Towards an AI-powered Player in Cyber Defence Exercises

Authors: Roland Meier, Artūrs Lavrenovs, Kimmo Heinäaro, Luca Gambazzi, and Vincent Lenders
2021 13th International Conference on Cyber Conflict (CyCon)
PDF

Abstract

Cyber attacks are becoming increasingly frequent, sophisticated, and stealthy. This makes it harder for cyber defence teams to keep up, forcing them to automate their defence capabilities in order to improve their reactivity and efficiency. Therefore, we propose a fully automated cyber defence framework that no longer needs support from humans to detect and mitigate attacks within a complex infrastructure. We design our framework based on a real-world case-Locked Shields-the world’s largest cyber defence exercise. In this exercise, teams have to defend their networked infrastructure against attacks, while maintaining operational services for their users. Our framework architecture connects various cyber sensors with network, device, application, and user actuators through an artificial intelligence (AI)-powered automated team in order to dynamically secure the cyber environment. To the best of our knowledge, our framework is the first attempt towards a fully automated cyber defence team that aims at protecting complex environments from sophisticated attacks.

People

Dr. Roland Meier
PhD student
2017—2022

BibTex

@INPROCEEDINGS{meier2021towards,
	isbn = {978-9916-9565-5-7},
	doi = {10.23919/CyCon51939.2021.9467801},
	year = {2021},
	booktitle = {2021 13th International Conference on Cyber Conflict (CyCon)},
	type = {Conference Paper},
	author = {Meier, Roland and Lavrenovs, Artūrs and Heinäaro, Kimmo and Gambazzi, Luca and Lenders, Vincent},
	abstract = {Cyber attacks are becoming increasingly frequent, sophisticated, and stealthy. This makes it harder for cyber defence teams to keep up, forcing them to automate their defence capabilities in order to improve their reactivity and efficiency. Therefore, we propose a fully automated cyber defence framework that no longer needs support from humans to detect and mitigate attacks within a complex infrastructure. We design our framework based on a real-world case-Locked Shields-the world's largest cyber defence exercise. In this exercise, teams have to defend their networked infrastructure against attacks, while maintaining operational services for their users. Our framework architecture connects various cyber sensors with network, device, application, and user actuators through an artificial intelligence (AI)-powered automated team in order to dynamically secure the cyber environment. To the best of our knowledge, our framework is the first attempt towards a fully automated cyber defence team that aims at protecting complex environments from sophisticated attacks.},
	issn = {23255374},
	keywords = {artificial intelligence; automation; Locked Shields; cyber defence; security},
	language = {en},
	address = {Piscataway, NJ},
	publisher = {IEEE},
	title = {Towards an AI-powered Player in Cyber Defence Exercises},
	PAGES = {309 - 326},
	Note = {13th International Conference on Cyber Conflict: Going Viral (CyCon 2021); Conference Location: Tallinn, Estonia; Conference Date: May 25–28, 2021}
}

Research Collection: 20.500.11850/501796