Introduction
With developments in the Internet, computing and mobile technologies, cyber security and attacks have become issues of critical concerns among governments, individuals, and businesses (Nye, 2010). More advanced threats, such as ransomware, have continued to undermine the benefits associated with computers, the Internet, and networking due to escalating costs of malicious cyber-attacks. As billions of dollars and information are stolen each year, industry experts, governments, and academics have continued to work tirelessly with the aim of advancing cyber security to protect critical infrastructures.
The US Government, for instance, has developed policies to promote cyber security and resilience of its key installations while advancing effective, innovation, and economic development through safe, secure, confidential, private, and liberal practices. The US enacted the Cybersecurity Enhancement Act 2014 to ensure that respective bodies develop and maintain a clear plan for cyber security research and development (R&D) based on a risk assessment tool for guidance.
The federal government is responsible for R&D funding. Based on this approach, the US government has demonstrated its commitment to advancing cyber security R&D and protecting numerous benefits associated with technologies and the Internet. While there are past initiatives to advance cyber security and related technologies, the US government has focused on incremental developments based on emerging threats and potential solutions from R&D.
Current evidence on efficiency and efficacy of cyber security approaches and technologies have resulted into enhanced R&D activities. As such, more robust technologies and emerging approaches will assist in protecting critical infrastructures.
This research paper is concerned with emerging cyber security approaches and technologies. In addition, it also looks at the role of the federal government in the support and nurturing of the emerging cyber security technologies identified. It is imperative to note that only emerging cyber security approaches and technologies considered as novel in the recent past have been considered. In this research paper, nature-inspired or bio-inspired cyber security, deep learning, and user behavior analytics (UBA) are discussed as emerging approaches and technologies for cyber security. These emerging cyber security approaches and technologies are unique and new, and they look promising for securing critical infrastructures in the cyberspace.
How the emerging cyber security technologies identified coupled with prioritized research and development improve cyber security
In most instances, much effort has been directed at developing and improving existing cyber security approaches and technologies. At the same time, some medium-term and long-term efforts are generally geared toward critical research and development to determine the best transformative solutions to solve cyber security issues, including emerging threats. From a broader perspective, emerging cyber security approaches and technologies also have similar goals based on four defensive aspects (National Science and Technology Council, 2016).
These solutions aim to deter attacks. They will be able to detect and discourage potential attacks while negatively impacting adversaries engaged in cyber attacks. These approaches and technologies also concentrate on protection. That is, they are being developed to resist cyber attacks and other malicious activities effectively. Besides, they want to uphold data and system integrity, confidentiality, availability, and accountability.
It is also expected that these emerging cyber security approaches will have abilities to detect and even anticipate possible attacks and other malicious activities. They appreciate the fact that perfect solutions are difficult to design and may not be possible. Hence, the approach is based on assumptions of vulnerable systems and networks. New solutions also have adaptability capabilities. They would defend and vigorously adapt to cyber threats to avoid massive disruption, ensure quick recovery, and sustain operations during system restoration. Such capabilities should also be observed in similar future attacks.
The emerging cyber security technologies identified and their main features
Deep Learning
Deep learning accounts for multiple technologies, including machine learning and artificial intelligence based on similar processes that human beings use to identify objects, and it is now one of the most recent approaches and technologies to cyber security. Deep learning relies on user behavior to detect anomalous behaviors. It can identify deviations exhibited by malicious behavior as opposed to legitimate behavior with regard to cyber security (Musthaler, 2016; Li, Ma, & Jiao, 2015).
It is expected that deep learning will have a significant influence on cyber security. It could be the most sophisticated approach for detecting “zero day malware, emerging malware, and other extremely advanced persistent threats (APTs)” (Musthaler, 2016, p. 1). APTs are currently regarded as the most advanced mutations of malware and viruses because of their abilities to attack networks without detection by most cyber security technologies. Industry experts claim that deep learning has an accuracy rate of 98.8% in detecting APTs in real-time (Musthaler, 2016). Moreover, recent research has shown how deep learning would be important in the Big Data Analytics where massive amounts of unsupervised data are involved (Najafabadi et al., 2015).
The machine learns by identifying behavior of a malicious code. As a result, it notes all unidentified codes as benign or malicious with exceptionally “high rate of accuracy and in real time while the identified malicious files can then be quarantined or deleted based on the preferred policy” (Musthaler, 2016, p. 1).
