Autonomous Cyber Analytics and Anomaly Detection

Machine Learning (ML) holds a pivotal position in the realm of cyber defense, particularly given the expanding scale of networks, the proliferation of software and malware, and the deluge of data they generate. One of the paramount challenges faced by cyber defenders is the ability to differentiate between malicious anomalies and benign yet uncommon activities. This task has taken on heightened significance as the attack surfaces within large enterprise networks continue to expand.

In this context, anomaly detection systems grounded in statistical and large-scale analysis/modeling of user and device behavior have emerged as indispensable tools for identifying and mitigating malicious activities. The overarching objective of this project is to pioneer innovative ML modeling techniques, focusing on specific facets or attributes of netflow and/or host activity, as well as software/malware data. The ultimate aim is to gain a deeper understanding of how users and computers typically operate within these networks. By the culmination of this endeavor, the developed tool will significantly enhance network awareness, paving the way for the integration of state-of-the-art autonomous anomaly and intrusion detection capabilities.

Selected Past Student Projects:

• Semi-supervised Classification of Malware Families Under Extreme Class Imbalance via Hierarchical Non-Negative Matrix Factorization with Automatic Model Selection [Paper]
• MalwareDNA: Simultaneous Classification of Malware, Malware Families, and Novel Malware [Paper]
• General-Purpose Unsupervised Cyber Anomaly Detection via Non-Negative Tensor Factorization [Paper]
• Electrical Grid Anomaly Detection via Tensor Decomposition [Paper]
• Detecting Anomalies using Overlapping Electrical Measurements in Smart Power Grids [Paper]
• pyCP_APR, a Python library for tensor decomposition and anomaly detection that is developed as part of the R&D 100 award winning SmartTensors project [Code]
• Multi-Dimensional Anomalous Entity Detection via Poisson Tensor Factorization [Paper]
• Graph link prediction in computer networks using Poisson matrix factorisation [Paper]
• Hyperspectral Anomaly Detection using Neural Networks

Desired Qualifications:

Projects can span a spectrum from statistical and machine learning research to tool development, tailored to align with the candidate's unique skill sets and interests.

• Strong programming and software development experience in Python or R.
• Profound proficiency in Machine Learning (ML) concepts and the entire ML pipeline, including exploratory data analysis, data pre-processing, and the development of intelligent models. Candidates with experience in Python, for example, demonstrated experience in ML pipeline development showcasing adeptness with key Python packages such as Pandas, PyTorch, TensorFlow, Matplotlib, Numpy, and CuPy.
• Highly skilled in navigating Linux operating systems, with advanced proficiency in terminal usage.
• Background in large-scale data analysis pipelines such as distributed and parallel data processing. Example Python packages include mpi4py and Joblib.
• Proficient in both hardware and software aspects of cybersecurity principles.
• Willingness and ambition to learn advanced research-level topics at a fast pace and immediately contribute to the research and national security communities.
• Strong communication and written skills.
• (Bonus) Background in Statistics.
• (Bonus) Experience in using High Performance Computing (HPC) systems.
• (Bonus) Experience in writing scientific papers in LaTeX.
• (Bonus) Experience in malware reverse engineering.

Your Role in the Project:

• Creating innovative concepts and crafting solutions for anomaly detection, tailored to address challenges within the realm of national security.
• Develop, test, and benchmark proof of concept code.
• Develop ML and data analysis pipelines for large-scale data utilizing high performance computing resources and emerging computing technologies.
• Creating well-designed presentations that are informative to a wide audience and succinctly communicate technological value propositions.
• Performing extensive literature reviews of cutting-edge theoretical and applied anomaly detection work.
• Write a paper and/or compile a poster publication at the end of the project.

LA-UR-23-30455

Advanced Cryptography

Theoretical cryptography has evolved enormously over the last decade with the development of fully homomorphic encryption, secure multi-party computation, zero-knowledge proofs, post-quantum cryptography. The general thrust of these cutting-edge techniques is to enable the ability to blindly compute on encrypted data without knowing the key, remotely verifying computation without revealing sensitive information, and designing resilience to cryptanalytic attacks mounted by quantum computers. LANL is interested in identifying and applying the enormous untapped potential for the application of these advances to ensure the security and robustness of our nation’s critical infrastructure and national security capabilities.

Students working in this topic area will be exposed to the wide applicability of these techniques, employ cryptographic results to unsolved cyber-security challenges, and then engineer proof-of-concept software tooling that demonstrably shows security improvements over modern systems. Potential areas of impact include, but are certainly not limited to, assured artificial intelligence and machine learning, nuclear verification, supply chain integrity, and remotely verifiable information provenance.

