import, library, thunkIn- and out-degree of agiven functionFunction count ofexecutable


Backdoor.Win32.Livup sub_402400 callgraph

Figure: Callgraph of sub_402400: Indegree 2, outdegree 6

Metrics Collected

Basic block count offunctionInstruction count of agiven basic blockFunction ‘type’ as normal,import, library, thunkIn- and out-degree of agiven functionFunction count ofexecutable


Callgraph: α Ranges

Figure: αindeg = [1.5 − 3], αoutdeg = [1.1 − 2.5]andαbb = [1.1 − 2.1], with a greater spread formalware


Callgraph: Differentiation Results

class Basic Block Indegree Outdegreet 2.57 1.04 -0.47Goodware N(1.634,0.3) N(2.02, 0.3) N(1.69,0.307)Malware N(1.7,0.3) N(2.08,0.45) N (1.68,0.35)

Table: Only one statistically relevant difference found: Basic block distribution metricµmalware(kbb) 6= µgoodware(kbb) via Wilcoxon Rank Sum

Interpretation

Malware tends to have a lower basic block count, implying asimpler functionality: Less interaction, fewer branches, limitedfunctionality

Idea

Kasparov wins games because he can think 5-7 moves ahead. Can weuse simpler decision structure to outplay simpler malware?


Conceptual: Actively Morphing, Game-Playing DefenseFramework

Idea: Subversion of Decision Loop

Interactive, morphing frameworkto manipulate, mislead and containMW.Infer MW internal decision points,then change the environment (i.e.passive environmental morphing andactive environmental stimuli), thusmanipulating the observablesmalware might use for its decisions.Environment plays an iterative,seemingly cooperative, mixedstrategy, multi-player game.Goal Subvert MW’s internal controlstructure and goad it into a positionfavorable to the defense.

Figure: The environment and the malware can beseen as engaged in an iterative, seeminglycooperative, possibly mixed strategy, possiblymulti-player game. Can I identify, quantify anddeploy strategies (i.e. passive environmentalmorphing and active environmental stimuli) to goadmalware into a payoff corner?


ABCD-ACP: Defending Against Adversarial CyberspaceParticipants

Figure: Morphing the Gameboard and Engaging Potentially Adversarial Cyberspace Participants


ABCD-ACP: Characteristics

Goals

Continuous Evolution andAdaptation of interaction strategiesthrough algorithms (machines) andintuition (human crowdsourcing)Resilience against subversiveparticipants seeking to underminestrategiesContinuous increase in decisioncycle speed from seconds tomicroseconds Aggressiveoptimization over all frameworkcomponents, workflow and bottlenecksStability Guarantees DoD networksizes through rigorous mathematicalanalysis and simulation

Figure: Engagement Gameboard: Participantsoperate on a gameboard injected with stimuli.Through dynamic re-configuration of thevirtualized environment through baits/stimuli andresponses, influence potential adversarialparticipants (both humans and programs)perception of environment, control behavior andgoad it into a position favorable to the defense.


Morphing the Gameboard: Concepts

Overview

Gameboard consists of virtualized operating environment (we use VMWare) intowhich bait/stimuli are injected to induce potential ACP’s (both humans and programs) to‘show their colors’Probabilistic identification via stimuli/responses ‘game’. Serves to weigh differenthypotheses (ex: loglikelihood Bayesian odds) consistent with aggregate evidencewhether a participant’s observed behavior can be classified as adversarialBaits/Stimuli Gameboard-morphing actions taken by Defender to induce behavioralresponses from participants. Specificity (low false positives are desired: Does it flagbenevolent participants as adversarial?) and sensitivity (low false negatives are desired:Does it miss adversarial participants?)Morphing the Gameboard Influence ACP’s perception of the environment, and goadit into a position favorable to the defense

Hypotheses

1 From observations of stimuli/responses, uncertainty viz unknown intent can bereduced. In particular, potential adversarial participants can be probabilisticallyidentified.

