US military network-security researchers have launched a new program to discover more about the tactics of malicious hackers.
The Signature Management Using Operational Knowledge and Environments (SMOKE) program was announced on Tuesday in a broad agency statement put out by officials at the US Defense Advanced Research Projects Agency (DARPA) in Arlington, Virginia.
Signatures are patterns that describe the way in which an organization performs cyber operations.
SMOKE is asking the computer industry to develop methods to identify, model, and mitigate the typical behaviors of threat actors. The aim of the program is to develop technologies to generate evasive cyber infrastructure that accelerates red team cyber operations (CO).
The data-driven tools will achieve this goal through automated threat-informed planning, emulation, and attribution risk assessment.
DARPA stated: “In a complementary activity, SMOKE will develop data-driven tools to automate the discovery of distinguishable patterns of sophisticated cyber threat infrastructure (i.e., signatures).”
The agency outlined two key technical objectives of the project. The first is to include informing operators of adversary signatures as they prepare cyber infrastructure in real time, and the second is to find a way to provide attribution risk assessments for planning and surveillance of the cyber infrastructure that is in use.
The program’s key research challenges include finding a way to automatically build and traverse associations in large-scale cyber datasets, expanding the use of attribution techniques to non-experts, and discovering latent associations between infrastructure elements.
Researchers will also be tasked with generating useful statistics for planners to predict how well infrastructure configurations will break from, or conform to, desired infrastructure signatures.
Possible approaches that the industry could apply to these challenges include using machine learning to model infrastructure associations through automated pattern recognition and graph-based inference.
The SMOKE program is being managed by Tejas Patel of the Information Innovation Office (I2O). It will be conducted at the unclassified level.
The start date of the program is anticipated to be August of next year. Proposers are strongly encouraged to propose their own data sources and methods, and to offer up options for program-wide access to those sources.
The deadline to submit proposals to the program is January 31, 2022.
Sarah Coble | INFOSECURITY MAGAZINE