Cybersecurity Collaboratory2013-2018Cyberspace Threat Identification, Analysis and Proactive Response |
---|
A Preventive and Reactive Analysis Security Tool (Mike Valenzuela)
Asymmetric Threat Response and Analysis Program (ATRAP) is a “cognitive amplifier” for trained intelligence analysts, ATRAP has grown to handle a myriad of tasks useful for other disciplines. It can automatically ingest a large variety of structured and unstructured data. Once ingested, the data can be studied using the automated detection of user-defined patterns, data visualization, and fuzzy matching capabilities. ATRAP’s network analysis tool can analyze connections, showing which entities are central, which are brokers, and by extracting networks based on patterns of connections. This naturally extends to the analysis of computer networks as well as analyzing social networks to study the possibility of an inside job. ATRAP also includes preventative tools which forecast possible future scenarios and how to respond. It possesses two tools to do this. The first is a sophisticated probabilistic game theoretic approach, similar to those in the literature. The second is partial matching of user-defined patterns, indicating a possible on-going attack. These two approaches can be combined to allow for detection of novel on-going attacks.
Michael L. Valenzuela is a Graduate Research Assistant and Ph.D. student in the Electrical and Computer Engineering (ECE) Department. He hopes to obtain his Ph.D. by the winter of 2013 with a focus on machine-learning and decision theory. He is working on a split minor between Systems and Industrial Engineering and ECE (with a hardware orientation). The majority of his coursework has been on modeling & simulation, artificial intelligence, and optimization. His research interests include modeling & simulation, decision theory, and machine learning. He is currently actively engaged in developing Anti-Training with Sacrificial Data (ATSD), a novel meta-learning prospect which exploits certain theoretical equalities. He has previously worked on the Asymmetric Threat Response and Analysis Program (ATRAP). On this project he worked with a subject matter expert to help design the Query Model (QM). The QM is a model for capturing and automating intelligence analysts' decision making process. A more recent research project for ATRAP is the Decision Support Tool (DST). It allows for the creation of games and provides analysis of the games using deterministic equivalents of stochastic (discrete) game trees. ATRAP is freely available to all of the US government.