Cyber crimes and attacks continue to expand exponentially and involving more and more advanced and sophisticated techniques to infiltrate corporate networks and enterprise systems. Types of attacks include advanced malware, zero day attacks and advanced persistent threats. Flawed software, the root of most program errors and security vulnerabilities, is a critical enabler of cyber-crime. Estimated to cost the global economy $445 billion per year, cyber-crime impacts individuals, businesses, and national economies, and it causes devastating consequences for those affected.
Cybersecurity solutions have traditionally been based on signatures, relying on matches to patterns identified with previously identified malware to capture attacks in real time. Intrusion Prevention System (IPS) and Next-generation Firewall (NGFW) perimeter security solutions inspect network traffic for matches with a signature that has been created in response to analysis of specific malware samples. However, Minor changes to malware reduce the IPS and NGFW efficacy.
However, new methods identify the malware through the observation of their abnormal, post-infection, behavior. Identifying abnormal behavior requires primarily the capability of first identifying what’s normal and then use rigorous analytical methods – data science – to identify anomalies. The fundamental transition from signatures to behavior for malware identification is the most important enabler of applying data science to cybersecurity.
Big data analytics has the ability to gather massive amounts of digital information to analyze, visualize and draw insights that can make it possible to predict and stop cyber attacks. Research firm Gartner said that big data analytics will play a crucial role in detecting crime and security infractions.
“Automated cybersecurity is the future,” predicts Mike Walker, a computer scientist at Defense Advanced Research Projects Agency who specializes in machine learning. “Imagine a future where you have the job of managing a network, and the scenario where a A.I. monitors security of your network.” One day you might receive an urgent text from that A.I. system: I detected a zero-day flaw used to breach a work station. I wrote and deployed a patch in 20 seconds, could you please come help? “It may be hard to believe, but I believe it is coming,” Walker said. Walker presented the results of DARPA’s recent Grand Cyber Challenge, which he launched in 2013. The event offered proof that machines could hunt and patch bugs on their own, a revelation that could prove revolutionary.
IARPA’s CAUSE program aims to develop and test new automated methods that forecast and detect cyber-attacks significantly earlier than existing methods. Leidos has won a prime contract from the Intelligence Advanced Research Projects Activity (IARPA) to research and develop multi-disciplinary methods that provide accurate and timely cyberattack forecasts under the Cyberattack Automated Unconventional Sensor Environment (CAUSE) program.
IDST Monthly Access Membership Required
You must be a IDST Monthly Access member to access this content.