Sandia National Labs FY20 LDRD Annual Report

FY20 ANNUAL REPORT

Automated threat modeling for cyber security analytics and emulation. Current state-of-the- art in automated adversary emulation relies on endpoint or network actuation. This Sandia project, done collaboratively with Georgia Tech and Purdue University, created new design tools enabling designers to efficiently generate detailed models of benign and malicious human actors at scale. The resulting Emulytics platform enables automated human actor traffic generation by taking advanced persistent threat actions as inputs and generating automated threat responses. The threat modeling capability includes application-layer artifacts, allowing for selection and design time experimentation. The traffic generation capability captures, encodes, and leverages user activities to develop highly faithful user models. This allows for encoding of benign and malicious traffic and provides a mechanism to derive uniquely identifiable models from a base dataset. Actors were derived from well-described profiles of typical human behaviors and assembled into a library of highly mutable and composable benign and malicious artifacts. This novel Emulytics platform allows for experimenting with human and non-human threats. (PI: Vince Urias) Investigating the Arctic tipping points triggering global change. Tipping events, or small magnitude changes with state-altering effects, are anticipated in the Arctic with the potential to disrupt the global Earth system. By leveraging Sandia’s unique data analytics and climate modeling resources, this team developed a framework of computational methods with uncertainty quantification to enable Arctic-focused tipping event prediction. As a first step in quantifying uncertainties in simulated Arctic climate response, Sandia researchers performed a global sensitivity analysis (GSA) on more than 100 perturbed simulation ensembles of one hundred years on 12 Arctic quantities of interest using a fully coupled ultralow-resolution configuration of the Energy Exascale Earth System Model (E3SM). The parameter variations showed significant impact on the Arctic climate state with the largest impact coming from atmospheric parameters related to cloud parameterizations. In addition, significant interactions between parameters from the atmosphere, sea ice, and ocean components of E3SM were found. To the team’s knowledge, this is the first GSA involving the fully coupled E3SM. The results can be used to inform model tuning work as well as more targeted studies at higher resolution. Sandia researchers also trained machine learning models (MLMs) on observational and simulation data from five historical ensembles generated by the E3SM to elucidate the most influential factors in predicting September average Arctic sea ice extent and investigate differences between observed and simulation data. MLMs can help illuminate differences in sea ice response between observational data and simulations in order to guide improvements in sea ice prediction. PhD candidate and year-round intern Jake Nichol, who collaborated with the LDRD team, won the award

for best student presentation at the June 2020 European Seminar on Computing (ESCO) workshop for his presentation on this work. (PI: Kara Peterson) Watch the YouTube video.

Ultra-low atmosphere grid (left) and ultralow ocean grid (right).

51

LABORATORY DIRECTED RESEARCH & DEVELOPMENT