Researchers Say Machine Learning Boosts Defense Against Multi-Stage Cyber Attacks

Researchers Say Machine Learning Boosts Defense Against Multi-Stage Cyber Attacks

2021-02-08 14:25:35

A machine learning algorithm can provide organizations with a powerful and cost-effective tool to defend against attacks on vulnerable computer networks and cyber infrastructure, known as zero-day attacks, researchers said.

These zero-day attacks can quickly overwhelm traditional defenses, resulting in billions of dollars in damage and weeks of manual patching to support post-intrusion systems. Typical responses to an attack can last up to 15 days, the researchers found.

The Penn State-led team of researchers has created an automatic adaptive cyber defense against these attacks using a machine learning approach based on a technique known as reinforcement learning.

According to Minghui Zhu, associate professor of electrical engineering and computer science, the team developed this machine learning-driven method to address what it saw as the current limitations in a method to detect and respond to cyber attacks, which will become moving target defense or MTD. mentioned.e and Institute for Computational and Data Sciences together.

"These adaptive manual goal defense techniques can dynamically and proactively reconfigure the defenses deployed, which can increase the uncertainty and complexity for attackers during vulnerability windows," said Zhu. “Existing MTD techniques have two limitations, however. First, manual selection can be very time consuming. Second, manually selected configurations may not be the most cost-effective way to go about this. "

Responses that last for days can use up significant funds and resources for an organization, according to the researchers, which their findings in the ACM transactions on privacy and security.

Zhu said zero-day attacks are among the most dangerous threats to computer systems and can cause serious and lasting damage. For example, the WannaCry ransomware attack, which occurred in May 2017, targeted more than 200,000 Windows computers in 150 countries, causing an estimated $ 4 billion to $ 8 billion in damage.

The team's approach is based on learning from reinforcement, which is one way in which a decision maker can learn to make the right choices by selecting actions that can maximize rewards by balancing exploitation – drawing on past experiences – and exploration – trying new actions, said Peng Liu, the Raymond G. Tronzo, MD professor of cybersecurity at the College of Information Science and Technology.

"The decision maker learns optimal policies or actions through continuous interactions with an underlying environment, which is partially unknown," said Liu. "Reinforcement learning is thus particularly useful as a defense against zero-day attacks when critical information – the targets of the attacks and the locations of the vulnerabilities – is not available."

The researchers tested their reinforcement learning algorithm in a network of 10 machines. They decided that while a 10 computer network may not seem very large, it is actually more than robust enough for the test. The installation also included web and mail servers, a gateway server, SQL server, DNS server and admin server. They installed a firewall to prevent access to the internal hosts. They also selected vulnerabilities that could yield multiple attack scenarios for testing.

The researchers acknowledge that there is room for further improvement in their approach. For example, their algorithm is based on model-free reinforcement learning, which requires a large amount of data or a large number of iterations to learn relatively good defense policy. In the future, they want to integrate model-based approaches to accelerate the learning process.

Zhu and Liu also worked with Zhisheng Hu, a former graduate student in electrical engineering and computer science and now a senior security scientist at Baidu Security in Silicon Valley; Jun Xu, former doctoral student in information sciences and technology, and now assistant professor, Stevens Institute of Technology; and Ping Chen, former postdoctoral fellow in information sciences and technology, and now security architect of American Technologies.

The Department of Defense Multidisciplinary University Research Initiative (MURI) award supported the work.

Study: Adaptive cyber defense against multi-stage attacks using learning-based POMDP


Interested in Ai?

Receive automatic alerts on this topic.


Insurance News