Large-scale dynamic graphs capture the key processes in resilient infrastructures, while modeling these systems for cyber enterprises.

In examining the relationship between the various layers of the enterprise captured by the large scale graph, a temporal and structural dimension is apparent. Instructions are executed in the nanosecond realm, but have influence over and interaction with missions that occur in the days/weeks/months realm and vice versa. Also, modifications to one instruction in one process can have enterprise-wide impact. This outcome is directly tied to the research challenge of models and metrics. The challenges result in a dynamic infrastructure driven by proactive and reactive enterprise configuration modifications. Any model of the enterprise must capture these changes in real-time.

Multi-scale modeling captures the essential features of graph models to enable the calculation of security posture and cost-benefit metrics.

Researchers will combine multi-scale modeling with dynamic graphing techniques to accurately reflect the infrastructure in question while being able to perform all necessary analytics on commodity hardware.

Measurable quantities can be discovered and developed that capture the essential security posture and cost-benefit ratio in real-time.

This research will advance on three fronts: 1) the integration of technologies for multi-scale modeling with large-scale graph analytics and dynamic graph representations, 2) the development of new algorithms and implementations for dynamic simulations to calculate the cost-benefit ratio of any proposed actions, and 3) the metrics required to understand the security posture of the enterprise in real-time. The models and metrics will be key in the command and control of the resilient infrastructure. As potential courses of action are created, each action will be evaluated using the structure and mechanics information conveyed by the model and the impact on the enterprise as determined by the metrics including the cost-benefit analysis. The action that results in the greatest reduction in attacker advantage and least impact to the defender will likely be the selected action, and will drive the corresponding change in the infrastructure.

Moving target infrastructure achieves resiliency and asymmetry.

Researchers will develop algorithms for system-level control, develop protocol for peer-to-peer movement of components, and measure cost/benefit of the moving target infrastrcuture. This will reduce the attacker's asymmetric advantage while maintaining performance and network configuration awareness.