Multi-Layer Mapping of Cyberspace
Navy STTR 2018.A - Topic N18A-T019 ONR - Mr. Steve Sullivan - steven.sullivan@navy.mil Opens: January 8, 2018 - Closes: February 7, 2018 (8:00 PM ET)
TECHNOLOGY
AREA(S): Human Systems ACQUISITION
PROGRAM: ONR Code 34, Human and Bioengineered Systems Division – Human Factors
of Cyber Security portfolio OBJECTIVE:
The objective of this topic is to develop innovative capabilities to map
features and entities across all three layers of cyberspace (physical, logical,
and cyber-persona) in order to detect and classify anomalous behavior. DESCRIPTION:
Cyberspace comprises three distinct but interrelated layers, each of which
captures important characteristics of and behaviors on this domain. The
physical layer consists of geographic features and physical network
components. The logical layer is best described as data at rest, in motion, or
in use within the physical layer. Finally, the cyber-persona layer comprises
digital representations of entities that are interacting with each other and
with the other two layers. Each layer’s features and entities have been mapped
separately and with various degrees of effectiveness. Representations of the
physical layer benefit from the maturity of Geospatial Information Systems
(GIS) that have been used for decades in the other domains of warfare. The other
two layers have piecemeal solutions that map networks, social interactions, and
other limited data sets. Still, there exists no holistic mapping that
encompasses all three layers of cyberspace and adequately captures intra- and
inter-layer interactions. PHASE
I: Assess the feasibility of combining information across all three layers of
cyberspace in order to identify abnormal (i.e., outlier) behaviors. Here,
abnormal behavior might be defined as the interaction of the three interrelated
layers of cyberspace in an unorthodox or unpredictable fashion. For example,
individuals may interact with either the data at rest of the physical data
without a need to access. The expected deliverables of Phase I include
multiple operationally meaningful scenarios within which the new system would
deliver revolutionary new capabilities. For example, Phase I efforts might be
geared toward model development and the assessment of cyber adversary behaviors
as they relate to the multi-layer mapping of the cyber domain. Here, these
models might be focused on specific visualization tools for tracking and
collecting data in faster-than-real-time. Other efforts might be to develop
models of detection and classification of anomalous behaviors. Develop a Phase
II plan. PHASE
II: Develop and demonstrate a prototype system that leverages tri-layer mapping
in an operationally meaningful context. This specific context will be chosen
by the Government from among the scenarios developed in Phase I. PHASE
III DUAL USE APPLICATIONS: This resulting capability could be used in a broad
range of military (and potentially commercial) applications. One such example
might be a training and experimentation testbed for cyber defense. Similar use
examples might be for verification and validation of existing cyber defense
technologies. Phase III will focus on developing an operational capability,
integrating the technology into DoD operations, and potentially transitioning
to commercial production or for commercial application. REFERENCES: 1.
Joint Publication 3-12: Cyberspace Operations, JP 3-12(R), Joint Chiefs of
Staff, United States Department of Defense, Washington D.C., 2013. http://www.dtic.mil/doctrine/new_pubs/jp3_12R.pdf 2.
Lathrop, S. D., Trent, S., and Hoffman, R. “Applying Human Factors Research
Towards Cyberspace Operations: A Practitioner’s Perspective.” Advances in Human
Factors in Cyber Security: Proceedings of the AHFE 2016 International
Conference on Human Factors in Cyber Security, July 27-31, 2016, Walt Disney
World®, Florida, USA, D. Nicholson, Ed. Cham: Springer International
Publishing, 2016, pp. 281–293. https://link.springer.com/chapter/10.1007/978-3-319-41932-9_23 3.
Fanelli, R. and Conti, G. “A methodology for cyber operations targeting and
control of collateral damage in the context of lawful armed conflict.” 2012
4th International Conference on CyberConflict (CYCON 2012), 2012. https://ccdcoe.org/cycon/2012/proceedings/d1r3s2_fanelli.pdf 4.
Conti, G., Nelson, P., and Raymond, D. “Towards a Cyber Common Operating
Picture.” 2013 5th International Conference on Cyber Conflict (CYCON 2013),
2013. https://ccdcoe.org/cycon/2013/proceedings/d1r2s4_conti.pdf KEYWORDS:
Cyberspace Layers; Multi-modal Data Fusion; Data Mining; Cyber Security;
Network Security; Information Dominance
|