DARPA Announces SMOKE Program
US military network-security researchers have launched a new program to discover more about the tactics of malicious hackers.
The Signature Management Using Operational Knowledge and Environments (SMOKE) program was announced on Tuesday in a broad agency statement put out by officials at the US Defense Advanced Research Projects Agency (DARPA) in Arlington, Virginia.
Signatures are patterns that describe the way in which an organization performs cyber operations.
SMOKE is asking the computer industry to develop methods to identify, model, and mitigate the typical behaviors of threat actors. The aim of the program is to develop technologies to generate evasive cyber infrastructure that accelerates red team cyber operations (CO).
The data-driven tools will achieve this goal through automated threat-informed planning, emulation, and attribution risk assessment.
DARPA stated: "In a complementary activity, SMOKE will develop data-driven tools to automate the discovery of distinguishable patterns of sophisticated cyber threat infrastructure (i.e., signatures)."
The agency outlined two key technical objectives of the project. The first is to include informing operators of adversary signatures as they prepare cyber infrastructure in real time, and the second is to find a way to provide attribution risk assessments for planning and surveillance of the cyber