AI & Analytics
DARPA wants 'Cyber-Hunting at Scale'
- By Ross Wilkers
- Aug 17, 2018
BAE Systems’ U.S. arm will develop defensive cybersecurity tools that incorporate automation and mass data ingestion features among others under a $5.2 million contract with the Defense Advanced Research Projects Agency.
The goal is to create dynamic and adaptable threat-hunting technologies that can be used in any large government or commercial organization beyond just the military, said Sam Hamilton, a chief scientist in BAE Systems Inc.’s cyber technology group.
DARPA’s “Cyber-Hunting at Scale” program envisions a combination of both machine learning and cyberattack modeling tools to support both centralized analysis at security operations center and understanding of incidents at local network levels.
That mix of large-scale general analysis and detailed local understanding is currently not possible, Hamilton said. But adversaries are quickly gaining knowledge and access to the same automation and detection methods U.S. companies have and are making progress toward that goal.
BAE will likely first deploy its CHASE program across the company’s own networks before a rollout to Defense Department and other government networks.
The CHASE work in particular is aiming to determine “what kind of conclusions we’re likely to draw and influence (and) feed into our own organizational understanding of how machine learning systems operate, then reach conclusions in blind spots,” Hamilton said. “We’re building a tool that needs to drive human understandable conclusions and work with the development team.”
Federal agencies are exploring automation, machine learning, artificial intelligence and other similar robotic technologies as a means to handle and analyze large amounts of data in real-time. The idea is to give cyber defenders and other IT operators more leeway in applying institutional knowledge and reasoning of the broader landscape.
That said, the machines stand to gain institutional knowledge of their own under the CHASE concept. Beyond just looking for an answer there is also the angle of giving human cyber hunt teams a reason to look at a potential threat situation.
“The automation process has to leave a trail of logic behind decisions so humans can follow it up,” Hamilton said.
BAE has enlisted subcontractors and researchers for the CHASE program such as Digital Operatives, Dr. Ruslan Salakhutinov from Carnegie Mellon University, and Dr. Farshad Khorrami and a team from New York University.