The CyberCorps Mentoring and Scholarship Program (CMSP) at the College of Computing & Informatics (CCI) is designed to recruit, train and mentor student scholars to transition into cybersecurity positions within federal, state, local, or tribal government organizations. CMSP aims at strengthening national cybersecurity by supporting a diverse cybersecurity workforce, including recruiting and retaining women, underrepresented minorities, and veterans.
Associate Teaching Professor Thomas Heverin, PhD has been instrumental in leading the team of CyberCorps scholars, and his students have been working on cybersecurity research incorporating components from artificial intelligence (AI) and Machine Learning (ML) to make the safekeeping of systems as efficient as possible. Heverin shared his insights about why AI and ML are some of the top cybersecurity trends of 2020; read his insights below.
Artificial Intelligence and Machine Learning in Cybersecurity
By Thomas Heverin, PhD, Associate Teaching Professor
The field of cybersecurity consists of many roles. The National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework) provides information on over 50 types of cybersecurity roles including cyber forensic analyst, cyber incident responder, cyber crime investigator, penetration testers, and systems security analysts. As workers across industries shift to remote work environments and rely increasingly on online platforms, the need for trained cybersecurity experts will continue to grow. The future of cybersecurity will include countless options for specialization.
Students in Drexel’s CyberCorps program (a program that provides 2.5 years of full tuition, a stipend, a professional development allowance, and mentoring in cybersecurity technical skills) aim to land careers in several of these areas. For example, Jayme Hendrickson (BS Computing & Security Technology, ’22), Katie Miller (BS Computing & Security Technology, ’22), Callie Kuhfuss (BS Computer Science, ’22) and Nirav Brahmhatt (BS Computing & Security Technology, ’22) are all interested in cyber forensics careers. Andrew Zeyher (BS Computing & Security Technology, ’22) desires a career working in a security operations center (SOC) analyzing network traffic and networks logs for threats. Miller also has an interest in working in security awareness training, and Brahmhatt has considered working in cyber intelligence.
Although there are a wide variety of roles in cybersecurity, cybersecurity professionals all face a common challenge: the deluge of data. Cybersecurity professionals need to sort through an abundance of data to make decisions and to find answers. For example, cyber incident responders will use sources such as the National Vulnerability Database (NVD), U.S. Computer Emergency Response Team (CERT), Federal Bureau of Investigations (FBI) bulletins, vendor security bulletins, VirusTotal, social media, and many other sources to research clues found on their networks that might indicate an attack is taking place. Cyber incident responders will also review a countless number of network and device logs to see that actions took place. Simply put there is too much data for cybersecurity professionals to manually keep track of in their work tasks especially work tasks that have high time pressure demands to produce results.
Artificial intelligence (AI) and machine learning (ML) can play a key role in combatting the data deluge in cybersecurity. AI is a broad field which includes various subfields such as of knowledge representation (KR). KR is the field that I have worked directly in for several years as a cybersecurity researcher and consists of modeling real-world domains to allow for computational problem solving.
More specifically I have used ontologies, a key part of KR, to help address cybersecurity problems. Ontologies are used to model the concepts of a domain, to define how the concepts are related, and to define rules on how things work in that domain. I have created ontology models and computational methods for various projects including:
- Modeling components in a smart grid to analyze how trust breaks down across the system when a component (such as an encryption algorithm) fails
- Modeling software, hardware, interfaces, vulnerabilities and exploits of ships systems to compute cyber risk-assessments across U.S. Navy ship systems
- Modeling network objects and network data to conduct cyber forensics across large-scale networks
- Modeling disparate vulnerability and exploit data sources to expedite the ethical hacking of industrial control systems (ICSs)
A common theme across these KR projects includes linking various types of data from disparate information sources to provide cybersecurity professionals a way to easily find information and to solve problems. Natural language processing (NLP) with ML has been used to automatically read text from various sources, pull out the key data and information, and fill an ontology model of a domain. NLP and ML greatly speed up the process of linking data and information together from a large number of sources.
AI can be used in areas other than KR. As CyberCorps scholar Nirav Bramhatt explains, AI can also conduct direct actions in response to attacks and can provide advantages for cybersecurity professionals.
“AI is not only efficient at analyzing the irregular patterns in the network, but AI is also efficient in securing data breaches as well. Many cybersecurity professionals use advanced firewalls, but these advanced firewalls are not enough. They require manually setting up firewall policies, upgrading the firewall, and managing backups. An AI-based firewall can potentially upgrade and manage itself. Also, AI can analyze network behaviors, identify all sorts of patterns in network traffic and can neutralize threats more rapidly than a human,” Brahmhatt says.
Given the constant development of new hardware, software, applications, and operating systems, as well as new types of cyber-attacks, cybersecurity will be a constantly changing field. Additionally, as more and more devices, such as Internet of Things (IoT) devices, get connected to our networks, cybersecurity professionals will not be able to easily keep track of all things needing protection. As a result, AI and ML will continue to a play a key role in the future of cybersecurity innovation.
Cybersecurity professionals will not only need to team up with fellow professionals to protect our networks but they will also need to use AI and ML to keep us safe.
Interested in CyberCorps? The application round for the 2021 cohort is now open. The deadline to apply is October 5, 2020.