2 Defender can control the behavior of ACPs by influencing their perception of theGameboard to the defense’s benefit


Morphing the Gameboard: Concepts

Players

System Set of benign processes on the Gameboard. Defender does not know thisbenevolence a prioriParticipants Potentially adversarial programs or humans on the Gameboard.Defender does not know this a prioriDefender Morphs the Gameboard with stimuli, assesses responses, and engagesdefense actions. Defender is part of the System, and is able to distinguish its ownresponses from the rest of the System

Defensive Actions

Defender conversation consists of a high level scenario which is either preemptivelyengaged, chosen by the user, or activated by other defensive systems. Conversationexamples include “Worm”, “Rootkit”, “Bot”, “Trojan” and more.Defender scenario informs one or more engagement types. Engagement typeexamples include “present spread vectors”, “present confidentiality vectors”, “presentreconnaissance vectors”, “present weakened defenses”, “change system parameters”and more. For each engagement type, Defender autonomously chooses a dynamicengagement strategyEngagement Strategy Game tree aggregate of baits (stimuli) and participants.Dynamic game tree because depending on the reaction of the potential maliciousactivity, next bait/stimuli dynamically chosen.


Morphing the Gameboard: Baits

Baits PortfolioBait Bait actions Malware Ex. False PositiveDummyprocesses

Inject false antivirus pro-grams into the OS processlist and monitor for halt inexecution

Conficker (kills AV pro-cesses), Bugbear (shutsdown various AV pro-cesses), Vundo (disablesNorton AV)

low

NetworkShares

Mounts and removes net-work shares on the clientthen monitors for activity

MyWife.d (attempt to deleteSystem files on sharednetwork drives), Lovgate(copies itself to all networkdrives on an infected com-puter), Conficker (infects allregistered drives)

medium

Files Monitors critical or bait(.doc, .xls, .cad) files

Mydoom.b (alters host file toblock web traffic), MyWife.d(deletes AV system pro-grams), Waledac.a (scans lo-cal drives for email adds )

low

User action Executes normal user be-havior on the client systemand monitors for unusualexecution

Mydoom.b (diverts networktraffic thus altering what isexpected to appear), Vundo(eat up system resources -slows program execution)

high

Table: Baits implemented so far for Gameboard


Morphing the Gameboard: Defender

Defender Goals

Mission assurance/continuity Defender should notself-sabotage or sabotage System’s mission. Missioncontinuity constraints include but are not limited to:sustain mission availability, confidentiality, integrity,authenticity and more.Actionable Information Gain: Defender’s responsesgeared towards learning more about the potentialadversarial participant (e.g. by migrating ACP into ahighly instrumented environment).Defender Stealth Potentially adversarial participantshould remain unaware of Defender’s observation andmanipulation of ACP’s view of GameboardSubversion Defender responds in such a way as torepurpose the ACPParticipant Attribution Defender responds in such away that attribution of adversarial behavior source ismade more likely (e.g. smart watermarking/ poisoningof data).Inoculation Defender can synthesize a general modusoperandus over observed behavior to build a vaccine,supplementing efforts in the realm of byte codesignatures.

Defender Action

Abstract Categories Collberg’s [primitives](cover, duplicate, split/merge, reorder, map,indirect, mimic, advertise, detect/ response,dynamic) [CN09]Quarantine [Indirect] Defender movesParticipant to an instrumented but isolatedplatform in order to learn more about itsbehavior.(Self-)terminate [Tamperproof ] Defenderterminates Participant or induces itsself-termination. In addition, Defender maysimulate termination of benign Systemcomponents as a strategic mimetic move (suchas unlinking it from the process table).Holodeck [Mimicry, Tamperproof ]Defender presents ”critical” or ”strained”Gameboard state in an effort to violate ACP’sexpectation (e.g. 99% memory utilization,heavy network congestion, no heap space left).Subversion [Tamperproof ]:Data-taint/poison potential ACP in order tocreate an attribution trail. Especially importantfor military defense systems, where attackerstry to plausibly deny responsibility throughone of more levels of indirection.


