How to Build Synthetic Persons in Cyberspace

Presented at Black Hat Europe 2018, Dec. 6, 2018, 2:45 p.m. (50 minutes)

One of the greatest challenges in developing capable cyberspace operators is building realistic environments for training events. While many organizations have developed technologies and techniques for replicating enterprise-scale networks, the problem is how to realistically populate those networks with synthetic persons. Whether we are training network defenders or penetration testers, we want to pit them against adaptive and intelligent adversaries who can continuously put their skills to the test. In either case, we also need rich ecosystems in which realistic user agents exchange messages, interact with the web and occasionally assist (or hinder) the efforts of the attackers and defenders.

This talk describes our research and development of a family of Cyberspace Cognitive (CyCog) agents that can behave like attackers, defenders or users in a network. The attacker agent (CyCog-A) was developed to train defenders while its defensive counterpart (CyCog-D) was intended to help develop penetration testers. The user agent (CyCog-U), on the other hand, is much more versatile in that it can support either type of training. Furthermore, since these synthetic users are models of actual users on a network, they can display behaviors that can either hinder or assist attackers and/or defenders.

Our experiences and successes point to current gaps as well as future threats and opportunities. From the need for scalable cyberspace mapping techniques to our work in modeling behaviors to the lessons learned in human-machine teaming, the CyCog family of agents is opening a new dimension in cyberspace operations research and development.

Presenters:

• Alex Nickels - Associate Technical Director and Senior Software Engineer, Soar Technology
  Alex Nickels is an associate technical director and senior software engineer at Soar Technology. He’s led the development of dozens of advanced research projects, most of which focus on the application of novel artificial intelligence techniques to cybersecurity and unmanned platforms. His recent work includes the development of a family of synthetic cognitive agents that emulate the behaviors of real attackers, defenders and general users in cyberspace.
• Fernando Maymi - Lead Scientist, Soar Technology
  Fernando Maymí, Ph.D., CISSP, is Lead Scientist in the Cyber and Secure Autonomy division of Soar Technology, Inc. (an artificial intelligence research and development company) and a retired U.S. Army officer. He was formerly the Deputy Director of the Army Cyber Institute at West Point, where he also taught cybersecurity courses for over 12 years. Today, he leads multiple advanced research projects developing autonomous cyberspace agents for the U.S. Department of Defense. Fernando has developed and conducted large-scale cybersecurity exercises for major cities in the United States and abroad and served as advisor for senior leaders around the world. His publications include the 7th and 8th editions of the CISSP All-in-One Exam Guide.

Links:

• https://www.blackhat.com/eu-18/briefings/schedule/#how-to-build-synthetic-persons-in-cyberspace-12824
• https://infocon.org/cons/Black Hat/Black Hat Europe/Black Hat Europe 2018/How to Build Synthetic Persons in Cyberspace.mp4
• https://infocon.org/cons/Black Hat/Black Hat Europe/Black Hat Europe 2018/How to Build Synthetic Persons in Cyberspace.eng.srt (subtitles)
• https://www.youtube.com/watch?v=urleQ8yYJ1o

Similar Presentations:

• BSidesSF 2016 / Keynote: A Declaration of the Independence of Cyberspace
• Black Hat USA 2016 / Defense at Hyperscale: Technologies and Policies for a Defensible Cyberspace
• Black Hat USA 2017 / Challenges of Cooperation Across Cyberspace