今日吃瓜

今日吃瓜鈥檚 Dr. Ernesto Damiani Discusses the Need to Leverage AI and Big Data Analytics to Prevent Cyberattacks

As a regional expert in the field of artificial intelligence (AI), Khalifa University鈥檚 Dr. Ernesto Damiani, Professor of Electrical and Computer Engineering and Director of KU鈥檚 Center on Cyber Physical Systems (C2PS) and Senior Director of KU鈥檚 recently launched Artificial Intelligence and Intelligent Systems Institute, was invited to the European Agency for Network and Information Security鈥檚 (ENISA) high-level meeting in Athens in June to discuss the pressing issue of cyber crisis management.

ENISA is the EU agency tasked with establishing a high level of network and information security within the European Union. The meeting in Athens convened AI experts from around the globe to share and debate the best practices for preventing and managing cyber-attacks.

鈥淲hen a security crisis takes place in the physical world some things are certain, like who is threatening you, how and (most of the time) why. This is not the case for cyber-crises, as the hand pointing the gun at you is hidden in the Dark Net and the gun itself may have been planted in your network years before. AI has become crucial for cyber-security,鈥� explained Dr. Damiani.

A good example of a hidden cyber-gun is EternalRocks, a computer worm that infects Microsoft Windows machines, which was originally developed by the United States鈥� National Security Agency (NSA). Once installed on the victim鈥檚 machine through a phishing email, EternalRocks鈥� small infecting module (or carrier) installs Tor, the notorious private network that conceals Internet traffic, to access its hidden servers. The carrier uses Tor to connect to a remote server and downloads an entire Trojan horse that allows the remote attacker to control the victim鈥檚 machine and the networks it is connected to.

Unlike ransomware such as WannaCry, which infected 230,000 computers in May 2017, EternalRocks does no immediate harm to its hosts.

鈥淚t just hides on a disk, renaming itself to escape detection, and then stays dormant for months, even for years, until the time comes for a 鈥渟oft鈥� attack aimed at collecting and stealing information or for a generalized attack to clog the victim鈥檚 network,鈥� said Dr. Damiani.

鈥淪oft鈥� attacks are especially dangerous because they can subtly impair a country鈥檚 key industries and markets, steal relevant information and weaken defenses, while going completely unnoticed.

Traditional security measures, like cyber-walls, are useless once EternalRocks 鈥渟leepers鈥� are installed inside a system鈥檚 defense perimeter. Sleeper modules generate traffic at random intervals, waiting for network activity bursts to hide their footprints. This makes traditional attacks identification techniques based on fixed traffic patterns almost useless against sleepers.

However, some AI models, like Recursive Neural Networks (RNNs), can be equipped with long-term memory to find, remember and link to each other statistically rare events taking place on smartphones, computers and other devices, as well as on the network connecting them. RNNs are trained to match these sequences to 鈥渁ttack graphs鈥�, i.e. event connections that correspond to an attack.

Dr. Damiani and a team of KU researchers from the Center on Cyber-Physical Systems, the Emirates ICT Innovation Center (EBTIC), in collaboration with other UAE-based stakeholders in the telecommunication domain, are developing an AI model that will be able to identify suspicious activities trying to escape detection. The team is automating the set-up and deployment of Big Data pipelines that ingest streams of events (like smart phones鈥� data connections start and end, use of apps, hand-overs from one cell to the other) coming from large-scale mobile network environments comprising millions of smartphones and other devices. These streams are collected using a technique based on a multiple-SIM probe developed by C2PS in collaboration with Purdue University鈥檚 CERIAS center, and then fed into the AI models that identifies suspicious activities.

Cyberattacks are the fastest growing crime in the US, according to a report released last year by Cybersecurity Ventures, and they are increasing in size, sophistication and cost. Cybersecurity Ventures predicts that cybercrime will cost the world .

Using data analytics and AI to prevent cyber threats is critical for achieving information security and better cyber resilience. This capability is critical as we shift from merely reacting to incidents to predicting, understanding and responding to complex events.

Erica Solomon
Senior Editor
18 July 2019