By: Enoch Wang RIG Inc Intern Researcher

Cybersecurity has proven itself to be a necessary practice in every industry. Everyday the effect of cyberattacks becomes more prevalent in our lives with notable attacks most recently being the SolarWinds attack in December 2020 and the Ransomware Attack on the Colonial Pipeline last May. The problem becomes further complicated by the high turnover rate of cybersecurity professionals indicating that the skills required are not easily acquired [2]. Fortunately, experts have begun looking towards AI and ML to assist in the scalability of analysis and incident response.

 

Every August in Las Vegas an unlikely group of computer security enthusiasts attend the DEF CON conference. The conference hosts a competition known as DARPA’s Grand Cyber Challenge. Teams are tasked with building a completely autonomous system capable of competing in CTF (Capture the Flag) and Reverse Engineering challenges with the winning team being awarded 2 million dollars [1]. The competing systems attempt to find vulnerabilities within programs and develop patches for any found. The efficiency of the patch is then evaluated by a DARPA moderator system to ensure the best solution is awarded the most points. To make things more complicated for the competing AI, solutions are published after each round for competing AI to use as future solutions or use as analysis for vulnerabilities.

Events such as the Grand Cyber Challenge assist in the growth of standardized actions with solutions designated by AI being uploaded to the Global Database for all to use; however, that is not the only way AI contributes to the Cybersecurity field. Intrusion Detection Systems or IDS are monitoring systems that detects suspicious activities and generates alerts. An IDS is typically placed at key points within a network to detect malware signatures; however, with the integration of AI, an IDS is capable of so much more.  By training models capable of monitoring large quantities of data streams to identify standard behavior and abnormal behavior [3], an IDS may identify threats that would previously go undetected. These systems are areas where RIG’s Dynamic Trust and NIMBUS cloud could be applied to assist the cybersecurity community. Dynamic Trust provides a model where agents are evaluated within a multi-agent network. A network may contain a series of IDS systems capable of feeding behavioral meta data back to the NIMBUS cloud which processes and evaluates the trust level of a behavior. Efficiently evaluating the trust level of a behavior may depend on a number of factors such as the IDS, where the information was gathered from, the behavior in question and any other meta data already stored in the NIMBUS, such as signatures from a known attack. There is still much more work to be done in order to implement all the necessary systems required to more safely secure our industries but with the help of Dynamic Trust and AI that future may be sooner than we think.

 

 

References

[1]       Brumley, D. A. V. I. D. “The cyber grand challenge and the future of cyber-autonomy.” USENIX Login 43.2 (2018): 6-9.

[2]        Corbin, Kenneth. “Cybersecurity Pros in High Demand, Highly Paid and Highly Selective.” InsiderPro, CIO, 8 Aug. 2013, www.idginsiderpro.com/article/2383451/cybersecurity-pros-in-high-demand-highly-paid-and-highly-selective.html.

[3]        Bresniker, Kirk, et al. “Grand challenge: Applying artificial intelligence and machine learning to cybersecurity.” Computer 52.12 (2019): 45-52.