Detecting Cyber Attacks As Soon As They Start

Charlie Feigenoff
October 10, 2019

The WannaCry cryptoworm infected more than 230,000 computers in over 150 countries in 2017.

That cyber attack shut down National Health Service hospitals in England and Scotland, and FedEx, Spain’s Telefonica, and Honda were among the hundreds of companies also affected. The economic losses are estimated to have reached several billion dollars.

“Real world attack campaigns have become more sophisticated, coordinated and destructive over time,” said Professor Malathi Veeraraghavan, of the University of Virginia School of Engineering and Applied Science. “Attacks like WannaCry are only the tip of the iceberg. There are other, more stealthy and more damaging approaches that can remain undetected in victim organizations for years.”

Veeraraghavan, along with UVA School of Data Science Senior Associate Dean Donald Brown, Computer Science Professor Jack Davidson and UVA Information Security Engineer Jeffrey Collyer, secured a nearly $7.6 million contract from the Defense Advanced Research Projects Agency (DARPA) to detect these broad-spectrum cyber threats almost immediately after they are launched.

“We can use machine learning techniques to take massive amounts of data, and not only discover events before they do any damage but share them across organizations while preserving privacy,” Brown said. 

To do this, the researchers will monitor data from host computers logs, authentication attempts and network traffic from multiple enterprises, and subject this data to optimized machine learning techniques capable of detecting the anomalies that are the first sign of an intrusion. In addition to managing the ongoing analysis of an extremely large volume of data, a key challenge for the team is preserving privacy. To address this issue, the team will develop deep neural network learning methods that do not require enterprises to send their data to a global repository.

“We have set ourselves a very ambitious challenge,” Veeraraghavan said, “but the benefits of early detection make it worth the effort. And we have assembled a team with the talent and expertise to be successful.”