Army Researching Network System That Defends Against Social Engineering

Nerval's Lobster writes "The U.S. Army Research Laboratory has awarded as much as $48 million to researchers trying to build computer-security systems that can identify even the most subtle human-exploit attacks and respond without human intervention. The more difficult part of the research will be to develop models of human behavior that allow security systems decide, accurately and on their own, whether actions by humans are part of an attack (whether the humans involved realize it or not). The Army Research Lab (ARL) announced Oct. 8 a grant of $23.2 million to fund a five-year cooperative effort among a team of researchers at Penn State University, the University of California, Davis, Univ. California, Riverside and Indiana University. The five-year program comes with the option to extend it to 10 years with the addition of another $25 million in funding. As part of the project, researchers will need to systematize the criteria and tools used for security analysis, making sure the code detects malicious intrusions rather than legitimate access, all while preserving enough data about any breach for later forensic analysis, according to Alexander Kott, associate director for science and technology at the U.S. Army Research Laboratory. Identifying whether the behavior of humans is malicious or not is difficult even for other humans, especially when it's not clear whether users who open a door to attackers knew what they were doing or, conversely, whether the "attackers" are perfectly legitimate and it's the security monitoring staff who are overreacting. Twenty-nine percent of attacks tracked in the April 23 2013 Verizon Data Breach Investigations Report could be traced to social-engineering or phishing tactics whose goal is to manipulate humans into giving attackers access to secured systems."

Re:Database checklist sold as AI?

[VortexCortex]

No no, an "Expert System" isn't really good AI. What you want is an expert system with a bunch of weights hooked up in a feed forward network. Seems like they want 2 outputs: Shady or not, and Purposeful or not. Get a few million of those n.nets hooked up, axons all randomized. Now, to train it, all you need to do is have folks be going about their business normally, some being shady, some being told to do shady stuff but not doing it on purpose. The ones that output the correct responses you digitize and serialize their axon weights into a binary genome, and breed: Copy a run of bits from mom's or dad's genomes into the kid and swap randomly between them, but not so often you get a no solid chunks; Also, introduce a random bit flip every once in a while. Instantiate a new batch of n.nets by deserializing the child genomes and repeat the process until the accuracy is above some threshold. Now, we shouldn't use back-propagation here because that presumes we know what combinations of behaviors are the red-flags. If you have a known training set to converge upon, then it can be subverted. Instead use a decide by committee approach with static "grandfathered in" neural nets competing with evolving lineages so it can adapt to new threats. It's also pretty easy to add new inputs to the system, just zero the axon strengths for the new input neurons' connections, and keep on trucking.

Of course, this is the army, so we're talking lowest bidder.... A guy like Snowden gets access and since MS whined about not winning bids because "it's not POSIX, waah", I'm sure there's a bunch of compromisable systems they can subvert to mask or deletes his logs / inputs and no bells and whistles go off. So, it'll keep the honest folks honest and the worried folks sated, and the crackers cracking. It's the difference between a motion detector, and a motion detector with duct-tape on the sensor.

Truly, in the Age of Information it's the hackers who shall inherit the earth. Let me put it another way: Black markets exist for exploit vectors for every known OS. Game over, you humans couldn't write secure code to save your lives!