Coevolutionary Agent-Based Network Defense Lightweight Event System (CANDLES)
Predicting an adversary's capabilities, intentions, and probable vectors of attack is in general a complex and arduous task. Cyber space is particularly vulnerable to unforeseen attacks, as most computer networks have a large, complex, opaque attack surface area and are therefore extremely difficult to analyze. Abstract adversarial models which capture the pertinent features needed for analysis, can reduce the complexity sufficiently to make analysis feasible. Game theory allows for mathematical analysis of adversarial models; however, its scalability limitations restrict its use to simple, abstract models. Computational game theory is focused on scaling classical game theory to large, complex systems capable of modeling real-world environments; one promising approach is coevolution where each player's 'fitness is dependent on its adversaries. In this paper, we propose the Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES), a framework designed to coevolve attacker and defender agent strategies and evaluate potential solutions with a custom, abstract computer network defense simulation. By performing a qualitative analysis of the result data, we provide a proof of concept for the applicability of coevolution in planning for, and defending against, novel attacker strategies in computer network security.
G. Rush et al., "Coevolutionary Agent-Based Network Defense Lightweight Event System (CANDLES)," Proceedings of the Companion Publication of the 2015 Annual Conference on Genetic and Evolutionary Computation, pp. 859-866, Association for Computing Machinery (ACM), Jan 2015.
The definitive version is available at https://doi.org/10.1145/2739482.2768429
17th Annual Conference Companion on Genetic and Evolutionalry Computation (GECCO'15) (2015: Jul. 11-15, Madrid, Spain)
Center for High Performance Computing Research
International Standard Book Number (ISBN)
Article - Conference proceedings
© 2015 Association for Computing Machinery (ACM), All rights reserved.