by Kris Osborn - Warrior Maven
The Pentagon is working with major industry tech developers to use artificial intelligence and cloud computing to detect enemy cyberattacks buried or otherwise obscured beneath encrypted web traffic.
Algorithms calling upon advanced AI are being used to quickly access vast pools of data to perform real-time analytics designed to detect patterns and anomalies associated with malware.
“Every day, the Defense Department thwarts an estimated 36 million e-mails containing malware, viruses and phishing schemes from hackers, terrorists and foreign adversaries trying to gain unauthorized access to military systems,” Pentagon spokeswoman Heather Babb told Warrior Maven.
One particular technique, now being developed by CISCO systems, seeks to address a particular irony or cybersecurity paradox; namely, while much DoD network traffic is encrypted for additional safety, encryption can also make it more difficult for cyber defenders to see hidden malware in the traffic.
CISCO is now prototyping new detection methods as part of an effort to introduce their technology to the US military services.
“We have the ability to read and detect malware in encrypted web traffic. Even though the data is encrypted there is still a pattern to malware,” Kelly Jones, Systems Engineer for CISCO Navy programs, told Warrior Maven.
An ability to recognize patterns by comparing incoming web traffic with an existing data base provides the key basis for machine-learning; a computer uses AI to analyze patterns against known entities, thereby finding differences or “anomalies.”
Jones explained that although encryption does of course improve security, malware is easier to find in unencrypted traffic. A very large percentage of DoD web traffic is encrypted.
Encrypted data, Jones explained, cannot be identified as easily while in transit, so users were only able to find malware once the data was unlocked or de-crypted – thus after it had already arrived. New applications of AI, however, do have an emerging ability to discern troubling patterns while transiting in encrypted traffic.
“The Navy requires that much of its data in transit be encrypted. When do we reach that tipping point where we are securing so much that it has become more insecure? It is a hotly debate item as to when you could over-secure something,” Jones added.
In testimony before Congress earlier this year, the US Cyber Fleet Command Commander Vice Adm. Michael Gilday specifically mentioned the growing need for the US military to work closely with industry on cybersecurity. He told Senate Armed Services Committee earlier this year, Cybersecurity Subcommittee that the Navy needs to draw upon emerging “data science technologies” as a way to move faster and “improve an ability to proactively detect new and unknown malware.”
“We need these tools to help sense what is normal and detect activity on the network that is outside that. This is so we can act quickly using advanced analytics enabled by AI and machine learning which will give us a tactical advantage in identifying malicious activity early,” he said.