SENDSim: A New Platform for Understanding Behavior in Cyberspace

By Carl Hunt, Greg Amis and Rick Raines

As reported in Armed with Science last October, DoD’s Assistant Secretary of Defense for Research and Engineering’s Rapid Reaction Technology Office (RRTO) has been working with the U.S. Air Force Institute of Technology’s Center for Cyberspace Research (CCR) on a project called, “Science Enhanced Networked Domains and Secure Social Spaces” (SENDS). The main mission of SENDS is to examine operational and security challenges the United States faces in the use of cyberspace within the global environment. The focus of these examinations is both broad and innovative. RRTO and CCR have supported this project since late 2009.

SENDS partner Icosystem Corporation is delivering a major component of the SENDS Project: a modeling and simulation platform to understand the behaviors of network users and information technologies as they interact within cyberspace. These simulations help visualize the interdependencies that arise with the convergence of these two sources of vulnerability. As the SENDS Project progresses, we’ve been covering developments in the new SENDS website but now that we are within four months of concluding the Pilot, we want to share the status of this task as a preview.

We call the simulation environment for the SENDS Project SENDSim. In brief, SENDSim is an agent-based simulation and experimentation environment designed to help experts better understand cyberspace security challenges by providing a platform for understanding threats, evaluating solutions, and communicating the benefits of a principled security plan to non-technical decision makers.

SENDSim can run simulations and visualize animations of malware propagation, worker behavior, and social network activity. (Image: SENDS)

SENDSim can run simulations and visualize animations of malware propagation, worker behavior, and social network activity. (Image: SENDS)

Users of SENDSim can specify network designs, assumptions, and policy parameters. SENDSim then creates a simulated network, a simulated workforce using that network and relevant policies, and a simulated malware threat (Conficker or Stuxnet, for example).

Incorporating modeling techniques from epidemiology and behavioral economics, SENDSim captures the interactions of both the behaviors of the network users and the behaviors of the malware. These behaviors include users’ appreciation of cyber threats, as well as their actions, such as selecting technical strategies for daily tasks, choosing passwords, enabling and disabling features, and discussing threats and solutions with co-workers.

By the end of the pilot project in June, SENDSim will simulate: Conficker, Stuxnet, removable media and Windows file sharing use, user productivity, user technical strategy selection, infection costs, malware propagation mechanisms, attacks on control systems (e.g., SCADA), other attack scenarios (for example, distributed denials of services and data exfiltration), users making unauthorized changes to workstation configurations, and users managing their passwords.

The above video provides a tour of the graphical user interface to run simulations and visualize animations of malware propagation, worker behavior, and social network activity.

We invite you to monitor progress of the SENDS Project and SENDSim at the SENDS website, and to be a part of the “open source science” SENDS is pursuing.

Dr. Greg Amis, Icosystem, Inc., is Lead Modeler for the SENDSim task. You can find out more about Greg at the SENDS website.

Dr. Carl Hunt, Directed Technologies, Inc. is the SENDS Project Manager. You can also find more about Carl at the SENDS website.

Dr. Richard Raines is the Director of the USAF Institute of Technology’s Center for Cyberspace Research.

Sign up for Armed with Science email alerts!