This post is also available in:
עברית (Hebrew)
As cyberattacks continue to rise globally, traditional security systems are struggling to keep up with increasingly sophisticated methods used by attackers. To counteract this, many organizations rely on SIEM systems that detect signatures to identify and prevent intrusions. However, new research from the Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE) has revealed a serious flaw in this approach—many attackers can easily bypass these signature-based systems, leaving sensitive data vulnerable.
To address this issue, Fraunhofer FKIE has developed a promising solution called AMIDES (Adaptive Misuse Detection System). Unlike traditional signature-based methods, AMIDES leverages artificial intelligence (AI) and machine learning to identify attacks that are similar to known threats but do not perfectly match the established detection rules, according to TechXplore. This adaptive method ensures more accurate identification of cyberattacks while minimizing the high rate of false alarms associated with other detection approaches like anomaly detection.
The growing threat of cyberattacks is evident, with studies showing that many companies have fallen victim to data theft and similar attacks, resulting in significant financial damage. The dynamic nature of these cyber threats, where attackers often alter their tactics to evade detection, makes it increasingly difficult for traditional SIEM systems to provide adequate protection.
AMIDES overcomes this challenge by focusing on “adaptive misuse detection.” The system is trained to learn normal behavior within an organization’s environment, which allows it to detect deviations that may indicate an attack. For example, the system looks at the command lines used by newly launched programs. If these command lines show slight variations from those in known attack signatures, AMIDES triggers an alarm, even if the attack is not a perfect match to a predefined signature. This allows the system to identify new types of attacks that have been designed to evade detection.
According to TechXplore, the system also introduces the concept of “rule attribution,” a feature that enhances the clarity of alerts. Unlike many machine learning systems, which simply generate warnings without context, AMIDES allows analysts to trace detected threats back to specific detection rules, providing valuable insights into the nature of the attack.
AMIDES has already been tested with real-world data from a German government agency and demonstrated an impressive 70% success rate in detecting evasion attempts, with minimal false positives. Its speed and efficiency make it suitable for large enterprise networks, ensuring that organizations can monitor their systems in real-time without sacrificing performance.
Available as open-source software, AMIDES is designed for larger organizations with established security infrastructure looking to enhance their existing systems. By combining AI with the best aspects of traditional rule-based detection, AMIDES represents a significant leap forward in the fight against evasive cyber threats.
