Neal Wagner

Quantifying the mission impact of network-level cyber defensive mitigations:

Modern missions of government and private organizations rely on computer networks to operate. As evidenced by several well-publicized cyber breaches, these missions are under attack. Several cyber defensive measures have been proposed to mitigate this threat, some are meant to protect individual hosts on the network, and others are designed to protect the network at large. From a qualitative perspective, these mitigations seem to improve security, but there is no quantitative assessment of their effectiveness with respect to a complete network system and a cyber-supported mission for which the network exists. The purpose of this paper is to examine network-level cyber defensive mitigations and quantify their impact on network security and mission performance. Testing such mitigations in an live network environment is generally not possible due to the expense, and thus a modeling and simulation approach is utilized. Our approach employs a modularized hierarchical simulation framework to model a complete cyber system and its relevant dynamics at multiple scales. We conduct experiments that test the effectiveness of network-level mitigations from the perspectives of security and mission performance. Additionally, we introduce a novel, unified metric for mitigation effectiveness that takes into account both of these perspectives and provides a single measurement that is convenient and easily accessible to security practitioners.

An evolutionary algorithm approach for the constrained multi-depot vehicle routing problem

– The purpose of this paper is to explore a real world vehicle routing problem (VRP) that has multi-depot subcontractors with a heterogeneous fleet of vehicles that are available to pickup/deliver jobs with varying time windows and locations. Both the overall job completion time and number of drivers utilized are analyzed for the automated job allocations and manual job assignments from transportation field experts. , – A nested genetic algorithm (GA) is used to automate the job allocation process and minimize the overall time to deliver all jobs, while utilizing the fewest number of drivers – as a secondary objective. , – Three different real world data sets were used to compare the results of the GA vs transportation field experts’ manual assignments. The job assignments from the GA improved the overall job completion time in 100 percent (30/30) of the cases and maintained the same or fewer drivers as BS Logistics (BSL) in 47 percent (14/30) of the cases. , – This paper provides a novel approach to solving a real world VRP that has multiple variants. While there have been numerous models to capture a select number of these variants, the value of this nested GA lies in its ability to incorporate multiple depots, a heterogeneous fleet of vehicles as well as varying pickup times, pickup locations, delivery times and delivery locations for each job into a single model. Existing research does not provide models to collectively address all of these variants.

Towards automated cyber decision support: A case study on network segmentation for security

Network segmentation is a security measure that partitions a network into sections or segments to restrict the movement of a cyber attacker and make it difficult for her to gain access to valuable network resources. This threat-mitigating practice has been recommended by several information security agencies. While it is clear that segmentation is a critical defensive mitigation against cyber threats, it is not clear how to properly apply it. Current standards only offer vague guidance on how to apply segmentation and, thus, practitioners must rely on judgment. This paper examines the problem from a decision support perspective: that is, how can an appropriate segmentation for a given network environment be selected? We propose a novel method for supporting such a decision that utilizes an approach based on heuristic search and agent-based simulation. We have implemented a first prototype of our method and illustrate its use via a case study on a representative network environment.

Automatic Generation of Cyber Architectures Optimized for Security, Cost, and Mission Performance: A Nature-Inspired Approach

Network segmentation refers to the practice of partitioning a computer network into multiple segments and restricting communications between segments to inhibit a cyberattacker’s ability to move and spread infection. While segmentation is widely recommended by cybersecurity experts, there is no clear guidance on what segmentation architectures are best to maximize a network’s security posture. Additionally, the security gained by segmentation does not come without cost. Segmentation architectures require resources to implement and may also cause degradation of mission performance. Network administrators currently rely on judgment to construct segmentation architectures that maximize security while minimizing resource cost and mission degradation. This chapter proposes an automated method for generating segmentation architectures optimized for security, cost, and mission performance. The method employs a hybrid approach that combines nature-inspired optimization with cyber risk modeling and simulation to construct candidate architectures, evaluate them, and intelligently search the space of possible architectures to hone in on effective ones. We implement the method in a prototype decision system and demonstrate the system via a case study on a representative network environment under cyberattack.

Balancing Security and Performance for Agility in Dynamic Threat Environments

In cyber security, achieving the desired balance between system security and system performance in dynamic threat environments is a long-standing open challenge for cyber defenders. Typically an increase in system security comes at the price of decreased system performance, and vice versa, easily resulting in systems that are misaligned to operator specified requirements for system security and performance as the threat environment evolves. We develop an online, reinforcement learning based methodology to automatically discover and maintain desired operating postures in security-performance space even as the threat environment changes. We demonstrate the utility of our approach and discover parameters enabling an agile response to a dynamic adversary in a simulated security game involving prototype cyber moving target defenses.