ABCD Validation Overview

Five Measurable Milestones

Decision cycle speed Median from time of the first response of the potentiallyadversarial participants to the first defensive action implementedFalse positives are benign participants whom the framework classifies as adversarialFalse known negatives are known adversarial programs that the framework fails toclassify as suchFalse 0-day negatives are gold standard: Never-seen-before attacks by humans andprograms

Figure: ABCD Metrics and Milestones: 4 years


ABCD Year 1

Year 1: Framework Proof of Concept

Develop optimization-instrumented framework elements (baits/ responses/defense strategies/ action)Validate and measure Bait (False positives, false negatives), defense strategies/actionsand decision cycle timeImplementation Choke points Dead ends and R& D towards year 2System stability analysis Non-linearities, self-DoS



ABCD Year 2

Year 2: Two-Pronged Game Strategy Evolution Push

Improve Incorporate stimuli/ response/ defense validation resultsAlgorithmic R & D recombinant machine strategy evolution frameworkHuman, R & D human crowdsourcing game to harvest intuitions/moves strategiesWargames (1983) Evolve strategies by deploying PoC evolution framework onsupercomputerMathematical System Analysis Stability, ScalabilityTransition Begin developing transition roadmap to real life systems



ABCD Year 3

Year 3: ABCD-ACP Framework 2.0

Upgrade With stability, scalability, validation, strategy results, redesign V2 ofABCD-ACP frameworkIntegration Human/machine strategies evolution mechanism and defense intoABCD-ACP 2.0Subversion R & D into resilience of ABCD-ACP against subversive players (evolutionof malicious adversarial participants)Transition Continue developing transition roadmap to real life systemsProduction Push R & D into metrics and milestone for year 4



ABCD Year 4

Year 4: ABCD-ACP Framework 3.0

Validation Resiliency of ABCD-ACP 3.0 against subversive playersUpdate and Check Survey threat horizon, incorporate and validatebait/response/defensesUpgrade With stability, scalability, validation, strategy results, redesign 3.0 ofABCD-ACP frameworkMathematical System Analysis Stability, ScalabilityTech transfer Transfer ABCD-ACP project: Decision control system (stimuli-responseframework), knowledge base (bait and defense strategies) and evolution mechanism toDoD real life system



Theoretical and Implementation Challenges Ahead

“A problem worthy of attack proves its worth by fighting back”

Bait specificity and sensitivity Need empirical quantification withrobust bait portfolioMultiple ACPs Implicitly assume just one ACP operating at a time -multiple ACPs gives Discrete Source Separation Problem. Promisingapproach is Process Query Systems [CB06]Computational Learning Need to analyze and control the rate ofconvergence. Informal goal is ACP identification with 2-4bait/stimuli/response moves. Learning through interaction as avalidation mechanism has been studied using, for instance, PAC orVapnik-Chervonenkis theoryStochastic Imperfect Information Game Payoff tied toknowledge, varies over time, retroactively. Is this analyticallysolvable or maybe a good heuristic?Morphing Fundamentals System state, entropy measures, andmulti-objective optimization problem (stability, management)Performance Open question whether aggressive metrics can be met(will seek inspiration from financial trading)


Morphing Ground Truth: System’s Degrees of Freedom

System State and Entropy Measures

Defense goal is not to maximally confuse ACP, but tomanipulate malware’s decision tree by controlling itscross-entropy calculus Dxof perceivedtarget/environment. Requires appropriate staterepresentation of Gameboard and entities, sincethis directly determines cross-entropy measure Dx

Ex: If system’s governing distribution (probability ofgiven realization) P = P(ni|qi, N, s, I) s.t. priorprobabilities qi , number of entities N, number of states

s withs

X

i=1

ni = N and background information I is

multinomial with P = N!s

Y

i=1

qnii

ni!, then

cross-entropy to manipulate is Kullback-Leibler

DxKL =

sX

i=1

“

piN−1

ln N! + pi ln qi − N−1

ln((piN)!)”

