REDCORE, an RDT&E Enterprise Defensive Cyber Operation Response Element, is developing operational concepts and capabilities tailored to the unique test environment at Edwards AFB. Operation Unconquered Artemis (OUA) leverages artificial intelligence (AI) to protect and secure critical test data, aligning with the DoD Data, Analytics, and Artificial Intelligence Adoption Strategy and USAF's AF-25-1. OUA exemplifies the Human-Machine Teaming (HMT) concept described in AF-25-1 by augmenting cyber analyst capabilities, enabling faster operational decisions and reducing manual workload.
This presentation will detail AI models designed to detect command-and-control (C2) traffic, Windows event log anomalies, and data exfiltration, significantly enhancing threat detection and response capabilities within the Edwards AFB operational environment. Specific models include: Artemis Aurora Delta, which identifies Domain Generation Algorithms (DGAs) that generate C2 traffic by employing a hybrid architecture that leverages the strengths of transformer-based contextual embeddings, local pattern extraction, and sequential modeling; Artemis Core Alpha, which classifies anomalies in Windows event logs for production servers using a sparse autoencoder; and Artemis Rose Bravo, which identifies malicious DNS data exfiltration by focusing on subdomain analysis with an LSTM network.
By integrating AI capabilities into our operational capabilities, REDCORE is analyzing 1,401,610,723 DNS domains per week, significantly enhancing lethality in detecting covert channels and data exfiltration. Additionally, production servers were found to be generating over 61 million event logs every 3 days, far too many for a human analyst to review. Artemis Core Alpha allows analysts and server operators to efficiently identify anomalies within the production environment, freeing specialists to address other threats present in the complex infrastructure.
Attendees will gain insights into the practical application of AI for enhanced cybersecurity in a complex operational environment, demonstrating a scalable approach to improving readiness and efficiency in the digital battlespace. We will discuss the challenges and lessons learned in operationalizing these AI models, providing valuable guidance for others seeking to implement similar solutions.