Proc. SPIE. 7350, Defense Transformation and Net-Centric Systems 2009
KEYWORDS: Defense and security, Data modeling, Data processing, System identification, Chemical elements, Systems modeling, Information security, Computer security, Network security, Classification systems
Today's enterprise networks undergo a relentless barrage of attacks from foreign and domestic adversaries. These
attacks may be perpetrated with little to no funding, but may wreck incalculable damage upon the enterprises security,
network infrastructure, and services. As more services come online, systems that were once in isolation now provide
information that may be combined dynamically with information from other systems to create new meaning on the fly.
Security issues are compounded by the potential to aggregate individual pieces of information and infer knowledge at a
higher classification than any of its constituent parts.
To help alleviate these challenges, in this paper we introduce the notion of semantic policy and discuss how it's use is
evolving from a robust approach to access control to preempting and combating attacks in the cyber domain, The
introduction of semantic policy and adversarial modeling to network security aims to ask 'where is the network most
vulnerable', 'how is the network being attacked', and 'why is the network being attacked'. The first aspect of our
approach is integration of semantic policy into enterprise security to augment traditional network security with an overall
awareness of policy access and violations. This awareness allows the semantic policy to look at the big picture -
analyzing trends and identifying critical relations in system wide data access.
The second aspect of our approach is to couple adversarial modeling with semantic policy to move beyond reactive
security measures and into a proactive identification of system weaknesses and areas of vulnerability. By utilizing
Bayesian-based methodologies, the enterprise wide meaning of data and semantic policy is applied to probability and
high-level risk identification. This risk identification will help mitigate potential harm to enterprise networks by enabling
resources to proactively isolate, lock-down, and secure systems that are most vulnerable.
Understanding the intent of today's enemy necessitates changes in intelligence collection, processing, and dissemination.
Unlike cold war antagonists, today's enemies operate in small, agile, and distributed cells whose tactics do not map well
to established doctrine. This has necessitated a proliferation of advanced sensor and intelligence gathering techniques at
level 0 and level 1 of the Joint Directors of Laboratories fusion model. The challenge is in leveraging modeling and
simulation to transform the vast amounts of level 0 and level 1 data into actionable intelligence at levels 2 and 3 that
include adversarial intent. Currently, warfighters are flooded with information (facts/observables) regarding what the
enemy is presently doing, but provided inadequate explanations of adversarial intent and they cannot simulate 'what-if'
scenarios to increase their predictive situational awareness. The Fused Intent System (FIS) aims to address these
deficiencies by providing an environment that answers 'what' the adversary is doing, 'why' they are doing it, and 'how'
they will react to coalition actions. In this paper, we describe our approach to FIS which includes adversarial 'soft-factors'
such as goals, rationale, and beliefs within a computational model that infers adversarial intent and allows the
insertion of assumptions to be used in conjunction with current battlefield state to perform what-if analysis. Our
approach combines ontological modeling for classification and Bayesian-based abductive reasoning for explanation and
has broad applicability to the operational, training, and commercial gaming domains.
Nowadays, there is an increasing demand for the military to conduct operations that are beyond traditional warfare. In
these operations, analyzing and understanding those who are involved in the situation, how they are going to behave,
and why they behave in certain ways is critical for success. The challenge lies in that behavior does not simply follow
universal/fixed doctrines; it is significantly influenced by soft factors (i.e. cultural factors, societal norms, etc.). In
addition, there is rarely just one isolated enemy; the behaviors and responses of all groups in the region, and the
dynamics of the interaction among them composes an important part of the whole picture. The Dynamic Adversarial
Gaming Algorithm (DAGA) project aims to provide a wargaming environment for automation of simulating dynamics
of geopolitical crisis and eventually be applied to military simulation and training domain, and/or commercial gaming
arena. The focus of DAGA is on modeling communities of interest (COIs), where various individuals, groups, and
organizations as well as their interactions are captured. The framework should provide a context for COIs to interact
with each other and influence others' behaviors. These behaviors must incorporate soft factors by modeling cultural
knowledge. We do so by representing cultural variables and their influence on behavior using probabilistic networks. In
this paper, we describe our COI modeling, the development of cultural networks, the interaction architecture, and a
prototype of DAGA.
As General John P. Jumper, Air Force Chief of Staff, noted the bulk of an Air Operations Center Air Tasking Order cycle is spent gathering information from different stovepipe intelligence assets, then manually evaluating the results and planning implications. This time consuming process is an obstacle that inhibits the real-time battlespace awareness needed by commanders to dynamically task assets to address time critical targets and help the Air Force meet its goal of “striking mobile and emerging targets in single digit minutes”. This paper describes how research performed for the Dynamic Intelligence Anticipation, Prioritization, and Exploitation System (DIAPES) supports this goal by leveraging advances in ontological modeling, intelligence data integration; artificial intelligence; and visualization. DIAPES applies automated analysis and visualization to an integrated ontology that specifies the relationships among intelligence and planning products and battlespace execution assets. This research seeks to enable commanders and analysts to perform 'what-if' scenarios to judge tradeoffs and determine the potential propagation effects that retasking assets to address time critical targets have throughout battlespace plans and participants.