Former United States Secretary of Defense Donald Rumsfeld once famously said it is the unknown unknowns – or the things we don’t know that we don’t know about – that can trouble nations of the ‘free world’.
He may have been lampooned mercilessly at the time for this statement, but he hit upon a problem that continues to plague cyber defence analysts – if a system is compromised or under attack and we are unaware and unable to know where and what is being affected, how can that system be protected?
Luckily a small team in the School of Computer Science and Engineering is working towards a solution to this very issue. Led by CSE Senior Lecturer and ARC DECRA Fellow Lina Yao, the researchers are hoping to develop a computer network that has the ability to self-heal.
Dr Yao, whose research is in collaboration with Dr Anton Uzunov of the Defence Science and Technology Group, says she is working on making cyber defence systems autonomous and to build into them a capacity for resilience.
“Resilience can be seen as the ability of autonomous cyber defence systems to detect and remedy a variety of faults, both malicious and accidental,” she says.
“They also need to maintain functionality in adverse circumstances, such as in operationally contested environments.”
Dr Yao says resilience is critical in autonomous cyber defence systems, which have to be self-diagnosing and self-healing in order to maintain themselves in a fully-functioning state and to mask failures from end users.
In defence systems such as military networks and tactical platforms, the systems may be operating in adversarial contexts where nodes, processes and network links can fail at any given moment due to intentional or unintentional causes.
“There could be an active threat, such as malicious attacks and cyber crimes from inside and outside,” Dr Yao says.
“Or there could be passive threats, which we categorise as those that are caused by accidents, operator misbehaviours, or even degradation or failures of hardware and software.”
Dr Yao says maintaining reliability in such contexts is challenging and requires a consideration of unknown and unprecedented factors.
“Self-healing consists of self-monitoring, self-analysis, self-diagnosis and the ability to take actions for remediation,” she says.
Dr Yao draws upon her past work in home automation and human-machine interactions to help her build autonomy into cyber defence systems.
Her current research into machine learning is made up of four areas of interest.
Human behaviour analysis: the learning of human behavioural profiles from heterogeneous digital footprints.
Anomaly detection: being able to detect abnormal activities as well as false information online and in social media.
Recommendation systems: teaching machines how to proactively discover an item of interest and making computers aware of situations.
Human-machine interaction: developing novel interactions between humans and machine such as a brain-computer interface.
All of these considerations inform Dr Yao’s work relating to her defence project brief of “enhancing the reliability of pervasive distributed systems with self-healing”. She and her team are developing an end-to-end solution for self-healing in distributed systems. This includes fault-detection abilities that are based on deep learning – via a novel neural network that uses raw system run-time metrics such as CPU usage, memory consumption and network activity.
“This approach provides a unified way to automatically learn useful features and make adaptive inferences about reliability without human diagnostic expertise,” Dr Yao says.
“The framework governing the whole self-healing process is itself a distributed system.”
Dr Yao says she is looking forward to further collaborations with defence partners to transform her research expertise into the realm of cyber security which includes monitoring or tracking the presence and movements in a battlefield to enable close surveillance of opposing forces.
She also sees the potential of her work being used in supporting the mental health of soldiers in the field via continuous real-time monitoring and information processing.