AI can outsmart cyber attacks19 April 2021
Spotting early signs of cyber attacks – and automatically defending against them – will form the basis of a new funded research and innovation programme between Airbus and Cardiff University. The two organisations have worked on shared cybersecurity projects for nearly a decade. Here, Professor Pete Burnap, Director of the Airbus Centre of Excellence in Cyber Security Analytics – located within the Cardiff Centre for Cybersecurity Research (CCCR), explains the exciting programme ahead.
A recent report from GCHQ has shown how its analysts could use AI responsibly to protect the UK from threats – from state-backed disinformation campaigns to cyber attacks.
The paper, Ethics of AI: Pioneering a New National Security, explains why technology enables problem-solving at scale and speed.
As the world struggles to recover in 2021, Artificial Intelligence (AI) will continue to innovate. The tech sector not only helped healthcare organisations find ways of tackling the global pandemic, it expanded enormously in an era of remote working and learning – from online teaching assistants to screen bots that help us save energy at home.
As the use of IoT and 5G technologies have soared during lockdown, so too have cyber threats – bringing with them opportunities to advance the science of cybersecurity.
Thanks to careful planning, we have been able to capitalise on a longstanding partnership with Airbus and develop a rolling three-year programme of work which represents a step-change in our collaboration around AI for cybersecurity.
In recent months, we have made ground–breaking inroads into the detection and blocking of cyber attacks in real-time, seeing ransomware detected within four seconds, and reducing file encryption by over 80%.
Now the CCCR team are shining their research spotlight on the development of “game playing” cyber attack and defence methods. Detecting early warning signs of an attack on enterprise networks will allow AI to “learn how to defend” by selecting appropriate automated defence mechanisms, depending on the context of the attack.
Cyber attacks vary in their complexity. Targets vary, too. There is no “one size fits all” approach, as any Security Operations Centre specialist will tell you. Machines will need to establish context and reason from previous experience of defending against attacks, weighing their relative success to determine which response to follow. A PhD studentship with Cardiff University will complement existing work in the Airbus Cyber Lab programme to solve this problem.
Automated approaches to the detection and response to cyber attacks will likely always need a human to observe and mediate responses, taking appropriate action to report and manage the attack within the business. Therefore, a key factor in the adoption of automated methods is the trust relationship between people and algorithms. Both in terms of “why has the algorithm done this”, and “is the algorithm likely to be correct?”
A Knowledge Transfer Partnership between Airbus and Cardiff University, part–funded by Innovate UK, will address these challenges by developing explainable approaches to cyber attack detection algorithms such as recurrent neural networks. We will test their robustness in the face of deliberate attempts to confuse or evade the algorithms – adversarial attacks on the AI systems underpinning attack detection.
A major element of algorithmic representation of knowledge is how it stands the test of time. How can it incorporate new knowledge and adapt to update its “understanding” of the situation as contexts change over time?
A further PhD studentship with Cardiff will establish insights into how the sensory inputs used by AI to make decisions change over time, and how the “memory” of the AI degrades as this happens. The same PhD is also considering if temporal changes in attack fingerprints can be used to profile potential threat actors for the purposes of informing the automated cyber defence approaches as to who their “opponent” might be, providing additional sensory input to reason around a suitable response.
These additions will uplift the shared capability across the Cardiff-Airbus relationship, and significantly increase the internal knowledge at Airbus as it moves towards more automation across the organisation – both in a cyber context and more generally.
The past year has been an incredibly exciting year for cyber security. As one of 19 Centres in the UK to be recognised as an Academic Centre of Excellence in Cyber Security Research (ACE-CSR) by both the National Cyber Security Centre and EPSRC, we are well placed to lead further innovation across the sector.
As the Government publishes its Integrated Review into security, defence, development and foreign policy, our new pipeline of projects with Airbus will help support GCHQ’s work to keep the nation safe in an increasingly complex world.
Professor of Data Science & Cybersecurity, School of Computer Science and Informatics