Jump to content

User:Crtwiki/sandbox

From Wikipedia, the free encyclopedia

Computational Red Teaming (CRT) is the science for conducting effective Red Teaming (RT) exercises. In contrast to RT, which is a decision-aiding art traditionally used (by military) to play the devil’s advocate against one’s own concepts, plans, strategies, or system to “test and evaluate” them to improve decision making, CRT is a decision-support science that studies the theoretical foundation, methodology and tools for conducting i.e. planning, executing, analyzing and documenting RT processes in a systemic and computable way. Although Computational Red Teaming often involves the use of computers, the term Computational does not necessary means computer-based. Rather, it means conducting RT in a systemic and computable way.

History

[edit]

The term Computational Red Teaming was first coined by Yang, Abbass et al. in 2005 \cite{} to emphasize the computation side of RT. Following its original use, there have been many competing descriptors including Automated Red Teaming \cite{}, Auto Red Teaming \cite{}, Assisted Red Teaming \cite{} and Computerised Red Teaming \cite{}. As with any new field of research, there is debate as to the precise understanding of the term.

Only in 2011 Defence Science and Technology Organisation (DSTO) of Australia published a technical reports on Computational Red Teaming namely “Moving Forward with Computational Red Teaming” with an attempt to clarify the Computational Red Teaming concept \cite{}.

In the same year, the first scientific article on Computational Red Teaming was only published by Hussein A. Abbass et al. on IEEE Computational Intelligence Magazine \cite{}.

In 2012, DSTO Australia published the second report on Computational Red Teaming entitled “Future Proofing Computational Red Teaming”.

In 2014, the first complete book about Computational Red Teaming entitled “Computational Red Teaming: Risk Analytics of Big-Data-to-Decisions Intelligent Systems” was published by Springer \cite{}.

Definitions

[edit]

There has not been an official definition of CRT. The following definitions are given by DSTO Australia:

Definition 1: Computational Red Teaming is a set of methodologies and computational models that augment a human-based RT exercise or perform a computer-based, more abstract RT exercise \cite{}.

Definition 2: Computational Red Teaming is a framework built on set of computational models that can assist a human-based RT exercise smartly and responsively \cite{}.

Definition 3: Computational Red Teaming is the science concerned with the provision of analytic tools, in support to Red Teaming, for the purposes of improving the outcome of its application \cite{}.

Comments: CRT is a philosophical approach to conduct RT exercises in a systemic and computable manner rather then a specific framework or a set of methodologies and computational models. CRT interests in the frameworks, methodologies and models that can be used to conduct effective RT exercises not the final outcomes of the exercises. Some companies see CRT as an approach to achieve a desired outcome e.g. penetrating a security system. This is a very narrow vision of CRT.

CRT Tools

[edit]

Two important aspects of RT that have been explored in CRT are risk analytics and deliberate challenge analytics. As a result, CRT tools that have been built in general fall into two groups: risk analytics group and challenge analytics group.

Risk analytics tools: Multi-Objective Based Risk Assessment (MEBRA): Single-Objective Based Risk Assessment (SEBRA):

Challenge analytics tools: Computational Scenario-Based Capability Planning (CSCP): Adversarial Evolution (AE):

Blue-red simulation: blue-red simulation is a special CRT tool that does not completely fall into one of the above categories. Blue-red simulation can be human-based and computer-based where the computer-based is often built on multi-agent simulation systems such as EINSTein \cite{}, ISAAC \cite{}, CROCADILE \cite{} and WISDOM \cite{}. Among the existing tools, WISDOM is the most effective one from the RT point of view as it can provide a certain level of analysis that facilitate a understanding of simulated situation from the risk and challenge point of view.

CRT facts

[edit]

CRT in Air Traffic Management

CRT in Network Security

CRT resources (people, links, books, papers)

[edit]