User Behavior Analytics
Once users’ credentials have been compromised, they can be used for all forms of malicious behavior. For a cyber security team, such behaviors should be an indicator of a potential attack particularly if user behavior analytics (UBA) is employed. UBA relies on big data analytics to detect unusual behavior in the system.
The traditional security techniques could not offer absolute solutions. Moreover, static perimeter protections cannot meet escalating security breaches executed by authentic stolen user credentials. In addition, they have not been effective against malicious users, and today’s BYOD environment further complicates the situation (Nayyar, 2015).
UBA, through “machine learning and big data algorithms used to evaluate risks in near-real time, can be used to assess user activity by modeling for usual behavior against abnormal ones” (Nayyar, 2015, p. 1). Modeling is elaborate, and it accounts for user duties and positions alongside permissions, access, and accounts; user specific location and practices as collected from the system; and presents alerts (Nayyar, 2015). The collected data are correlated and assessed according to past and current observed activities.
The analysis process is detailed. It usually includes “types of transactions, user session period, resources, connectivity, and general peer group behavior” (Nayyar, 2015, p. 1). UBA is deployed to determine usual behavior and elements of anomalous activities.
The next process involves risk modeling. The approach does not automatically classify unusual behaviors as risk. Instead, the behavior must be assessed based on its possible consequences. If ostensibly unusual activity entails resources not classified as sensitive, then the possible risk may be classified as low. Conversely, any attempts to gain access to private data, such as trade secrets, are regarded as critical impact risks. As a result, risk is determined by likelihood and impact. Anomaly can then be assessed through behavior modeling algorithms. For impact, factors related to criticality, classification and specific controls are applied for the data.
User activities can then be traced. It assists in determining the level of risk involved. UBA risk determination also accounts for other variables, such as permission, classification of assets, possible vulnerability, and organizational policies among others. An increase related to these aspects would result in elevated risk level of users.
Overall, UBA gathers, correlates, and analyzes multiple factors, such as unknown threat and situational ones. It then delivers a rich, context-driven large datasets.
Biologically Inspired Algorithms
The cyber security communities now concentrate on novel technologies and approaches to manage overwhelming and radically increasing array of cyber threats and data that may require real time analysis. Given these scenarios, the traditional methods have failed to offer viable alternatives, and they are generally not applicable in real time analysis. Bio-inspired algorithms for detecting anomalies in Wireless Sensor Network (WSN) communication have been proposed.
“Particle Swarm Optimization (PSO), Artificial Immune System (AIS), Ant Colony Optimization (ACO), Artificial Bee Colony (ABC), and Genetic Algorithm (GA)” (Rizwan, Khan, Abbas, & Chauhdary, 2015, p. 3) among others are some of the innovative solutions in biologically inspired algorithms with the necessary capabilities for a wider search for effective results for solving network intrusion and detection problems.
Bio-inspired systems work in a similar manner as the Human Immune System (HIS). HIS protects the body from “harmful viruses, bacteria, and parasites” (Rizwan et al., 2015, p. 3).
The AIS, for instance, has gained a lot of recognition in the recent past as a tool for intrusion detection. AIS, as a defense system, is motivated by principles and procedures noted in HIS (Phogat & Gupta, 2015). It generally relies on memory and learning to detect and solve security intrusion based on the created unusual patterns by relying on normal data (Rizwan, Khan, Abbas, & Chauhdary, 2015, p. 3). Hence, they do not develop pattern for regular data. The developed patterns are referred to as nonself because they are developed to conduct only anomaly-driven intrusion detection. As such, any detected patterns with matching outcomes are classified as anomalies.
How an organization would use these emerging cyber security technologies
Deep Learning
An organization can apply deep learning technology to assist its main engine to learn how to identify malicious code. They would be able to collect hundreds of millions of files created in different formats, including PDFs, Office files, and others for analysis. Deep learning does not focus much on the type of file collected. The most important aspect is file classification as either legitimate or malicious.
An organization would then transfer these massive data sets into their artificial engine in which deep learning will create a prediction model that is referred to as instinct. The instinct detects, with assurance, legitimate and malicious codes.
Deep learning is based on the prediction model or the instinct and training. The instinct agent is then installed on any system, including “tablet, server, laptop, and PC, and it could run on any operating system (OS)” (Musthaler, 2016, p. 1). The agent is activated when a file is downloaded or opened. The process involves breaking down the file into “minute pieces and analyzing them via the instinct or the prediction model in real time” (Musthaler, 2016, p. 1).
