ObjectSecurity has been developing a number of Artificial Intelligence (AI) driven cybersecurity tools for numerous customers over the last couple of years. Using Machine Learning (ML) for cybersecurity is a highly hyped-up topic where “everybody’s doing it” (at least in “marketing terms”), but actual tangible solutions are scarce. In this blog post, we present a couple of our AI-driven cybersecurity project case studies and tools.
AI-based cyberattack detection for wireless sensor networks
This video presents a customer case study where we are developing a machine learning based intrusion detection tool for detecting whether wireless sensor networks are under cyberattack or not. The particular use case for this case study are wireless networks for predictive maintenance or condition-based maintenance – to detect whether equipment needs to be maintained or repaired. But the technology can be used for many other wireless sensor networks as well, such as industrial control systems or internet of things.
In our use case, the sensor network’s gateway, which receives and processes the sensor traffic, analyzes the received sensor traffic on a continuous basis to determine the need for maintenance.
Our tool extends this gateway with an AI edge computing platform for deep learning. When first installed, our tool retrains its deep neural nets to the current sensor network. Thanks to the use of advanced deep learning techniques, our tool is able to adapt to particular sensor networks quickly – and determine no anomalies are occurring. You can see the predictions of an actual system in the graph. After that, when the sensor network – or the sensors – are cyberattacked, our deep learning-based tool firstly detects these anomalies – and secondly also tries to classify the kind of cyberattack that is happening. The attack is clearly visible in the predictions.
Our tool enables the customer to detect and respond to cyberattacks better and faster.
Intelligent, adaptive vulnerability assessor sequencing
This video presents a case study of two customer use cases where we developed a machine learning based cybersecurity “expert” that learns the best sequence of actions over time, using deep reinforcement learning (a sub field of deep learning).
We first developed an “AI hacker” prototype for cyber red team training environments. The patented “AI hacker” learns over time which sequences of actions work best against a particular defender – and is even able to characterize the defender.The goal was automation and cost-saving for cyber red team training
After that, we extended the technology to also learn the most likely successful sequences of actions of vulnerability assessors, esp. for embedded firmware.
Some of these features ended up being used in VAPTBOX, our vulnerability assessment and penetration tester portable device.
ObjectSecurity won Best Poster award at NDSS2021 for VAPTBOX.
AI based vulnerabilities testing, penetration & analytics platform
ARAT is a complete vulnerabilities testing, penetration and data analytics platform full AI/ML support for anomaly and attack detection. ARAT was originally developed to meet our own requirements in vulnerabilities and penetration testing of individual (embedded) systems and complete, complex networks, and also for our work in hardware level and side channel attacks.
ARAT allows to stimulate systems in different ways. For example, ARAT controls, using rule-based or AI/ML-based orchestration, standard and self-developed exploration, vulnerabilities and penetration test penetration test tools, for network traffic and other interfaces, for example UART, CAN, I2C, field buses and so on. It collects response information, e.g. from network tapping (PCAP), interfaces and physical sensors like Digital Storage Oscilloscopes (DSO) or Software Define Radios (SDR). It especially supports an FPGA/SoC based integrated, high performance stimulation and observation device for Side Channel Analysis, which we developed inhouse at ObjectSecurity. Finally, ARAT supports result analytics-based rules, statistics, AI/ML and visual analytics.
The main advantage of ARAT is its high agility over the entire simulation, observation and analytics cycle. It fully integrates automation with interactive visual analytics. It is based on ObjectSecurity’s patented “Differential Stimulus” ML cybersecurity approach.
ARAT has a wide range of features to support vulnerabilities testing, penetration and analytics:
- Vulnerability testing, penetration, analytics
- Full integration of stimulation, data acquisition & analytics
- Stimulation
- Data acquisition
AI/ML Trust Analysis
ObjectSecurity was selected for a Small Business Innovation Research (SBIR) contract from the US Air Force. As stated in the original solicitation entitled, “Assurance of Trusted AI/ML Systems Pitch Day for Trusted Artificial Intelligence”, the Phase II SBIR focuses on developing innovative tools, techniques and methods necessary to support the development of trusted AI systems at speed and scale within modern development pipelines.
The project, carried out by ObjectSecurity LLC, aims for successful technology development and transition that will result in addressing trusted Artificial Intelligence and Machine Learning (AI/ML) at scale.
As stated in the solicitation, “a key element of trust in AI is our ability to impart and assess the classical security attributes of developed AI systems. Confidentiality, integrity, and availability of systems remain a key concern as we move toward increased AI, especially as such systems are imparted with the levels of autonomy necessary for speed and scale of action required for future missions. This need for assurance in our AI-based software must be weighed against the benefits (and risks) of agile, rapid development pipelines, such as continuous integration / continuous development (CI/CD) and integrated Development – Security – Operations (DevSecOps) approaches to development. Such pipelines often rely on external security measures, which may contain systemic failures and lack engineering rigor. Rectifying these competing concerns requires the development of comprehensive security engineering approaches that effectively reduce the introduction and exploitation of vulnerabilities in modern AI and AI-enabled developments.”
“The award of this Phase II SBIR award is an important milestone for ObjectSecurity and underscores the strength of our science innovation that underwent rigorous peer review. It allows us to prioritize research efforts into needed features for the Air Force and others,” said Ulrich Lang, CEO of ObjectSecurity. “SBIR contracts allow us to research and develop advanced concepts that feed into rapid product development, enabling us to commercialize next-generation innovative products that will bring tremendous value to the Air Force, and our customers across all industries. Most of our solutions leverage state-of-the art approaches such as Artificial Intelligence and Machine Learning (AI/ML). We are committed to leading this initiative with the Air Force to protect the Air Force’s systems from adversaries by delivering advanced next-generation technology solutions.”