Toward improved software security testing using a cyber warfare opposing force (CW OPFOR): the knowledge base design

摘要

"Train the way you will fight" has been a guiding principle for military training and has served the warfighter well as evidenced by numerous successful operations over the last decade. This need for realistic training for all combatants has been recognized and proven by the warfighter and continues to guide military training. However, to date, this key training principle has not been applied fully in the arena of cyberwarfare due to the lack of realistic, cost effective, reasonable, and formidable cyberwarfare opponents. Recent technological advances, improvements in the capability of computer-generated forces (CGFs) to emulate human behavior, and current results in research in information assurance and software protection, coupled with increasing dependence upon information superiority, indicate that the cyberbattlespace will be a key aspect of future conflict and that it is time to address the cyberwarfare training shortfall. To address the need for a cyberwarfare training and defensive testing capability, we propose research and development to yield a prototype computerized, semi-autonomous (SAF) red team capability. We term this capability the Cyber Warfare Opposing Force (CW OPFOR). There are several technologies that are now mature enough to enable, for the first time, the development of this powerful, effective, high fidelity CW OPFOR. These include improved knowledge about cyberwarfare attack and defense, improved techniques for assembling CGFs, improved techniques for capturing and expressing knowledge, software technologies that permit effective rapid prototyping to be effectively used on large projects, and the capability for effective hybrid reasoning systems. Our development approach for the CW OPFOR lays out several phases in order to address these requirements in an orderly manner and to enable us to test the capabilities of the CW OPFOR and exploit them as they are developed. We have completed the first phase of the research project, which consisted of developing an understanding of the cyberwarfare environment and categorizing offensive cyberwarfare strategies and techniques. In the second phase of the research project, which is the centerpiece of this paper, we developed and refined the system software architecture and system design and developed and revised a knowledge base design. In the third phase, which will be the subject of future research reports, we will implement a prototype CW OPFOR and test and evaluate its performance within realistic experiments. The second phase of the CW OPFOR research project is a key step; one that will determine the scalability, utility, and maintainability of the CWOPFOR. For the CW OPFOR, software development and knowledge acquisition must be key activities and must be conducted so that the CW OPFOR has the ability to adapt and incorporate research results and cyberbattlespace insights. This paper will discuss the key aspects of these two parallel knowledge base design efforts as well as discuss the CW OPFOR software architecture and design. The paper is organized as follows. Section One presents a discussion concerning the motivation for the CW OPFOR project, the need for the capability, and the expected results. Section Two contains a discussion of background material. Section Three contains an overview discussion of the CW OPFOR knowledge base design and the key design choices and alternatives considered at each choice. Section Four contains a discussion of conclusions and future work.