However, if system is not governed by multinomial P(e.g. Bose-Einstein system’s PBE is multivariatenegative hypergeometric), Dx

BE is not KL

Cross-entropy DxKL and Shannon entropy not

universal, do not apply to every system [Niv07]

Figure: Model of Maxwell-Boltzmann (a-b), (c) Bose-Einstein and (d)Fermi-Dirac systems

a) N distinguishable balls to s disting. boxes, with ni of each state → PMBis multinomialb) Urn has M disting. balls, with mi of each state, sample N balls withreplacement with ni in each state → PMB is multinomial

c) Balls indistinguishable,“

gi+ni−1ni

”

permutations of ni indisting. balls in

gi disting. boxes → PBE is multivariate negative hypergeometric

d) Balls indistinguishable, max. 1 in each level,“

gini

”

permutations of ni

indisting. balls in gi disting. boxes with ni ∈ {0, 1} → PFD ismultivariate hypergeometric


Future Future

End Vision of ABCD-ACP

‘Skynet’ AI-assisted, microsecond decision cycle, autonomic stimuli responseframework that probabilistically determines, impedes, quarantines, subverts, possiblyattributes and possibly inoculates against suspected adversarial cyberspace participantsHuman Symbiosis Co-evolution into an autonomous defense ‘alter ego’ for humandecision makers. Coupled with stress (emotion) sensors poised to take over whenjudgment is deemed to be too affected by emotions andor information overload→ Spirit of USAF Science & Technology 2010-2030 [Dah10])

Complements Efforts In Other Military Domains

DARPA’s Integrated Battle Command (BAA 05-14) Give decision aids for battleoperationsDARPA’s Real-Time Adversarial Intelligence & Decision Making (BAA 04-16)Help battlefield commander with threat predictions in tactical operationIsrael’s Virtual Battle Management AI Robotic AI defense system take over fromflesh-and-blood operators. In event of doomsday strike, system handles attacks thatexceed physiological limits of human command

Why Emphasis on Autonomous Decision?

Human Operator is Subsystem Possible to degrade and subvert end system throughsubsystem attacks


Subsystem Subversion: nth Order Attacks

Objective

Induce Instabilities in mission-sustaining ancillary systems thatultimately degrade, disable or subvert end systemn: Degree of relation 0th order targets the end system, 1st ordertargets an ancillary system of the end system, 2nd order an ancillarysystem of the ancillary system etc.

Systems

Definition A whole that functions by virtue of interaction betweenconstitutive components. Defined by relationships. Components maybe other systems. Key points: Open, isomorphic lawsNature Technical, algorithmic, societal, psychological, ideological,economic, biological and ecological possibleExamples Resource allocation / throughput control, manufacturing,visualization environments, social welfare systems, voting systems,data / goods / energy generation/ transmission/ distribution,reputation management, entropy externalization, business models andeconomic systems


Systems, Attacks and Assumption Violation

Assumptions

Fundamentally, attacks work because they violate assumptionsFinite (i.e real life engineered or evolved) systems incorporateimplicit/explicit assumptions into structure, functionality, languageSystem geared towards ‘expected’, ‘typical’ casesAssumptions reflect those ‘designed-for’ cases

Intuitive Examples of Attacks and Assumption Violations

Man-in-Middle Attacks Identity assumption violatedRace Condition Attacks Ordering assumption violatedBGP Routing Attacks Trust assumption violated

Generative Mechanism and Assumptions

Optimization process incorporating tradeoffs between objectivefunctions and resource constraints under uncertaintySome assumptions generated by optimization process


Optimization Process: Highly Optimized Tolerance

HOT Background

Generative first-principles approachproposed to account for power lawsP(m) ∼ mαe−

mkc in natural/engineered

systems [CSN07, CD00]Optimization model incorporatestradeoffs between objective functions andresource constraints in probabilisticenvironmentsUsed Forest, internet traffic, power andimmune systems

Pertinent Trait

Robust towards common perturbations,but fragile towards rare eventsInducing ‘rare events’ in ancillarysystems is goal of nth order attack

Probability, Loss, ResourceOptimization Problem [MCD05]

min J (1)

subject to

X

ri ≤ R (2)

where

J =X

pili (3)

li = f(ri) (4)

1 ≤ i ≤ M (5)

M events (Eq. 5) occurring iid with probabilitypi incurring loss li (Eq. 3)Sum-product is objective function to beminimized (Eq. 1)Resources ri are hedged against losses li , withnormalizing f(ri) = − log ri (Eq. 4), subject toresource bounds R (Eq. 2).


