New Solution to Confront Most Dangerous Cyber Threat

New Solution to Confront Most Dangerous Cyber Threat

photo illus. cyber attack by Pixabay
photo illus. cyber attack by Pixabay

This post is also available in: heעברית (Hebrew)

Zero-day cyber attacks are among the most dangerous threats to computer systems and can cause serious and lasting damage. As an example, the WannaCry ransomware attack, which occurred in May 2017, targeted more than 200,000 Windows computers across 150 countries and caused an estimated $4 billion to $8 billion worth of damage. Such attacks can quickly overwhelm traditional defenses, requiring weeks of manual patching work to shore up the systems after the intrusion.

Typical responses to an attack can take up to 15 days, which can use up significant funds and resources for an organization. 

A Penn State-led team of researchers used a machine learning approach, based on a technique known as reinforcement learning, to create an adaptive cyber defense against these attacks.

This adaptive machine learning-driven method was developed to address current limitations in a method to detect and respond to cyber-attacks, called moving target defense, or MTD.

According to Minghui Zhu, associate professor of electrical engineering and computer science and Institute for Computational and Data Sciences co-hire, “these adaptive manual target-defense techniques can dynamically and proactively reconfigure deployed defenses that can increase uncertainty and complexity for attackers during vulnerability windows.” 

The team’s approach relies on reinforcement learning, which, along with supervised and unsupervised learning, is one of the three main machine learning paradigms. 

According to the researchers, reinforcement learning is a way that a decision-maker can learn to make the right choices by selecting actions that can maximize rewards by balancing exploitation — leveraging past experiences — and exploration — trying new actions.

“The decision-maker learns optimal policies or actions through continuous interactions with an underlying environment, which is partially unknown,” said Peng Liu, MD Professor of Cybersecurity in the College of Information Sciences and Technology. “So, reinforcement learning is particularly well-suited to defend against zero-day attacks when critical information — the targets of the attacks and the locations of the vulnerabilities — is not available.”

According to techxplore.com, further improvement is still needed for the team’s approach. For example, their algorithm relies on model-free reinforcement learning, which requires a large amount of data or a large number of iterations to learn a relatively good defense policy. In the future, they would like to incorporate model-based approaches to accelerate the learning process.

The research findings were published in the ACM Transactions on Privacy and Security.