AI/ML-Based Attack Signal Intelligence at the Tactical Edge

AI/ML-Based Attack Signal Intelligence at the Tactical Edge

Published in Military Embedded Systems
Written by Michael Wilson and Dominic Perez

Advances in generative artificial intelligence (AI) are enabling adversaries to build new attacks faster and evade signature-based threat detection with ease. The cutting edge of adversarial cybersecurity is becoming more sophisticated, using new technologies to rapidly develop new attacks. Defensive cybersecurity efforts must keep pace with bad actors by using new tools that combine attack signal intelligence with pattern-matching capabilities to identify polymorphic threats, or cyberthreats that employ evasive techniques to evade detection from traditional security solutions.

If a breach has occurred or is suspected, the defense cyber team cannot trust any devices on the network and must bring their own equipment to perform the analysis. These “tactical edge hunt kits” are carried by an operator to analyze network threats on location, as many defensive cyber missions occur on segmented, isolated, or otherwise air-gapped networks owned by other organizations or mission allies. A mobile and rapidly deployable hunt kit enables the speedy response essential to remediate threats and protect devices and networks.

Over the last decade, it’s become routine for cyber task forces to visit a site and collect network data for a couple of weeks, after which they return to their lab and run the collected data through an analyzer. By that point, though, the adversary has likely completed its mission, hidden its tracks, and changed its attack. Running replays of data after the fact is no longer enough. What’s needed is to move from snapshot-in-time assessment of threats to a more continuous monitoring model.

Read the full article.