1 October 2016

IARPA To Develop Early-Warning System For Cyberattacks

Steve Rosenbush
September 28, 2016

IARPA To Develop Early-Warning System For Cyberattacks

The Intelligence Advanced Research Projects Activity has launched a multi-year research and development effort to create new technologies that could provide an early warning system for detecting precursors to cyberattacks. If successful, the government effort could help businesses and other targets move beyond the reactive approach to contending with a massive and growing problem.

IARPA, part of the Office of the Director of National Intelligence, says the three-and-a-half year program will develop software code to sense unconventional indicators of cyber attack, and use the data to develop models and machine learning systems that can create probabilistic warnings.

Current early warning systems are focused on traditional cyber indicators such as activity targeted toward IP addresses and domain names, according to IARPA program manager Robert Rahmer. The first stage, lasting 18 months, will examine data outside of the victim network, such as black market sales of exploits that take advantage of particular software bugs. The second and third phases, 12 months each, will examine internal target organization data and look for ways to develop warnings and transfer any tools that emerge from the research from one organization to another, he said.

IARPA said the program, known as Cyberattack Automated Unconventional Sensor Environment, or CAUSE, has been underway since August, and includes four main research partners: BAE Systems Inc., Charles River Analytics, Leidos, and the University of Southern California. Each partner has a novel approach to addressing the challenge and can work with subcontractors, according to Mr. Rahmer.


“We are focusing on the human aspect of prediction versus detection,” said Anne Taylor, technology group director at BAE. The company said it applies human behavioral, cyber attack, and social theories to publicly available information — such as posts on social media — to develop unconventional sensors of activities that indicate the early stages of an attack.
We are focusing on the human aspect of prediction versus detection, says Anne Taylor, technology group director at BAE Systems Inc., which is working with IARPA on an early-warning system for cyberattacks. Photo: BAE Systems Inc.

“Signals of interest are derived from examining emotional language and sentiment-related characteristics, analyzing topics of discussion, and looking at technical communications,” BAE said in an email. “This differs from traditional cyber attack detection which utilizes conventional sensors running with private data where the focus is on the detection of an ongoing event, rather than prediction.”

“The possibility of pushing threat detection closer to its originating point in the attack chain holds significant promise for reducing or potentially preventing the damage caused by cyberattacks,” John Fratamico, president of the Leidos Advanced Solutions Group, said in a company statement.


No comments: