Army researchers seek ways to teach computers to identify and fix attacks on their own
Posted on 10/10/2013 3:07:15 AM PDT by markomalley
Army researchers seek ways to teach computers to identify and fix attacks on their own
The U.S. Army Research Laboratory has awarded as much as $48 million to researchers trying to build computer-security systems that can identify even the most subtle human-exploiting attacks and respond without human intervention.
The project will focus on detecting specific opponents and types of attack online, measuring the risk of specific activities, and changing the security environment to block or minimize those threats with the least cost and trouble to the victim.
The more difficult part of the research will be to develop models of human behavior that allow security systems decide, accurately and on their own, whether actions by humans are part of an attack (whether the humans involved realize it or not).
The Army Research Lab (ARL) announced Oct. 8 a grant of $23.2 million to fund a five-year cooperative effort among a team of researchers at Penn State University, the University of California, Davis, Univ. California, Riverside and Indiana University. The five-year program comes with the option to extend it to 10 years with the addition of another $25 million in funding.
The goal is to develop and evidence-based set of guidelines and analyses that would allow ARL security specialists to understand the security stance and vulnerability of Department of Defense computers, and build systems that would help mitigate them.
“We’re going to develop a new science of understanding how to make security-relevant decisions in cyberspace,” according to Patrick D. McDaniel, professor of computer science and engineering at Penn State. “Essentially, we’re looking to create predictive models that allow us to make real-time decisions that will lead to mission success.” That means looking at how phone and online networks behave.
As part of that, researchers will need to systematize the criteria and tools used for security analysis, making sure the code detects malicious intrusions rather than legitimate access, all while preserving enough data about any breach for later forensic analysis, according to Alexander Kott, associate director for science and technology at the U.S. Army Research Laboratory.
Identifying whether the behavior of humans is malicious or not is difficult even for other humans, especially when it’s not clear whether users who open a door to attackers knew what they were doing or, conversely, whether the “attackers” are perfectly legitimate and it’s the security monitoring staff who are overreacting.
Twenty-nine percent of attacks tracked in the April 23 2013 Verizon Data Breach Investigations Report could be traced to social-engineering or phishing tactics whose goal is to manipulate humans into giving attackers access to secured systems.
Two-thirds of companies train users about phishing and social engineering, according to a July study from security company Rapid7, but half of the companies conducting the training admitted they weren’t particularly effective.
Seventy-six percent of network intrusions during 2012 used weak or stolen credentials, and two thirds of all breaches remained undetected for months after the initial penetration, according to the Verizon report. It’s not possible to plug all the holes a human can create, but should be possible to identify many of them, as well as the situations in which it is likely a human’s judgment was compromised – possibly before any real damage is done, according to Lorrie Cranor, associate professor of computer science, engineering and public policy at Carnegie Mellon University.
“One of the salient aspects of our proposed research is in the realization that humans are integral to maintaining cybersecurity and to breaches of security,” she said. “Their behavior and cognitive and psychological biases have to be integrated as much as any other component of the system that one is trying to secure.”
Direct activity by humans can be difficult enough to control; mixed with the media through which their communications travel makes it even more difficult to identify the path of an exploit or attack – another of the areas on which the team – consisting of 17 researchers and 30 graduate students in all – will work.
“We will focus on unique ways in which communication networks interact with social networks and information networks,” according to Thomas LaPorta, a professor of computer science and engineering at Penn State. “For example, we can all see how new ways of building social networks through services such as Facebook impact how communication networks like the Internet and cellular phone networks are used. Ultimately we will be able control the behavior of communication networks in a way that allows people to exchange the most important information.”
Yes, hacking is a problem. But how many information leaks are due to hacking and how many are due to trusting the wrong people with access. (Snowden, for example.) By the rules I was trained to neither President Obama nor Vice President Biden would be allowed access to classified information.
President Carter told the world about stealth technology 10 years before it was fielded which greatly reduced the useful life of the F 117. He also got a top Israeli agent executed by mentioning his name at a Washington dinner party.
And, although it wasn’t “classified” information Dianne Feinstein as mayor got several people killed by releasing the information detectives had on a serial killer.
“In 1985, at a press conference, Feinstein revealed details about the hunt for serial killer Richard Ramírez, and in so doing angered detectives by giving away details of his crimes.[4]”
The inner four bits in the diagram are pretty much an OODA loop (Observe, Orient, Decide, Act) but they don’t have the courtesy to use the terms. It’s a standard concept — why not use it? Or do they think they’ve re-invented the wheel?
Idiot f*cks. They couldn’t even stop a muslim coup d’etat when it was climbing down their throats and was screamingly obvious.
The NSA would not allow this to be created even if it were possible.
Skynet!
Why would such agencies like the NSA care about attacks when their main objective is to develop computer intelligence capable of sifting through all of the text of voice and computer communications for their purposes of human control?
Yes, no one is listening to your phone conversations. They are just using a computer to make text of your conversation and computers to examine that text. Once they give those computers names, like HAL, then someone will be listening to your talk to your girlfriend.
The best way to stop phishing attacks is putting smarter people in front of computers (rather than smarter computers in front of stupid people).
Very good. Since I teach computer security, I say as much, but not in so few or succinct words. May I use it?
Also, lazy people. I’ve seen far too many incidents caused by people “too busy” or just careless or in a hurry...
So they click through a couple of pages without reading things when setting some web app, and bang, can’t understand how that “Antivirus 2013” crap got on their computer.
Wish in one hand and crap in the other. See which one gets full first.
Why does anything stupid from president peanut never surprise me.
You are assuming they had any interest in stopping it. Or had orders to do so.
The original binary Badass;
Not really. In fact, I know they knew and were aiding the process, just as they were aiding Osama earlier and knew that Osama/Obama was basically the same thing.
There’s a completely new paradigm of information and information control coming, and they’ll not be able to survive.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.