Subsystem Attacks: Examples

Target Ancillary System to Subvert End Systems [Bil10]

P2P Networks RoQ attacks can be mounted against distributed hash tablesused for efficient routing in structured P2P networks through join/leavecollusions and bogus peer newcomer notificationsPower Grid Load balancing in electricity grids relies on accurate stateestimation. Data integrity attacks on a chosen subset of sensors make theseestimates unreliable, which could push such feedback systems into unstablestateDemocracy Voting systems assume honest participants vote their actualpreference. In elections with more than two candidates, system can beundermined by strategic voting, targeting the ranking process subsystemTrusted Code Second-order control-flow subversion attack termedreturn-oriented programming (ROP) induce innocuous code to performmalicious computationsFinancial Exchange Advent of high-frequency trading infrastructures(physically collocated, hence low latency) gave rise to trading approaches(first- and second-order degradation and subversion attacks) targeting theEfficient Market Hypothesis and its subsystems


Adaptation System Attack: Network Protocols

Reduction-of-Quality Attack [GB07]

1st or 2nd order degradation attack;targets adaptation mechanisms ofnetwork protocolsM.O. Non-DoS, low-bandwidth trafficmaliciously optimized against admissioncontrollers and load balancersForces adaptive mechanism tooscillate between over- and under-loadcondition → degrades end systemperformanceAssumption violation ‘Normal traffic’requestsRare event RoQ attack’s δ requests persecond for burst time t (shaded) repeatedover period T constitutes ‘rare event’which adaptation system not expected tohandle well

Figure: Oscillation between high systemsteady state rate x∗ and lower system steadystate y∗ . Assume system services requests at ahigh steady state rate x∗ , thanks to itsadaptation subsystem that seeks to optimizeservice rates. RoQ attack (burst time t shaded)push system from x∗ , which then slowlyconvergences at rate ν to lower steady statey∗ . Since attacks ceased, after some time,system able to converge at a higher rate µ

back to x∗ . Optimized RoQ attack begin anew,forcing system to oscillate between x∗ and y∗ ,thereby degrading end system performance


Business Model Attack: Bagle Worm

Background

Email-born worm, first appearance in January 2004Prevalence Among the top 15 malware families found in wild2006/2007 (15%), 2009 (2-4%)

Pertinent Modus Operandus

Server-side metamorphic, outsourced engine [Inc07b]High variant-low instance release (10s of instances per variant)30,000 distinct variants, 625 average variants per day (01-02/2007)

4th Order Attack: AV Economic Cost Structure (ROI)

0 th order Vulnerable program on the end system

1 st order Host or server-based AV

2 nd order End point of AV signature distribution system

3 th order Start point of AV signature distribution system

4 th order Economic incentives (ROI) of AV companies


Business Model: Bagle’s Strategy Illustrated

Figure: Bagle worm’s low instances per variant. Figure from [Inc07a]

Assumption Violation: Sufficient ROI

Premised on ROI Cost-effectiveness of signature development byhigh-cost analystsAncillary System AV business model designed for more ‘typical’case of high-count, low-variance malwareRare Event Rapidly mutating, low-count malware instances


Supply Chain Attack: IC Malware

Figure: IC Manufacturing process. Picture from [DAR07]

DARPA BAA07-024

Determine whether IC manufactured in untrusted environment can betrusted to perform just operations specified and no more


Supply Chain Attack: Malicious IC: Write Enable onTrigger

Figure: Picture from [DAR07]. 09/06/2007: Israeli strike against Syrian nuclear reactor. Was ahardware kill switch used to disable air defense and radar systems? Precedent: Exocet missiles in1982 UK-Argentine Falkland war. Fake routers via Chinese suppliers 2006-2008 Cisco Raider


Human Operator Psychology Attack: Satan Malware

Background

Gedankenspiel Conceptual malware [BD06]Technically relatively simple Trojan

Pertinent Modus Operandus

Faust’s pact with Mephistoteles W sends program to Z, promisingpowers: Remotely browse X’s hard disk, read emails between X & YProgram delivers, but surreptitiously keeps log of Z’s activitiesand rummages through Z’s filesAfter incriminating evidence gathered, program uses threats andbribes to get Z to propagate itself to next person

