Interview with Prof. Dipankar Dasgupta of University of Memphis, chair of the 2017 IEEE Symposium on Computational Intelligence in Cybersecurity (Interviewed by Dr. David Fogel, co-chair, 2017 IEEE Symposium Series on Computational Intelligence).
Prof. Dasgupta has more than 20 years of experience in computational intelligence, working with artificial immune systems, evolutionary algorithms, and for more than a decade focusing on the application of these and other techniques to problems in cybersecurity. Prof. Dasgupta is chairman of the upcoming 2017 IEEE Symposium on Computational Intelligence in Cybersecurity, to be held as part of the 2017 IEEE Symposium Series on Computational Intelligence, held in Honolulu, HI, Nov. 27-Dec. 1. With cybersecurity ever present on many of our minds, I had an opportunity to ask Prof. Dasgupta for more information on the application of computational intelligence methods in this area.
DF: We hear a lot about cybersecurity in the news these days. How can computational intelligence methods be used to help with cybersecurity?
DD: The cyberspace has become an integral part of our daily activities: social, economic, political, religious, healthcare and in other aspects. Without the availability of the Internet, today’s businesses, government, and society cannot function properly. While the potential benefits of this cyber-connectivity are unlimited, this virtual world has also become the hackers’ playground, the underworld’s marketplace, the nation-states’ battle ground, and an online vehicle for spreading propaganda and misinformation. In order to protect the Internet users from identity theft, phishing, spam, and other cyber infrastructure threats, we need flexible, adaptable and robust cyber defense systems, Computational intelligence (CI) techniques have shown to provide efficient solutions to address many of these problems (if used properly). Computational intelligence constitutes an umbrella of techniques that include machine learning, fuzzy logic, evolutionary computation, intelligent agent systems, neural networks, cellular automata, artificial immune systems, game theory, and other similar computational models. These techniques are widely used in different cybersecurity applications such as online behavior monitoring, e-fraud detection, robust decision support modules to enhance the protection of computing devices, and information infrastructure at different levels.
DF: Which machine learning methods are most appropriate for discovering new patterns of cyber attacks?
DD: Recently, machine learning (ML) techniques are increasingly being used in cyber defense; some have applied support vector machine, Bayesian networks, decision trees, etc.. Others have used deep-learning neural networks and large-scale ML techniques (in Hadoop or other Bigdata platform for distributed computing). These works reported improved results in the detection and classification of known attacks. However, detecting new attack patterns or zero-day attacks (with minimum false alarm rate) still remains a real security challenge. In most cases these attacks get detected after-the-fact via off-line analysis of audit logs. However, I argue that there are some nature-inspired techniques such as evolutionary algorithms, immunological computation, swarm optimization, etc. (if used properly in combination with other methods) that may have excellent potential in developing survivable and self-healing cyber systems. Some possible research directions were highlighted in a report at National Cyber Leap Year Summit 2009, where I served as a co-chair for the Nature-Inspired Cyber Defense track. The entire report is available from the NITRD website:
DF: Cybersecurity always presents a challenge in that an opposing actor is always trying to find a way to defeat your security. Does adversarial gaming play a role in applying computational intelligence in cybersecurity?
DD: Cyber defense is a continuously changing attack landscape as the software/hardware components are added and/or updated more frequently at different layers of cyber systems for additional functionalities and/or improved usability while these may not be security-enabled. Attackers exploit these vulnerabilities and find attack paths to compromise the target systems. Over the years, researchers developed different adversarial learning models and game-theoretic approaches to address these issues, and there are dedicated workshops focusing on these topics. One of our studies, a class of cyberattacks called Distributed Denial of Service (DDoS) and possible countermeasures were simulated as a two-player general-sum game. In another work, we investigated an evolutionary approach to generate gaming strategies for the Attacker-Defender in simulated cyber warfare. In this study, given a network environment, attack graphs were defined in an anticipation game framework to generate action strategies by analyzing (local/global) vulnerabilities and security measures. There still exists a significant research opportunity in realistically modeling adversarial behavior and developing CI-based defense strategies. Moreover, the potential for using CI for insider threat detection is a new research direction.
DF: What have been the greatest advancements in applying computational intelligence to cybersecurity over the past 10 years?
DD: The achievement of applying computational intelligence in cybersecurity is difficult to quantify. Cyber security venders may not disclose the details of actual technology they use for proprietary reasons. However, to my knowledge, more than 100 papers were published in SSCI-CICS during the last decade and many articles have been published in other venues which resulted in significant achievements.
DF: What would someone not working directly in cybersecurity gain by attending your symposium at 2017 IEEE SSCI?
DD: Cyber security is a soft and hybrid science, and CI may be considered as a problem solver for security-related problems in many domains. Nowadays, all computing devices including IoTs and mobile-health sensors are cyber-connected for information sharing, storing, and making quick decision processing. However, it opens doors to various attacks and exploits from both inside and outside. For example, an attacker might control a device and uses it to steal information from another mission critical device, or even launches DoS attacks to such cyber-enabled devices. The multi-faceted CI approaches can provide a smart security paradigm such as designing survivable, resilient, and self-healing systems, or detecting fraud and illicit behavior in a cloud computing environment where the provider-consumer control perimeters cannot be well-defined. Also CI techniques can make intelligent decisions (in near real-time) in detecting a wide variety of threats and attacks, including active and passive attacks, external attacks and internal misuses, known and unknown attacks, viruses and spam, etc. Researchers in areas outside cybersecurity should be able to make direct and indirect connections to many of their own problems by learning from the presentations in our symposiums.
Dipankar Dasgupta: University of Memphis, USA firstname.lastname@example.org. http://web0.cs.memphis.edu/~dasgupta/
David Fogel: Natural Selection, Inc., 6480 Weathers Pl., Suite 350, San Diego, CA 92121, email@example.com. (858) 455-6449. www.natural-selection.com
The 2017 IEEE Symposium Series on Computational Intelligence can be found at: http://www.ieee-ssci.org
To read more:
See the reference contained in the interview, and also:
James M. Keller, Derong Liu, and David B. Fogel, Fundamentals of Computational Intelligence: Neural Networks, Fuzzy Logic, and Evolutionary Computation, John Wiley, NY, 2016
© 2017, David Fogel.