Selected Past Student Projects:

• zkSNARKs for Verifiable, Privacy Preserving, and Federated Neural Network Training [Slides]
• Secure System Composition and Type Checking using Cryptographic Proofs [Video]
• Zero-knowledge Proofs for Certified Robustness of Machine Learning Models
• Authenticating Internet Routing Using Zero-knowledge Proofs
• Zero-Knowledge Proofs For (Some) Probabilistic Computations Using Quasi-Randomness [Paper]
• Cryptographically Robust and Assured AI/ML
• Cryptographic Structure of Optical Physical Unclonable Functions [Preprint]

Desired Qualifications:

• Strong programming and implementation skills (Rust, Haskell, or C++ preferred)
• Exceptionally strong skills in pure mathematics, logic, and/or computability
• Strong background in a subset of algorithms, formal methods, computational complexity, and other theoretical computer science topics
• Cyber security mindset that spans hardware, software, and/or distributed systems
• Willingness and ambition to learn advanced research-level topics at a fast pace and immediately contribute to the research and national security communities
• (Bonus) Prior exposure to theoretical and/or applied cryptography
• (Bonus) Prior exposure to at least one alternative discipline such as machine learning, econometrics, microbiology, materials science, or astrophysics

Your Role in the Project:

• Designing and developing novel concepts for cryptographic protocols or solutions for national security driven challenges
• Develop, test, and benchmark proof of concept code
• Constructing proofs of correctness or security, ideally using automated means (project dependent)
• Creating well-designed presentations that are informative to a wide audience and succinctly communicate technological value propositions
• Performing extensive literature reviews of cutting-edge theoretical and applied cryptography work

LA-UR-23-30455

Formal Methods & Verification

The cybersecurity industry has developed many products and services that attempt to deal with cyber threats after the fact through extensive system monitoring and use of software patches when vulnerabilities are discovered. While useful in practice, this is wildly insufficient for critical systems that are instrumental to national security, as such systems are targets for sophisticated threat actors such as nation states that can employ multiple zero-days. Instead, we need higher degrees of assurance to know that our solutions will absolutely function correctly in every scenario. Formal methods can provide this by using logic-based approaches and theorem proving techniques to prove that software and hardware solutions are completely free from implementation or security concerns.

Students performing formal methods and verification research will be expected to learn how to use formal verification tools (such as theorem provers or model checkers) to design and develop systems or protocols that have provable security guarantees. Projects will ideally focus on novel concepts and require the invention of new techniques, clever mixtures of multiple existing technologies, or investigating applications of existing techniques in under-represented or underdeveloped areas.

Selected Past Student Projects:

• Formally Verified Protocol Gateway Converters using Rust and Crux
• Secure System Composition and Type Checking using Cryptographic Proofs [Video]
• Software Verification and seL4: Implementing Untrusted Code in a Trusted Environment
• Zero-knowledge Proofs for Certified Robustness of Machine Learning Models

Desired Qualifications:

• Strong programming and prototyping skills (Rust, Haskell, or Agda preferred)
• Familiarity with proof assistants (e.g. Coq), automated theorem provers (Z3, Lean), and/or model checkers (e.g. FDR, SPIN)
• Exceptionally strong skills in pure mathematics, programming language theory, type theory, logic, and/or computability
• Strong background in a subset of algorithms, formal methods, computational complexity, and other theoretical computer science topics
• Cyber security mindset that spans hardware, software, and/or distributed systems.
• Willingness and ambition to learn advanced research-level topics at a fast pace and immediately contribute to the research and national security communities

Your Role in the Project:

• Designing and developing novel concepts for provably secure systems or solutions for national security driven challenges.
• Develop, test, and benchmark proof of concept codea
• Constructing proofs of correctness or security, ideally using automated means
• Creating well-designed presentations that are informative to a wide audience and succinctly communicate technological value propositions

LA-UR-23-30455

Cyber-Physical System & Network Security

Cyber-physical systems (CPS) pose a number of unique challenges both through their interactions with physical processes and the diverse environments and requirements they operate under. CPSs can have lifetimes measured in decades not years, and whether managing power flow in an electrical grid or trimming ailerons on an aircraft, these unique and complex systems often provide critical services that cannot be disrupted. As these devices become increasingly connected and accessible, we have to develop new techniques and capabilities to protect these devices, and to secure and manage the networks they rely on.

Because of the diversity of cyber-physical systems, there is no single answer to what security looks like. For some devices the focus may be on hardware security, seeking to harden devices against physical access by developing better hardware security tokens. For others it may be using programmable networking capabilities such as P4 to manage systems with custom network protocols, or to modify existing protocols to augment them with new capabilities. The thread that unites this effort is that it is focused on developing practical solutions that are interoperable with existing CPSs and networks to improve their resilience to a variety of different threats.