1st or 2nd Order Subversion Attack: Psychological System

0 th order Computer System

1 th order Human Operator

2 th order Psychological Ancillary System


Human Operator Psychology Attack: SATAN Strategy

Astounding Innovation: Symbiotic Human-Machine Code

Malware code induces ‘production’ of more complex humancode (propagation module) dynamically

Invokes generative ‘factory routines’ evolutionary and social

Artful Leveraging of Human Operator Subsystem

Psychological Appeals to mix of neutral (curiosity, risk) to base(greed, lust for power) instincts, pressures using full gamut of shame,fear, cowardice and cognitive dissonanceCognitive Control Do a harmful thing convincinglyHuman Operator Harness own human operator subsystem toexploit human trust relation

Assumption Violation: Friend Loyalty

Premised on Trust Friends do not intentionally harm one anotherAncillary Systems First psychological to entrap, then rationalsubsystem and human operator subsystem to propagateRare Event Intentionally put in harm’s way by friend


My Advice to Learning

Dream

Inspiration Seek out seemingly disparate fields and look forcommunalities and differencesImagination As the first step, imagination is much more importantthan knowledge - think like Einstein

Courage

Dare to be bold Stake out a position, then argue scientifically,empirically and logicallyBe wrong at times You cannot grow if you do not take that chance

Character

Be humble There were smarter people before you, there will besmarter ones after youBe kind Being smart is easy, being kind is much harder


How Scientists Relax

Little Humor

Infrared spectroscopy on avexing problem of our times:Truly comparing apples andoranges.

Thank You

Thank you for your time, theconsideration of these ideas andinviting me to Sandia inbeautiful New Mexico ⌣̈

Figure: A spectrographic analysis of ground, desiccatedsamples of a Granny Smith apple and a Sunkist navelorange. Picture from [San95]


Gameboard: Cyber Behavorial Genomics

Innovations

Behavioral characterizations Networktraffic, host processes, users and businessprocesses

0 th order atomic activities. Example:Lists of active processes and/ormodified files on a host; lists of userapplications and remote hosts contactedby users.

1 st order 0th order behaviors withrelative or absolute frequenciesconditioned on time or optionally othernon-behavioral events. Example:Frequencies of user applications andremote hosts contacted by users

2 nd order : 1st order behaviors allowingconditioning on other behaviors.Examples: frequencies of sequences ofactive processes; frequencies ofsequences of user applications and theremote hosts contacted by users

Goals

Behavior Prediction Anticipate the nextactivity of the entity under studyBehavior Characterization Observe abehavior and classify it as belonging to aclass of behaviorsAnomaly detection Identify behaviorchanges quickly and robustly

Figure: Example of 2nd order behavioral modeling:Markov Chain transition diagram and probabilitiesfor a single user’s browsing activity (DavidRobinson Ph.D. thesis [Rob10])


Gameboard: Visual User Interface

Goals

Probabilistic Scoring enables the user tointuitively understand the overall status ofthe game, the likelihood of scenarios, andthe system with or without stimuliMultiple Perspectives presents gamefrom point of view of the Defender,potentially adversarial and non-adversarialparticipantWho-What-When-Where Lenspresents actionable, pre-processed stateand process view suitable for decisionswithin human cognitive parametersTime Scaling covers 14 orders ofmagnitude from microseconds to yearsDrill Down & Bird’s Eye let humansexamine decision reasoning of autonomicframework at various spatial scales andfunctional groupingsInjection and Suggestions offers controlof the game within human cognitiveparameters.

Figure: Example of a visual continuum concept fornetwork data: VisAlert (left) provides a holistic viewof the network alerts on top of the network topology.The Analysis visualization (right) is an enhancedscatter plot that allows to look at data details ondemand and verify hypotheses.The Waterfall visualization (center) is a collection ofhybrid histogram status bars that display in auser-configured, collapsed time interval, the data tosee distributions and patterns, and serves as a bridgebetween VisAlert and Analysis


Process Query System

Observe and Model

Process Query System [CB04]New type of DBMS framework thatallows for process description

queries against internal models (FSM,Petrinet, Hidden Markov, etc)

Idea: Infer state

Establish mapping betweenobservations and processes’ states

Processes detection Models ofMW’s internal control structure

State estimation Estimate thecurrent control flow state themalware is in

Figure: PQS process model is designed to solve theDiscrete Source Separation Problem

Processes have hidden states which emit observables.Given observed events, et1

; et2; . . . ; etn and a

collection of processes, {M1; M2; . . .}, solve

Process detection problem“best” assignment of events to process instancesf : {1; 2; . . . ; n} → N+ × N+

where f(i) = (j; k) means that event ei was caused bythe kth instance of process model j

State estimation problemCorresponding internal states and state sequences ofthe processes thus detected


References I

Mike Bond and George Danezis, A pact with the devil, NSPW, ACM, 2006, pp. 77–82.

