Cyber Attribution Network Training & Education Engine (CANTEEN)

Period of Performance: 06/28/2016 - 06/27/2017

$1000K

Phase 2 SBIR

Recipient Firm

Charles River Analytics, Inc.
625 Mount Auburn Street Array
Cambridge, MA 02138
Firm POC
Principal Investigator

Abstract

Modern adversaries have become more proficient at attacking our militarys cyber networks. Although the Army has expended significant resources addressing threats in the cyber domain, current defense efforts are largely reactive. Augmenting our cyber defenses with tools that proactively analyze the intentions and behaviors of our adversaries and predict likely attack vectors on the network can alleviate the manual analytic burden on cyber specialists and increase the resilience of our networks. To address these needs, in Phase I we designed and demonstrated the feasibility of a system for Cyber Attacker and Network Vulnerability Analysis and Simulation (CANVAS). CANVAS is a tool for the analysis of cyber vulnerabilities and proactive development of defense strategies. CANVAS enables cyber defenders and policy makers to wargame intelligent models of attacker intentions and behaviors on a simulated network. This provides predictive analysis of attacks for cyber situation awareness and to make defensive recommendations. Based on our Phase I success, we propose a Phase II effort to develop and evaluate a full-scope system, the Cyber Attribution Network Training & Education Engine (CANTEEN), which extends CANVAS capabilities to: (1) identify correlations between live-data sources and adversary models to provide attack attributions; and (2) include support for training.