BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Alexander Kott

Alexander Kott contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and SecurityArtificial Intelligencecs.CYSocial and Information NetworksHuman-Computer InteractionMultiagent SystemsNetworking and Internet Architecturephysics.soc-phRobotics

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author
19works
0followers
9topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

19 published item(s)

preprint2022arXiv

Autonomous Cyber Defense Introduces Risk: Can We Manage the Risk?

From denial-of-service attacks to spreading of ransomware or other malware across an organization's network, it is possible that manually operated defenses are not able to respond in real time at the scale required, and when a breach is detected and remediated the damage is already made. Autonomous cyber defenses therefore become essential to mitigate the risk of successful attacks and their damage, especially when the response time, effort and accuracy required in those defenses is impractical or impossible through defenses operated exclusively by humans. Autonomous agents have the potential to use ML with large amounts of data about known cyberattacks as input, in order to learn patterns and predict characteristics of future attacks. Moreover, learning from past and present attacks enable defenses to adapt to new threats that share characteristics with previous attacks. On the other hand, autonomous cyber defenses introduce risks of unintended harm. Actions arising from autonomous defense agents may have harmful consequences of functional, safety, security, ethical, or moral nature. Here we focus on machine learning training, algorithmic feedback, and algorithmic constraints, with the aim of motivating a discussion on achieving trust in autonomous cyber defenses.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Cyber Resilience: by Design or by Intervention?

The term "cyber resilience by design" is growing in popularity. Here, by cyber resilience we refer to the ability of the system to resist, minimize and mitigate a degradation caused by a successful cyber-attack on a system or network of computing and communicating devices. Some use the term "by design" when arguing that systems must be designed and implemented in a provable mission assurance fashion, with the system's intrinsic properties ensuring that a cyber-adversary is unable to cause a meaningful degradation. Others recommend that a system should include a built-in autonomous intelligent agent responsible for thinking and acting towards continuous observation, detection, minimization and remediation of a cyber degradation. In all cases, the qualifier "by design" indicates that the source of resilience is somehow inherent in the structure and operation of the system. But what, then, is the other resilience, not by design? Clearly, there has to be another type of resilience, otherwise what's the purpose of the qualifier "by design"? Indeed, while mentioned less frequently, there exists an alternative form of resilience called "resilience by intervention." In this article we explore differences and mutual reliance of resilience by design and resilience by intervention.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Cybertrust: From Explainable to Actionable and Interpretable AI (AI2)

To benefit from AI advances, users and operators of AI systems must have reason to trust it. Trust arises from multiple interactions, where predictable and desirable behavior is reinforced over time. Providing the system's users with some understanding of AI operations can support predictability, but forcing AI to explain itself risks constraining AI capabilities to only those reconcilable with human cognition. We argue that AI systems should be designed with features that build trust by bringing decision-analytic perspectives and formal tools into AI. Instead of trying to achieve explainable AI, we should develop interpretable and actionable AI. Actionable and Interpretable AI (AI2) will incorporate explicit quantifications and visualizations of user confidence in AI recommendations. In doing so, it will allow examining and testing of AI system predictions to establish a basis for trust in the systems' decision making and ensure broad benefits from deploying and advancing its computational capabilities.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Doers, not Watchers: Intelligent Autonomous Agents are a Path to Cyber Resilience

Today's cyber defense tools are mostly watchers. They are not active doers. To be sure, watching too is a demanding affair. These tools monitor the traffic and events; they detect malicious signatures, patterns and anomalies; they might classify and characterize what they observe; they issue alerts, and they might even learn while doing all this. But they don't act. They do little to plan and execute responses to attacks, and they don't plan and execute recovery activities. Response and recovery - core elements of cyber resilience are left to the human cyber analysts, incident responders and system administrators. We believe things should change. Cyber defense tools should not be merely watchers. They need to become doers - active fighters in maintaining a system's resilience against cyber threats. This means that their capabilities should include a significant degree of autonomy and intelligence for the purposes of rapid response to a compromise - either incipient or already successful - and rapid recovery that aids the resilience of the overall system. Often, the response and recovery efforts need to be undertaken in absence of any human involvement, and with an intelligent consideration of risks and ramifications of such efforts. Recently an international team published a report that proposes a vision of an autonomous intelligent cyber defense agent (AICA) and offers a high-level reference architecture of such an agent. In this paper we explore this vision.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

