Generative Representation of Synthetic Threat Actors for Simulation and Training
(Room S320B)
29 Nov 17
4:00 PM
-
4:30 PM
In this paper we describe a generalized and generative synthetic threat actor (SynthActor) modeling capability as currently implemented in the Web Ontology Language (OWL 2). SynthActor is general in the sense that it readily supports representation and reasoning about threat actors at any level of aggregation (individuals, groups and nation states) and for any domain of aggression (kinetic, cyber, insurgency, and asymmetric warfare). SynthActor is generative in the sense that it can automatically respond to simulated or hypothesized conflict situations with behaviors that are consistent with previously specified threat actor world views and technical/aggression capabilities. Threat actor world views are represented in SynthActor as cultural sub-models reflecting the belief systems of the actor (social, political and theological). Threat actor technical/aggression capabilities are represented in SynthActor as knowledge/skill properties of the actor (chemical, nuclear, explosives, cyber and melee). SynthActor enables modeling of threat individuals and groups as active and engaged entities which respond to changing situations, prosecute an agenda, define operational goals, and execute operations to achieve those goals. Violent threat actor properties, as modeled in SynthActor, are aligned with the Multilateral Interoperability Program (MIP) and its Information Model (MIM). MIM modeling enables automated machine sharing of information about violent threat actors and activities. Cyber threat actor properties, as modeled in SynthActor, are aligned with the Department of Homeland Security’s Structured Threat Information Expression (STIX) modeling language. STIX modeling enables automated machine sharing of information about cyber threat actors and activities. SynthActor, with MIM and STIX language extensions, enables automated machine derivation and sharing of detailed information about realistically unfolding threat actor campaigns in adversarial simulation environments.