In the subsequent step, the instinct must rely on its training to detect if a file is a threat or not. It is imperative to note that the process is quite faster – estimated at nearly five milliseconds. As such, deep learning prompts different decisions for the detected threat, including deletion, blockage, quarantine, or whatever decisions an organization deems fit for the malware before it can cause any damage. Further, deep learning does not allow any negative outcomes on the user activity.
The agent contains all the necessary elements it needs to perform an analysis of strange files. This implies that it does not require organizational network or even the Internet for both “online and offline protection of devices” (Musthaler, 2016, p. 1). For instance, an employee may be in a remote location and decides to use possibly infected USB stick. The agent installed in the device will automatically initiate analysis of the files contained in the USB stick. In this case, the agent conducts an analysis of files contained in the USB stick using a pre-execution method and gets the threat before it can cause damage to the device.
In addition, there is also an agentless version of deep learning with a robust “prediction model and protection abilities, and these abilities do not depend on the device itself” (Musthaler, 2016, p. 1). Instead, the solution can be linked with any kind of gateway through “SDKs or APIs, for instance, a firm can use FireLayer’s cloud for a deep learning approach to perform threat detection and prevention for files and applications stored in the cloud” (Musthaler, 2016, p. 1).
Deep learning must conduct constant “training to its artificial brain or the engine to ensure that it can detect new threats, which makes it robust and creates a significant level of confidence in malicious file detection” (Musthaler, 2016, p. 1). While continuous updates are performed, it is noted that deep learning agents can perform accurately for several months without updates. Specifically, an agent may degraded by 1% or less in its malware detection capabilities if not update for a period of four months (Musthaler, 2016).
Biologically Inspired Algorithms
It is imperative to recognize that multiple entities of AIS have been developed. First, antigen is adapted as data with several variables of any kind. Second, T-Cell works on the “sequence, selects types of variables found in the antigen, determines a given variable class, and functions as a regulating agent” (Rizwan et al., 2015, p. 3). Third, B-Cell is a critical component that signifies a given variable type when learning occurs. Finally, the clone is represented as a mathematical representation of different types of B-cell. It is the identifying component. Hence, the technique generally borrows from HIS.
For an organization, the approach presents two approaches. First, negative selection algorithm (NSA) works just like the negative selection process of the natural immune system (Rizwan, Khan, Abbas, & Chauhdary, 2015).
The T-cell will identify any type of self-cell and then isolates it for immune processes within the T-cell as it develops. Organizations apply NSA for anomaly identification. In this case, the NSA has several detectors, including self-strings only. The NSA works in two major steps. The initial step involves censoring and matching different strings, and then matched strings are excluded while those that “do not match are sent to the detector” (Rizwan et al., 2015, p. 1). The second process entails matching of protected strings against strings sent into the detector (Rizwan et al., 2015, p. 1).
The final AIS model is the clone selection algorithm. This technique involves the recognition of antigen, cell spread, and perception into the cell memory. The clonal immune components are “deployed to develop several AIS algorithms” (Rizwan et al., 2015, p. 1). C-cell primary model and related antibodies may function as the main important metaphor as the B-cells develop various antibodies to counteract any foreign antigen. The clones of B-cells also differ based on arrangements of receptors, but they conduct a search for the most appropriate receptor.
User Behavior Analytics
In an organization, the UBA technique has been developed to execute two major roles. First, it works by identifying certain usual operations expected in a company and its employees. Second, the UBA technique must act quickly to discern the variations observed from the norm, which will need additional investigation. That is, UBA tools are developed to detect and act on abnormal behaviors. It is imperative to recognize that any abnormal behavior may or may not necessarily signal a cyber security issue. Therefore, the issue must be further investigated for effective determination. User is the central focus of UBA.
Describe real-world examples of the use of these emerging cyber security technologies
Deep Learning
Siemens CERT and Drebin University have practically applied deep learning as a top defense option during tests. It involved attempts to detect mobile malware among major ten security vendors. Deep learning delivered the most accurate solution with an accuracy rate of 99.86% (Musthaler, 2016). In addition, it was able to recognize malware from a dataset of 16,000 APTs at 98.8 percent of the time (Musthaler, 2016).