Daniel Bilar, On callgraphs and generative mechanisms, Journal in Computer Virology 3

(2007), no. 4.

, Opcodes as predictor for malware, International Journal of E-Security and DigitalForensics 1 (2007), no. 2.

, Degradation and subversion through subsystem attacks, IEEE Security & Privacy8 (2010), no. 4, 70–73.

George Cybenko and Vincent Berk, An overview of process query systems, Proc. SPIE, vol.5403, 2004.

, Process detection in homeland security and defense applications, Proc. SPIE6201 (2006).

Jean Carlson and John Doyle, Highly Optimized Tolerance: Robustness and Design in

Complex Systems, Physical Review Letters 84 (2000), no. 11, 2529+.

Christian Collberg and Jasvir Nagra, Surreptitious software: Obfuscation, watermarking,

and tamperproofing for software protection, Addison-Wesley Professional, 2009.

Aaron Clauset, Cosma R. Shalizi, and Mark Newman, Power-Law Distributions in Empirical

Data, SIAM Reviews (2007).

Aaron Clauset, Cosma R. Shalizi, and M. E. J. Newman, Power-law distributions in

empirical data, SIAM Review 51 (2009), no. 4, 661+.


References II

Stephen Checkoway, Hovav Shacham, and Eric Rescorla, Are text-only data formats safe?

or, use this LATEX class file to pwn your computer, Proceedings of LEET 2010 (MichaelBailey, ed.), USENIX, April 2010, To appear.

Werner Dahms, Technology Horizons: A Vision for Air Force Science & Technology

During 2010-2030, Tech. report, USAF Science and Technology, May 2010,http://www.aviationweek.com/media/pdf/UnmannedHorizons/Technologys

DARPA, TRUST in integrated circuits, 2007, http://tinyurl.com/3y7nno.

Éric Filiol, Computer viruses: from theory to applications, Springer, 2005.

Mina Guirguis and Azer Bestavros, Adversarial Exploits of End-Systems Adaptation

Dynamics, Journal of Parallel and Distributed Computing 67 (2007), no. 3, 318–335.

Commtouch Inc, Malware outbreak trend report: Bagle-worm, Tech. report, March 2007,

accessed Oct. 17th , 2007.

, Server-side polymorphic viruses surge past av defenses, Tech. report, May 2007,

accessed Oct. 17th , 2007.

Gregoire Jacob and Eric Filiol, Malware As Interaction Machines, J. Comp. Vir. 4 (2008),no. 2.

Lisa Manning, Jean Carlson, and John Doyle, Highly Optimized Tolerance and Power Laws

in Dense and Sparse Resource Regimes, Physical Review E 72 (2005), no. 1, 16108+.

http://tinyurl.com/3y7nno


References III

Robert K. Niven, Combinatorial Information Theory: I. Philosophical Basis of

Cross-Entropy and Entropy, ArXiv (2007).

Ryan Roemer, Erik Buchanan, Hovav Shacham, and Stefan Savage, Return-oriented

programming: Systems, languages, and applications, 2009, In review.

Chris Ries, Automated identification of malicious code variants, J. Comput. Small Coll. 20

(2005), no. 5, 140–141.

David Robinson, Cyber-behavioral modeling, Ph.D. thesis, Dartmouth College (ThayerSchool Of Engineering), July 2010.

Scott Sandford, Apples and oranges: a comparison, Annals of Improbable Research 1 (1995),no. 3.

Michael E. Locasto Yingbo Song and Salvatore J. Stolfo, On the infeasibility of modelling

polymorphic shellcode, ACM CCS, 2007, pp. 541–551.