The rise of the machines = Big Data + Machine Learning

I recently researched the role of big data in the cybersecurity field and I found an interesting project being developed by Lockheed Martin and The Oak Ridge National Lab.

the-terminator-3-rise-of-the-machines-movie-wallpaperTo provide you with some situational awareness the current state of cybersecurity is going through some challenges such as:

  • Incident detection through signature based attacks
  • Current solution do not scale up well with big data generated from different sources
  • Huge noise coming from the monitoring tools ( needle in the haystack)
  • Aggregation and correlation but lack of analysis ( human analysis is difficult)

The limitations created by the current state of the technology used in cybersecurity,

  • Difficult to detect unknow attacks
  • Limited capabilities to analyze large sets of data
  • High rate of false positives generate by current signatures
  • No capabilities to model attacker behaviour to identify the evolution of the attacks
  • Lack of capabilities to adapt the security posture of an organization (static security)

This current landscape has fostered the raise and merge of 2 very well discussed and evolving fields in computing such as big data and machine learning. These 2 fields have merged to shape the next generation of cybersecurity defenses to protect the private and public sector from cyber attacks. A future not very distant in which many cyber attacsk will be detected automatically through anticipation and data predictions coming from machine learning algorithms and data from current perimetral defenses such as IPS, IDS, NIDS, SIEM and logs that make the daily life of analysts very difficult.

To get an idea of current research and real use cases beyond the theory I research some projects and I found ORCA : Advanced Analytics for Cyber security. This is a very interesting project where they are researching some of the current challenges in the industry. You can find examples and videos where through big data, machine learning and their ORCA framework they harness the power of these 2 field to provide a solution to different scenarios such as,

  • Zero – Day Network Intrusion Detection
  • Network data discovering
  • Detection of malicious behaviour in critical infrastructure systems
  • Alert correlation and visualization
  • Investigation Automation
  • APT email detection

The most interesting situations are Zero – day NIDS, Network discovery and Investigation Automation. In the first scenario you can see the engine alerting on a variation of a new attack. The second scenario is one in which you want to understand the value of your assets and where they sit within your network, the last scenario is definitively impressive in which they are capable of extracting threat intelligence and feedback the organization.

While our cyber defense capabilities evolve using this sort of artificial intelligence I am wondering how it will evolve on the other side of the fence as an attacker…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s