The Pentagon is looking to get into the weeds with cyber defense, using artificial intelligence to hunt down attacks that may use the size and complexity of its systems to hide out while waiting to strike.
The Defense Advanced Research Projects Agency (DARPA) recently launched the Cyber-Hunting at Scale (CHASE) program, which aims to use advanced algorithms and jacked up processing speeds to enable real-time tracking of large volumes of data to finds attacks that could be hidden in the immense amounts of information and/or the many layers of DoD’s networks.
DARPA, the Department of Defense’s lead research arm, just awarded BAE Systems a $5.2 million contract to work on all three phases of the four-year program, under which further contracts also could be awarded.
“Cyber hunt teams are currently massively overburdened and can only look at a small percentage of data collected using filters. Advanced adversaries take advantage of this,” Sam Hamilton, BAE Systems’ chief scientist, told Warrior Maven. “Sophisticated adversaries understand today’s cyber defense chain very well and are building things to defeat it.” Under the contract, BAE will work on phases 1, 2 , and 3 of the program.
The size and distributed nature of an infrastructure as big and global as DoD’s creates a difficult challenge of defending against all the different ways attackers can get in, particularly sophisticated attackers using multi-pronged methods, DARPA said in explaining the CHASE program. Networks aren’t equipped to collect, share, and respond to all the threat intelligence that comes in from the many points of DoD’s operations. That data exceeds storage and analysis capacity, leaving only some of it analyzed. Some relevant data may even be deleted before it can be examined. And beyond the matter of scale, current cyber defense tools aren’t made to proactively detect novel attacks or those that cut across traditional boundaries such as host and network data.
DARPA wants to use AI and what it calls a new caliber of processing to sort through incoming information at machine speed. It will compare incoming data against historical precedents in a large database, and identify the patterns of potential attacks, allowing human cyber hunters to identify advanced attacks that, without the tools CHASE hopes to develop, would have been hidden inside the network.
“The CHASE program seeks to develop automated tools to detect and characterize novel attack vectors, collect the right contextual data, and disseminate protective measures both within and across enterprises,” Program Manager Jennifer Roberts said in a statement.
The two-year first phase of the program will focus on developing technology components, while the second phase will work on integrating prototype components, and the third phase will make the tools available to the military services and other Federal agencies.
The program has five technical areas: threat detection and characterization, informed data planning, global analysis, protective measure generation and dissemination, and infrastructure for evaluation exercises. In a pre-solicitation issued May 31, the research agency said it expected to select several contractors for the first four technical areas, and a single contractor for the fifth. The agency is accepting responses to its solicitation until Aug. 22.