How to Measure Cyber Resilience of an Autonomous Agent: Approaches and Challenges

Several approaches have been used to assess the performance of cyberphysical systems and their exposure to various types of risks. Such assessments have become increasingly important as autonomous attackers ramp up the frequency, duration and intensity of threats while autonomous agents have the potential to respond to cyber-attacks with unprecedented speed and scale. However, most assessment approaches have limitations with respect to measuring cyber resilience, or the ability of systems to absorb, recover from, and adapt to cyberattacks. In this paper, we provide an overview of several common approaches, discuss practical challenges and propose research directions for the development of effective cyber resilience measures.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

To Improve Cyber Resilience, Measure It

We are not very good at measuring -- rigorously and quantitatively -- the cyber security of systems. Our ability to measure cyber resilience is even worse. And without measuring cyber resilience, we can neither improve it nor trust its efficacy. It is difficult to know if we are improving or degrading cyber resilience when we add another control, or a mix of controls, to harden the system. The only way to know is to specifically measure cyber resilience with and without a particular set of controls. What needs to be measured are temporal patterns of recovery and adaptation, and not time-independent failure probabilities. In this paper, we offer a set of criteria that would ensure decision-maker confidence in the reliability of the methodology used in obtaining a meaningful measurement.

0 citations0 reviewsNo code linkedOpen access
preprint2016arXiv

A Survey of Research on Control of Teams of Small Robots in Military Operations

While a number of excellent review articles on military robots have appeared in existing literature, this paper focuses on a distinct sub-space of related problems: small military robots organized into moderately sized squads, operating in a ground combat environment. Specifically, we consider the following: - Command of practical small robots, comparable to current generation, small unmanned ground vehicles (e.g., PackBots) with limited computing and sensor payload, as opposed to larger vehicle-sized robots or micro-scale robots; - Utilization of moderately sized practical forces of 3-10 robots applicable to currently envisioned military ground operations; - Complex three-dimensional physical environments, such as urban areas or mountainous terrains and the inherent difficulties they impose, including limited and variable fields of observation, difficult navigation, and intermittent communication; - Adversarial environments where the active, intelligent enemy is the key consideration in determining the behavior of the robotic force; and - Purposeful, partly autonomous, coordinated behaviors that are necessary for such a robotic force to survive and complete missions; these are far more complex than, for example, formation control or field coverage behavior.

0 citations0 reviewsNo code linkedOpen access
preprint2016arXiv

Approaches to Modeling Insurgency

This paper begins with an introduction to qualitative theories and models of insurgency, quantitative measures of insurgency, influence diagrams, system dynamics models of insurgency, agent based molding of insurgency, human-in-the-loop wargaming of insurgency, and statistical models of insurgency. The paper then presents a detailed case study of an agent-based model that focuses on the Troubles in Northern Ireland starting in 1968. The model is agent-based and uses a modeling tool called Simulation of Cultural Identities for Prediction of Reactions (SCIPR). The objective in this modeling effort was to predict trends in the degree of population's support to parties in this conflict. The case studies describes in detail the agents, their actions, model initialization and simulation process, and the results of the simulation compared to actual historical results of elections.

