The Autonomic Intelligent Cyber Sensor can identify and divert hackers without human intervention.
“Black Sky Event.” It’s a nightmare scenario for federal cybersecurity officials: Hackers break into vulnerable power grids, shutting down electricity for critical infrastructure across wide swaths of the country.
Milos Manic, professor of computer science and director of the Virginia Commonwealth University’s Cybersecurity Center, and his team are working with colleagues at the Idaho National Laboratory on programs to prevent just such a disaster. Their Autonomic Intelligent Cyber Sensor (AICS), developed with funding from the Department of Energy, employs artificial intelligence to detect intruders, isolate them and even possibly retaliate against them.
AICS uses a proprietary cluster algorithm to learn and map the business and operational systems so it can recognize anomalies, according to Idaho National Lab. It constantly monitors not only network traffic across industrial control systems, but its sensors keep tabs on voltages and amperages in connected systems to look for irregularities indicating an intruder is present, according to Manic.
“A lot of people are trying to look for specific behaviors. Depending on the level of experience of the operator, they may actually miss a lot of things … [because they're] focusing on something that they have seen in the past, that they are familiar with,” Manic said. There might be signs of intruders in the system, he added, but operators "cannot connect the dots." AICS uses machine learning to add to its knowledgebase of threats, making it better able to identify threats as time goes on.
AICS also employs honeypots, monitored networks that appear to be part of the production system but that isolate and quarantine intruders. AI is used to update these virtual decoys in ways that mimic a live network so prevent intruders do not realize they are being observed. Once in the honeypot, and intruder can be tracked, analyzed, diverted from targeted systems and potentially hacked back.
According to Manic, the VCU team has been working closely, though not exclusively, with the Department of Energy in developing AICS. That’s why the public focus has been largely on the anomaly detection capabilities of AICS and not on its tools for “hacking back” on intruders.
According to Manic, AICS has been patented, and one company has so far licensed the technology.
The team is currently focusing on making AICS’s inner workings more explainable. “With deployment of all these AI machine-learning techniques there has been an uphill struggle for people to adopt them because of lack of understanding and a lack of trust,” Manic said.
"We've been working on trustworthy explainable intelligence," he said. "While we [can] prove that they work, we haven't been able to decompose them and showing how they actually work," he added.