AI & CYBERSECURITYAI Model Aims to Plug Key Gap in Cybersecurity Readiness
There are more than 213,800 available known “keys”—unofficial entry points into computer systems, better known as vulnerabilities or bugs—and they’re already in the hands of criminals. There are likely many more that are not known. How can all the threats and attacks be tracked, prioritized and prevented? Scientists link resources to improve prioritization, spot attacks more quickly.
Imagine you’re the new manager of a large apartment building and someone has stolen one of your keys—but you’re not sure which one. Was it to a first-floor apartment? The mail room? Maybe it’s a master key to all the units.
All locks are vulnerable, as far as you know, and you’ll need to change every lock to be completely secure.
But if you knew exactly which key went missing, you could target your efforts, changing just the relevant lock and eliminating the threat posthaste.
Multiply that problem thousands of times over and you’ll understand what cyber defenders grapple with. There are more than 213,800 available known “keys”—unofficial entry points into computer systems, better known as vulnerabilities or bugs—and they’re already in the hands of criminals. There are likely many more that are not known. How can all the threats and attacks be tracked, prioritized and prevented?
That’s impossible for any one person or team. While computer analysts share leads by feeding information into multiple databases, they don’t have a map of how adversaries might use most of those bugs to wreak havoc.
Now, a team of scientists at the Department of Energy’s Pacific Northwest National Laboratory, Purdue University, Carnegie Mellon University and Boise State University have turned to artificial intelligence to help solve the problem. The researchers have knitted together three large databases of information about computer vulnerabilities, weaknesses and likely attack patterns.
The AI-based model automatically links vulnerabilities to specific lines of attack that adversaries could use to compromise computer systems. The work should help defenders spot and prevent attacks more often and more quickly. The work is open source with a portion now available on GitHub. The team will release the rest of the code soon.
“Cyber defenders are inundated with information and lines of code. What they need is interpretation and support for prioritization. Where are we vulnerable? What actions can we take?” said Mahantesh Halappanavar, a chief computer scientist at PNNL who led the overall effort.
“If you are a cyber defender, you may be dealing with hundreds of vulnerabilities a day. You need to know how those could be exploited and what you need to do to mitigate those threats. That’s the crucial missing piece,” added Halappanavar. “You want to know the implications of a bug, how that might be exploited, and how to stop that threat.”