0 citations0 reviewsNo code linkedOpen access
preprint2016arXiv

Assessing Mission Impact of Cyberattacks: Report of the NATO IST-128 Workshop

This report presents the results of a workshop conducted by the North Atlantic Treaty Organization (NATO) Information Systems Technology (IST) Panel in Istanbul, Turkey, in June 2015 to explore science and technology for characterizing the impact of cyber-attacks on missions. Military mission success is highly dependent on the communications and information systems (CISs) that support the mission and their use in the cyber battlespace. The inexorably growing dependency on computational information processing for weapons, intelligence, communication, and logistics systems continues to increase the vulnerability of missions to various cyber threats. Attacks on CISs or other cyber incidents degrade or disrupt the usage of CISs, and the resulting mission capability, performance, and completion. These incidents are expected to increase in frequency and sophistication. The workshop participants concluded that the key to solving the mission impact assessment problem was in adopting and developing a new model-driven paradigm that creates and validates mechanisms of modeling the mission organization, the mission(s), and the cyber-vulnerable systems that support the mission(s). Such models then simulate or portray the impacts of the cyber-attacks. In addition, such model-based analysis could explore multiple alternative mitigation and work-around strategies - an essential part of coping with mission impact - and select the optimal course of mitigating actions. Only such a paradigm can be expected to provide meaningful, actionable information about mission impacts that have not been seen before or do not match prior experiences and patterns. The papers presented at this workshop are available in an accompanying volume, Proceedings of the NATO Workshop IST-128, Assessing Mission Impact of Cyber Attacks.

0 citations0 reviewsNo code linkedOpen access
preprint2016arXiv

Coalition-based Planning of Military Operations: Adversarial Reasoning Algorithms in an Integrated Decision Aid

Use of knowledge-based planning tools can help alleviate the challenges of planning a complex operation by a coalition of diverse parties in an adversarial environment. We explore these challenges and potential contributions of knowledge-based tools using as an example the CADET system, a knowledge-based tool capable of producing automatically (or with human guidance) battle plans with realistic degree of detail and complexity. In ongoing experiments, it compared favorably with human planners. Interleaved planning, scheduling, routing, attrition and consumption processes comprise the computational approach of this tool. From the coalition operations perspective, such tools offer an important aid in rapid synchronization of assets and actions of heterogeneous assets belonging to multiple organizations, potentially with distinct doctrine and rules of engagement. In this paper, we discuss the functionality of the tool, provide a brief overview of the technical approach and experimental results, and outline the potential value of such tools.

0 citations0 reviewsNo code linkedOpen access
preprint2016arXiv

Decision Aids for Adversarial Planning in Military Operations: Algorithms, Tools, and Turing-test-like Experimental Validation

Use of intelligent decision aids can help alleviate the challenges of planning complex operations. We describe integrated algorithms, and a tool capable of translating a high-level concept for a tactical military operation into a fully detailed, actionable plan, producing automatically (or with human guidance) plans with realistic degree of detail and of human-like quality. Tight interleaving of several algorithms -- planning, adversary estimates, scheduling, routing, attrition and consumption estimates -- comprise the computational approach of this tool. Although originally developed for Army large-unit operations, the technology is generic and also applies to a number of other domains, particularly in critical situations requiring detailed planning within a constrained period of time. In this paper, we focus particularly on the engineering tradeoffs in the design of the tool. In an experimental evaluation, reminiscent of the Turing test, the tool's performance compared favorably with human planners.

