Can AI automate how we secure our networks?

As anyone who’s tried it knows, it’s not easy to correctly configure all of the cybersecurity protection features of the applications, devices, host servers, firewalls, and other components that make up today’s communications networks. And of course misconfigurations of these cyber elements can mean exposed data, security breaches, and other grave dangers.

Would the use of artificial intelligence make systems configurations more effective? Maybe even automate some or all of the configuration process?

We’re exploring this in partnership with our colleagues at Vanderbilt University, and envision a stepwise approach to ensure the optimal configuration of a network to maximize its security:

1. First, we use AI/machine learning reasoning to build our situational awareness (SA) of the real-time, operational contexts of the target system, and identify critical nodes therein for prioritized protection
2. Then we use domain-specific modeling languages (DSML) to model the target system or network based on our SU. We specify and incorporate the network’s attack surfaces, possible configurations (e.g., the personal data access settings on a server), functional requirements, and security policies and metrics as logical overlays of the model network.
3. Again using AI/machine reasoning, we automatically solve the model mathematically to explore and prune the potentially large configuration space of the network using constraints to arrive at a manageable number of feasible target system configurations.
4. We evaluate the post-pruning feasible configurations using Satisfiability Modulo Theory (SMT) solvers. These solvers help us select Pareto-efficient optimal candidates that simultaneously minimize attack surfaces, satisfy system functional requirements, and achieve the required metrics defined by the network’s security policies.
5. We apply back annotations to mark up the analyzed models to explain to human operators why the configurations were chosen, thereby providing confidence and trust in our automatic solutions
6. We’re then ready to generate and implement secure configurations in the target system by auto-selecting the optimal configuration candidates.

We call this approach “Secure Optimal Configurator with Cross-Component Examination and Reasoning,” or SOCCER for short. SOCCER can provide a long-needed critical capability that uses modeling and machine-based reasoning to securely configure cyber systems and enable their autonomous defense.

Machine Learning
A periodic scan and survey of the target system will build and track awareness of network topologies and the constituent devices and hosts. We apply natural language processing to continually extract knowledge on attack surfaces from external vulnerability knowledge-bases such as Cyber Vulnerability Enumeration (CVE) and Common Weakness Enumeration (CWE) and apply it to our target system. Additionally, we propose to use machine learning (both support vector and deep learning techniques) to identify and prioritize for protection, the high value target system nodes, using labeled samples, network conditions, usage patterns, and topological changes.
Domain-Specific Modeling Languages

We propose to use Vanderbilt’s DARPA-proven Web Generic Modeling Environment (WebGME) tool to model and analyze the target as a composed system, as well as represent human operator behaviors as business process models.

Target System Configurations
We propose to apply automatic constraint-guided design space exploration techniques to provide computationally efficient inference without enumerating all possible configurations.

Selecting Optimal Candidates
Treating configuration selection as a multi-objective optimization problem allows for the use of Satisfiability Modulo Theories (SMT) solvers to reason over the post-pruning space and identify Pareto-optimal solutions that are optimized against attack surfaces, security metrics, and functional requirements.

Click here for more information on LGS cyber resilience and threat analytics