Autonomic Cyber System Vision

“Develop effective methods for human-AI collaboration. Rather than replace humans, most AI systems will collaborate with humans to achieve optimal performance. Research is needed to create effective interactions between humans and AI systems.” … We will develop new understandings of the complex technical trade-offs between usability, security, privacy, efficiency and fairness.           

[Data61 Science Vision H4, p. 8]

There are too many cyberattacks and data breaches and too few professionals to address these threats. Current approaches to addressing cyberattacks and data breaches are mostly manual, signature base, reactive and not robust or resilient. Furthermore, the increasing complexity of the cyberspace and its dynamic nature makes it impossible for humans to effectively secure and protect the cyber system. This space therefore requires a paradigm shift towards more automated solutions so security experts could be more efficiently utilised and more advanced cybersecurity capabilities can be made available through software-as-a-service. DSS aims to move towards the development/building of an autonomic cyber prosilient service (resilience with consciousness of environment, self-awareness, and the capacity to evolve). Some of the key research questions DSS aims to address under autonomic cyber systems are:

Q4: How to automate penetration testing so that it can be done by non-professionals at a lower cost?

Professional evaluation, also known as penetration testing or pentesting, should be conducted on a regular basis and evaluate all aspects of a system. However, continuous pentesting of all systems that support operational capabilities is an expensive process, both in terms of time and cost. As such, financial and other resource constraints usually mean that pentesting is done infrequently, and often only on a subset of the operational network. The challenge is to utilise automation to reduce the cost of pentesting and improve access thereto by non-cybersecurity professionals. DSS in collaboration with Defence Science and Technology Group (DSTG) and Australian National University (ANU) aims to develop a framework that can automate pentesting tools and monitor the network through automated testing. DSS will investigate methods to extract machine-interpretable/executable threat intelligence, IT infrastructure and business/ mission process data, and fuse these data sets to make automated decisions that can be used for periodic/continuous targeted tests.

Q5: How to build autonomous cyber defence systems in complex and contested environments?

The challenge is to build a resilience system that has the ability to “fight through” failures or adverse events caused by either accidental or deliberate means. Can we develop a self-healing system, where adverse events are diagnosed in near-real-time (either proactively or reactively, or both) and recovery operations are automatically effected? Such recovery operations typically require the reconfiguration of some components or the entire system. The additional challenge is to manage multiple but conflicting reconfigurations required at run-time, as well as the non-trivial complexity and inherent distribution of autonomous cyber defence systems, to achieve optimal reconfigurations. DSS in collaboration with DSTG and Swinburne University aims to investigate automated methods to formulate the cybersecurity problems as distributed constrained optimisation problems to let entities in a networked system (e.g., IoT, mobile networks and legacy networks) reorganise themselves, defend against a known attack or create deception against zero-day attacks.

Q6: How to develop advanced, scalable analysis techniques to address the security and privacy issues in mobile applications?

The global mobile application revenues reached an impressive USD 88.3 billion in 2016 with over 224 billion apps downloaded worldwide. The huge market drives an unprecedented number of new and buggy apps rushing to be released every day, leaving a substantial attack surface for cyber criminals. The challenge is to develop an advanced information flow analysis that overcomes the limitations of the state-of-the-art bug detectors by analysing hard language features, such as reflection. Can we design applications that can operate securely within infested environments? Can we design non-intrusive monitoring systems that can separate benign data flow from malicious one using bio-inspired techniques? Can we build operating systems and communication protocols immune to certain classes of attacks such as the ransomware? DSS in collaboration with University of New South Wales (UNSW) aims to develop a highly modular and extendable analysis infrastructure with self-defined intermediate representations to support analysis for applications written in various high-level languages, e.g., Java, Objective-C and Swift.