A company must install an agent on a device to detect anomalies. It must however conduct a proof of concepts for users based on dataset files to allow users to make distinctions with existing cyber security approaches and technologies.
User Behavior Analytics
It is noted that the CIA could be using UBA coupled with Big Data Analytics for its security analytics because the focus is on users instead of alerts or events (Wang & Alexander, 2015). That is, it can be used to identify employees or insiders, such as Edward Snowden, with anomalous behaviors. When anomalous event is detected, the focus should be on user behavior and related anomalies to determine if the user has been behaving in a perfect way based on how they gain access to the system, including timing. UBA helps organizations to detect APTs faster specifically from insiders who compromise systems. It generally relies on massive analytical capabilities to counter for shortage in cyber security shortage.
Biologically Inspired Algorithms
A company known as Darktrace explains that biologically inspired algorithms such as AIS automatically evaluates a device, user, and network of an organization to allow the system to create a model of information flow for better understanding of normalcy. Consequently, the system can extrapolate malware visualization interface to important maps of threats.
The cyber immune system, in this case, works by learning about normal behaviors through monitoring activities for few weeks before it can identify unusual activities. It works on probability advice and sustained updates of outcomes to reflect new realities. Hence, false positive are restricted.
Moreover, organizations use the approach to cut off infiltrating malware from any sensitive data. It sets a trap for hackers and observes their behaviors – information they seek, modes of operations, and probable origins.
The role of the federal government in the support and nurturing of the emerging cyber security technologies identified
Based on the Acts to promote cyber safety and security, the federal government has demonstrated its efforts to nurture emerging forms of cyber security from a general perspective. It support for R&D has been immense.
The benefits and drawbacks that government efforts to support new cyber security technologies may create
The federal government has generally concentrated on developing the right workforce right from lower levels of education by focusing on an appropriate curriculum. It also recognizes that developing and retaining the required workforce to advance technical research in emerging cyber security technologies are critical challenges (LeClair, 2013). Success or failure of emerging cyber security technologies largely depend on people and their skills.
The federal government has been keen on talents in cyber security research, product development, and professionals, who have become extremely rare. The National Initiative for Cybersecurity Education (NICE) was created in “2010 to advance R&D by implementing cyber security recommendations” (National Science and Technology Council, 2016, p. 29). It reflects the ultimate effort of the government to meet “workforce shortage in cyber security for both the government and the private sector” (National Science and Technology Council, 2016, p. 29).
The federal government is also committed to the provision of advanced cyber security test bed resources for researchers. Test beds are critical for researchers because they must depend on actual operational data and situations to “develop models and perform experiments on real cases, vulnerabilities, and scenarios for exploitation” (National Science and Technology Council, 2016, p. 29). It believes that the models and experimental techniques should be shared and evaluated by different researchers. Hence, providing the research infrastructure remains a vital role of the federal government.
While the current experimental test beds are created on ad hoc basis for customized experiments, there is a continuous improvement and development of standalone test beds for experiments. The emerging cyber security technologies must demonstrate abilities to capture, model, and recreate actual situations expected in cyber security and as reflected in human behaviors.
The federal research agency has also availed funds to support expensive cyber security research. In fact, it remains the main source of funds for near-term, medium-term, and long-term research. It funds some high-risk short-term cyber security initiatives to meet vital objectives and specific roles, which are important to the public, but the private sector cannot deliver, or is persuaded to pursue. The federal government research agency strives to deliver the right balance for all partners engaged in emerging cyber security technologies research and development.
Inadequate resources can slow down progress. However, the federal research agency focuses on fast transition to practice because of APTs. In this case, funding has become important as the government wants to realize and maximize positive returns on investments. Thus, accelerating R&D and transition remains a major theme in the role of the government in advancing cyber security.
There are also critical drawbacks for engaging the federal government in R&D of emerging cyber security technologies. Specifically, these are long-term challenges that could take years to address in a dynamic cyber security environment. Generally, the federal research agency has designed its action to focus largely on near-term solutions for cyber security. That is, prevention of cyber-related damages and espionage, minimizing consequences of successful threats, enhancing collaboration, and fighting cybercrime have been important. However, more complex, long-term drawbacks are most likely to persist. First, design has been a major challenge.
Experts agree that efficient cyber security solutions should account for ICT design. Yet, the federal research agency and developers have conventionally concentrated on system features rather than security mainly because of funds. In addition, the design cannot account for security needs of the future, which remain largely difficult to predict. Second, incentives have been singled as major drawbacks for innovation and R&D.