Selected Past Student Projects:

• Evaluating Network Resilience via Adversarial Abstraction
• Accelerated Network Environments for AI Cyber Arms Races
• Electrical Grid Anomaly Detection via Tensor Decomposition [Paper]
• Detecting Anomalies using Overlapping Electrical Measurements in Smart Power Grids [Paper]
• Ring Oscillator PUF Design for Electrical Grid Protection

Desired Qualifications:

• Strong programming and implementation skills (C, C++, or Rust preferred)
• Experience working with cyber-physical or embedded systems
• Experience working with communication protocols (e.g. network programming, packet processing, etc.)
• Prior experience with FPGAs and hardware description languages (such as VHDL or Verilog)
• (Bonus) Machine learning/statistics
• (Bonus) Power Grid infrastructure and operations

Your Role in the Project:

• Researching and developing novel solutions to improve cybersecurity for critical infrastructure systems & networks.
• Developing machine learning models that are robust to adversarial and/or privacy attacks, or developing novel adversarial or privacy attacks
• Develop proof-of-concept demonstrations and evaluate them in a lab environment or with data collected from operational systems.
• Share the results of your work with others via presentation, poster, or publication.

LA-UR-23-30455

Artificial Intelligence/Machine Learning Assurance & Security

Artificial Intelligence is playing an increasingly important role across all aspects of the security and defense sector. From the vast footprint of critical analysis tools which use machine-learning models to the huge potential for AI to assist in attacking all kinds of infrastructure and sensor data streams, there is a huge need to understand security constraints around AI. To prepare for this shifting reality, we need to vastly scale up our AI security footprint in domains of importance to the Los Alamos mission. This means that our team spans a wide variety of projects, from ML robustness theory, to cryptography in ML, to tamper resistance, to synthetic data generation and detection, and many forms of AI red-teaming.

This project will involve working with our team to expand these capabilities and may involve using AI to do detailed file analysis, developing new applications for diffusion models for synthetic data generation and detection, writing proofs to validate computations, uncertainty quantification in specific ML applications, analyzing robustness of time-series classification, and forming strategies to mitigate vulnerabilities in mission critical analysis pipelines. The goal of this project is to simultaneously gain capabilities related to specific missions while also growing your knowledge of AI risk management in a very quickly evolving security environment.

Your work will be structured around learning a particular machine-learning application and reproducing a particular result, researching the security and robustness implications of the models that were used to obtain that result, and then leveraging tools to mitigate and quantify any vulnerability in that pipeline. You will be provided with data, guidance, and cutting edge theoretical robustness results and techniques which you can leverage to accomplish these goals.

Selected Past Student Projects:

• LCANets++: Robust Audio Classification using Multi-layer Neural Networks with Lateral Competition [Paper]
• An Exact Kernel Equivalence for Finite Classification Models [Paper]
• If you’ve trained one you’ve trained them all: inter-architecture similarity increases with robustness [Paper]
• Sparse Coding for Depth Completion on Autonomous Vehicles
• Detecting Deepfakes with VQVAEs [Paper]
• Improving Robustness to Audio Perturbations Using Biological Receptive Fields
• zkSNARKs for Verifiable, Privacy Preserving, and Federated Neural Network Training [Paper]
• Zero-knowledge Proofs for Certified Robustness of Machine Learning Models
• Cryptographically Robust and Assured AI/ML
• Evaluating the Adversarial Robustness of Energy-Based Models Trained With Equilibrium Propagation
• Sparse-Guard: Sparse Coding-Based Defense against Model Inversion Attacks
• LCANets: Lateral Competition Improves Robustness Against Corruption and Attack [Paper]
• LCANets++: Robust Audio Classification using Multi-layer Neural Networks with Lateral Competition [Paper]

Desired Qualifications:

• Proficiency in programming (Python preferred)
• Proficiency with machine learning frameworks (PyTorch preferred)
• Basic knowledge of machine learning and statistics
• Interest or knowledge in developing adversarial defenses and/or attacks
• (Bonus) Experience writing proofs
• (Bonus) Knowledge of high performance computing
• (Bonus) Background in acoustics
• (Bonus) Interest or knowledge in privacy attacks
• (Bonus) Interest in bio-inspired neural networks
• (Bonus) Experience with signal processing and/or neural computing
• (Bonus) Knowledge of nuclear facility monitoring and/or neutron coincidence/multiplicity counting

Your Role in the Project

Depending on the background of the student, this project can be focused on:

• Kernel based approaches for evaluating the contribution of individual training data to model predictions
• Robustness evaluation for machine-learning on time-series data in the application area of nuclear nonproliferation
• Cryptographic robustness certification for ML models
• Red-Teaming robustness certification techniques
• Geometric analysis for detecting and understanding adversarial attacks and targeted deep fakes.

LA-UR-23-30455