0 citations0 reviewsNo code linkedOpen access
preprint2016arXiv

Resiliency and Robustness of Complex, Multi-Genre Networks

We explore the resiliency and robustness of systems while viewing them as complex, multi-genre networks. The term "complex, multi-genre networks" refers to networks that combine several distinct genres - networks of physical resources, communication networks, information networks, and social and cognitive networks. We show that this perspective is fruitful and adds to our understanding of fundamental challenges and tradeoffs in robustness and resiliency, as well as potential solutions to the challenges. Study of systems as multi-genre networks is relatively uncommon; instead, it is customary in research and engineering literature to focus on a view of a network comprised of homogeneous elements, (e.g., a network of communication devices, or a network of social beings). Yet, most if not all real-world networks are multi-genre - it is hard to find any real system of a significant complexity that does not include a combination of interconnected physical elements, communication devices and channels, data collections, and human users forming an integrated, inter-dependent whole. Most approaches to improving resiliency and robustness involve compromises, and the key challenge is to find a favorable compromise. Such compromises involve reducing or managing the complexity of the network: coupling, rigidity and dependency. We discuss several of these compromises, e.g., performance vs resiliency; resiliency to one type of disruption vs resiliency to another disruption type; and complexity vs resiliency.

0 citations0 reviewsNo code linkedOpen access
preprint2015arXiv

An Experimental Evaluation of Computational Techniques for Planning and Assessment of International Interventions

We describe the experimental methodology developed and employed in a series of experiments within the Defense Advanced Research Projects Agency (DARPA) Conflict Modeling, Planning, and Outcomes Exploration (COMPOEX) Program. The primary purpose of the effort was development of tools and methods for analysis, planning and predictive assessment of plans for complex operations where integrated political-military-economic-social-infrastructure and information (PMESII) considerations play decisive roles. As part of the program, our team executed several broad-based experiments, involving dozens of experts from several agencies simultaneously. The methodology evolved from one experiment to another because of the lessons learned. The paper presents the motivation, objectives, and structure of this interagency experiment series; the methods we explored in the experiments; and the results, lessons learned and recommendations for future efforts of such nature.

0 citations0 reviewsNo code linkedOpen access
preprint2015arXiv

Kinetic and Cyber

We compare and contrast situation awareness in cyber warfare and in conventional, kinetic warfare. Situation awareness (SA) has a far longer history of study and applications in such areas as control of complex enterprises and in conventional warfare, than in cyber warfare. Far more is known about the SA in conventional military conflicts, or adversarial engagements, than in cyber ones. By exploring what is known about SA in conventional, also commonly referred to as kinetic, battles, we may gain insights and research directions relevant to cyber conflicts. We discuss the nature of SA in conventional (often called kinetic) conflict, review what is known about this kinetic SA (KSA), and then offer a comparison with what is currently understood regarding the cyber SA (CSA). We find that challenges and opportunities of KSA and CSA are similar or at least parallel in several important ways. With respect to similarities, in both kinetic and cyber worlds, SA strongly impacts the outcome of the mission. Also similarly, cognitive biases are found in both KSA and CSA. As an example of differences, KSA often relies on commonly accepted, widely used organizing representation - map of the physical terrain of the battlefield. No such common representation has emerged in CSA, yet.

0 citations0 reviewsNo code linkedOpen access
preprint2015arXiv

Science of Cyber Security as a System of Models and Problems

Terms like "Science of Cyber" or "Cyber Science" have been appearing in literature with growing frequency, and influential organizations initiated research initiatives toward developing such a science even though it is not clearly defined. We propose to define the domain of the science of cyber security by noting the most salient artifact within cyber security -- malicious software -- and defining the domain as comprised of phenomena that involve malicious software (as well as legitimate software and protocols used maliciously) used to compel a computing device or a network of computing devices to perform actions desired by the perpetrator of malicious software (the attacker) and generally contrary to the intent (the policy) of the legitimate owner or operator (the defender) of the computing device(s). We further define the science of cyber security as the study of relations -- preferably expressed as theoretically-grounded models -- between attributes, structures and dynamics of: violations of cyber security policy; the network of computing devices under attack; the defenders' tools and techniques; and the attackers' tools and techniques where malicious software plays the central role. We offer a simple formalism of these key objects within cyber science and systematically derive a classification of primary problem classes within cyber science.