It is claimed that economic incentives are unfair and awkward (Fischer, 2014). However, the cybercrime is touted as profitable, cheap, and relatively safe for hackers. Conversely, cyber security is expensive, often deficient by nature, and economic returns on investments are usually not known. Poor incentives could therefore drive many experts to cybercrime. Third, federal research agency and other stakeholders need consensus.
However, cyber security holds different meanings to different partners. As such, there is little common consensus on its meaning, implementation processes, and risks involved. Moreover, organizational cultures are also impediments to collaboration within and across sectors. For the private sector, the government red tape procedures could be a major drawback to innovation and R&D. Finally, the cyberspace is among the fastest in terms of technology development.
New and emerging technologies and applications are common, such as big data, Internet of Things, cloud computing, autonomous systems, high performance computing, and Cyber-Physical Systems among others, and they continue to complicate the nature of the cyberspace and threats. While they offer vital opportunities for developing robust cyber security technologies, the government slow processes of enacting laws to facilitate investments in innovation and R&D could hinder fast progress.
These challenges could therefore imply that the government is slow to develop and adopt emerging cyber security technologies.
Real-world examples that support the position
While attacks still occur, one must however recognize actions and efforts of the federal government in raising the level of cyber security nationally, disrupting and deterring malicious attacks, and enhancing levels of Incidence Response and Resilience (Monaco, 2016). Nevertheless, these efforts have not yielded the expected outcomes, and the federal research agency is not a leader in emerging cyber security technologies, such as deep learning, bio-inspired algorithms, and user behaviour analytics. Moreover, issues related to slow response rate, poor funding and policy, inadequate technical expertise, insufficient risk knowledge, and poor security management have deterred progress (Lino, 2014).
The federal government has recognized that collaboration between its research agency, the industry, and private citizens remains a critical approach for tackling cyber security threats by developing robust solutions.
Moving forward, the federal research agency must focus on its vital role of protecting national critical infrastructure and private sectors as it prepares for unknown new threats of tomorrow. This goal is a tough technical challenge, which needs fundamental changes in design and execution of cyber security efforts to prioritize research and development and security. In this case, the federal research agency must focus on sustained proactive and thorough cyber security R&D efforts driven by the federal research agency itself, academics, the private sector, and other international partners, including private individuals.
References
Fischer, E. A. (2014). Cybersecurity Issues and Challenges: In Brief. Web.
LeClair, J. (2013). Protecting Our Future: Educating a Cybersecurity Workforce. Washington, D.C: Excelsior College Press.
Li, Y., Ma, R., & Jiao, R. (2015). A Hybrid Malicious Code Detection Method based on Deep Learning. International Journal of Securityand Its Applications, 9(5), 205-216. Web.
Lino, C. (2014). Cyber security in the Federal Government: Failing to Maintain a Secure Cyber Infrastructure. Information Policy, 1-5.
Monaco, L. O. (2016). Administration Efforts on Cybersecurity: The Year in Review and Looking Forward to 2016. Web.
Musthaler, L. (2016). How to use deep learning AI to detect and prevent malware and APTs in real-time. Network World. Web.
Najafabadi, M. M., Villanustre, F., Khoshgoftaar, T. M., Seliya, N., Wald, R., & Muharemagic, E. (2015). Deep Learning Applications and Challenges in Big Data Analytics. Journal of Big Data, 2, 1. Web.
National Science and Technology Council. (2016). Federal Cybersecurity Research and Development Strategic Plan. Web.
Nayyar, S. (2015). Detecting Advanced Threats With User Behavior Analytics. Network World. Web.
Nye, J. S. (2010). Cyber Insecurity. Web.
Phogat, S., & Gupta, N. (2015). Basics of Artificial Immune System and Its Applications. International Journal Of Scientific Research and Education, 3(5), 3509-3516.
Rizwan, R., Khan, F. A., Abbas, H., & Chauhdary, S. H. (2015). Anomaly Detection in Wireless Sensor Networks Using Immune-Based Bioinspired Mechanism. International Journal of Distributed Sensor Networks, 2015(6), 1-10. Web.
Wang, L., & Alexander, C. A. (2015). Big Data in Distributed Analytics, Cybersecurity, Cyber Warfare and Digital Forensics. Digital Technologies, 1(1), 22-27. Web.