Cyber Attack Orchestration Test Bed for Automation and Threat Monitoring in Virtual Environment (CTAM)
As the number of exploits aimed at cyber infrastructures increases drastically in the age of nation-state-sponsored cyber-attacks, the availability of cyberspace test beds for automated deployment, monitoring, and profiling of malware behavior becomes an indispensable component of any cyber-defense arsenal. This project is developing a cyber-attack orchestration test bed which integrates and extends state-of-the-art hardware virtualization, virtual machine introspection, advanced instrumentation and malware forensic technologies, allowing for automated emulation of test infrastructure. This test and evaluation (T&E) framework will be equipped with cloud-enabled, advanced orchestration tools such as kernel stack analysis for rootkit monitoring and hardware-backed memory protected security agents with pluggable architecture. We are developing the test technology to detect, analyze, and monitor malware behavior during cyberspace attacks by enabling key capabilities like:
S&T research to develop new algorithms and models to detect and monitor malware in a virtualized testbed using anomaly based detection with machine learning techniques, smart memory acquisition, Kernel Queue Injection and application instrumentation;
deployment of virtualized environments along with the advanced instrumentation tools developed through this research for control and monitoring of the cyberspace test environment;
cyber-attack emulation through infection and propagation of simulated endpoints;
fine-grained introspection, data collection, and monitoring of various aspects of the infrastructure through the centralized system; and
visualization and generation of reports to assess the potential damage to operational cyberspace assets.
The ultimate role of the test technology is to facilitate the monitoring, analysis and threat assessment of malware to understand its goals and degrade impacts on the compromised systems.
This project is sponsored by the Test Resource Management Center (TRMC) of the Department of Defense (DoD), and in collaboration with the Applied Research Center of Florida International University.