0 citations0 reviewsNo code linkedOpen access
preprint2015arXiv

Six Potential Game-Changers in Cyber Security: Towards Priorities in Cyber Science and Engineering

The fields of study encompassed by cyber science and engineering are broad and poorly defined at this time. As national governments and research communities increase their recognition of the importance, urgency and technical richness of these disciplines, a question of priorities arises: what specific sub-areas of research should be the foci of attention and funding? In this paper we point to an approach to answering this question. We explore results of a recent workshop that postulated possible game-changers or disruptive changes that might occur in cyber security within the next 15 years. We suggest that such game-changers may be useful in focusing attention of research communities on high-priority topics. Indeed, if a drastic, important change is likely to occur, should we not focus our research efforts on the nature and ramifications of the phenomena pertaining to that change? We illustrate each of the game-changers examples of related current research, and then offer recommendations for advancement of cyber science and engineering with respect to each of the six game-changers.

0 citations0 reviewsNo code linkedOpen access
preprint2015arXiv

Toward a Research Agenda in Adversarial Reasoning: Computational Approaches to Anticipating the Opponent's Intent and Actions

This paper defines adversarial reasoning as computational approaches to inferring and anticipating an enemy's perceptions, intents and actions. It argues that adversarial reasoning transcends the boundaries of game theory and must also leverage such disciplines as cognitive modeling, control theory, AI planning and others. To illustrate the challenges of applying adversarial reasoning to real-world problems, the paper explores the lessons learned in the CADET - a battle planning system that focuses on brigade-level ground operations and involves adversarial reasoning. From this example of current capabilities, the paper proceeds to describe RAID - a DARPA program that aims to build capabilities in adversarial reasoning, and how such capabilities would address practical requirements in Defense and other application areas.

0 citations0 reviewsNo code linkedOpen access
preprint2015arXiv

Towards Approaches to Continuous Assessment of Cyber Risk in Security of Computer Networks

We review the current status and research challenges in the area of cyber security often called continuous monitoring and risk scoring (CMRS). We focus on two most salient aspects of CMRS. First, continuous collection of data through automated feeds; hence the term continuous monitoring. Typical data collected for continuous monitoring purposes include network traffic information as well as host information from host-based agents. Second, analysis of the collected data in order to assess the risks - the risk scoring. This assessment may include flagging especially egregious vulnerabilities and exposures, or computing metrics that provide an overall characterization of the network's risk level. Currently used risk metrics are often simple sums or counts of vulnerabilities and missing patches. The research challenges pertaining to CMRS fall mainly into two categories. The first centers on the problem of integrating and fusing highly heterogeneous information. The second group of challenges is the lack of rigorous approaches to computing risk. Existing risk scoring algorithms remain limited to ad hoc heuristics such as simple sums of vulnerability scores or counts of things like missing patches or open ports, etc. Weaknesses and potentially misleading nature of such metrics are well recognized. For example, the individual vulnerability scores are dangerously reliant on subjective, human, qualitative input, potentially inaccurate and expensive to obtain. Further, the total number of vulnerabilities may matters far less than how vulnerabilities are distributed over hosts, or over time. Similarly, neither topology of the network nor the roles and dynamics of inter-host interactions are considered by simple sums of vulnerabilities or missing patches.

0 citations0 reviewsNo code linkedOpen access
preprint2015arXiv

War of 2050: a Battle for Information, Communications, and Computer Security

As envisioned in a recent future-casting workshop, warfare will continue to be transformed by advances in information technologies. In fact, information itself will become the decisive domain of warfare. Four developments will significantly change the nature of the battle. The first of these will be a proliferation of intelligent systems; the second, augmented humans; the third, the decisive battle for the information domain; and the fourth, the introduction of new, networked approaches to command and control. Each of these new capabilities possesses the same critical vulnerability - attacks on the information, communications and computers that will enable human-robot teams to make sense of the battlefield and act decisively. Hence, the largely unseen battle for information, communications and computer security will determine the extent to which adversaries will be able to function and succeed on the battlefield of 2050.

0 citations0 reviewsNo code linkedOpen access