Wonder

Log in

Research Outline

Prepared for Amanda K. | Delivered December 15, 2019

Non-AI Cyber Security Defensive Technologies

Goals

  • To identify countermeasures or technologies (asides from AI tech) that have been used in defending against AI threats.

Early Findings

  • According to Jason Matheny, founding director of Georgetown University’s Walsh School of Foreign Service Center for Security and Emerging Technology, less than 1% of total AI research and development funding is going toward developing technologies that prevent or fight threats.
  • The cybersecurity community is developing "Defensive AI" technologies and solutions that will "rapidly detect and contain any emerging cyber threats," giving cybersecurity experts time to finish fighting them.
Deception Technology
  • Deception technology is used to face threats related to network breaches resulting in stolen information, planted virusts (like trojan horses) and more.
  • Deception technology is "the integration of deception tactics into security tools and automation, meant to attract intruders away from real assets and trap or detain them in areas modeled after real storage or network areas."
  • Deception technologies, systems, products, and services being developed today build upon the principles of early deception technologies like the honeypot.
  • The classic honeypot creates planted data designed to be appealing to attackers, such as decoy password lists, false databases, fake access to other regions. Intruders entering a network follow the planted data straight to the honeypot, which alerts security and distracts the intruder by feeding them engineered information.
  • Deception technologies developed today involve not just using planted data but creating entire false decoy networks that run on existing infrastructure but are unused by any genuine staff. They provide rapid detection of threats and attacks that is rarely wrong, meaning there are minimum false positive reports of attacks.
  • A well-designed deceptive strategy blends into and communicates across an environment so well that attackers, rather human or AI, don't realize it is fake.
  • Decoy networks must include bait such as breadcrumbs, lures, and credentials authentic-looking enough to guide attackers away into the decoy network, where threats can be "contained, monitored and analyzed."
  • Since no one ever has a legitimate reason to touch any part of the decoy network, an alert is sent to the company's cybersecurity team if a threat or intruder is detected in any part of it.
  • The overall impact of deception technology is saving companies from the damages caused by attacks by tricking the attackers into entering a decoy network instead of a legitimate one.
Summary of our findings
  • During this hour of research, we were able to find one form of deception technology, creating decoy networks, that can be used to fight threats from attackers, both human and AI. We also found a potential defensive deception technology: DNS sinkholes or Sink-holed C&C servers, that could be researched futher.