Cyber Adversarial Scenario Modeler and Artificial Intelligence Decision Engine (CASCADE)
When a cyber attack hits, those in charge of protecting the system and its data must make important decisions on how to secure the system, stop the attack, and minimize the attack's impact to national security. Currently, decision makers rely mostly on judgment to make these choices. Existing cyber decision-support software gathers network data from numerous data sources (such as network traffic analysis, vulnerability scanners, hardware and software inventories, configuration checks, and network maps), but users are often overwhelmed by the amount of data. It can be difficult to sort through and analyze the data fast enough to make effective decisions, like blocking a user or shutting down a network.
Lincoln Laboratory researchers have developed the Cyber Adversarial Scenario Modeler and Artificial Intelligence Decision Engine (CASCADE) to present users with the best solution given the scenario. CASCADE uses two key functions: exploration and evaluation. Exploration searches the space of possible decisions to recommend promising candidate decisions. Evaluation measures the effectiveness of candidate decisions. Both components work together to generate timely, intelligent cyber solutions.