Posted on October 26, 2020 by Wendy Frost

Researchers at The University of Texas at San Antonio College of Business Cyber Center for Security and Analytics have partnered with Raytheon Intelligence & Space to study the use of artificial intelligence to detect malicious attacks.

The project, funded by a $447,000 grant from Raytheon Intelligence & Space, is being led by Nicole Beebe, professor and chair of the Department of Information Systems and Cyber Security, Paul Rad, associate professor of information systems and cyber security, and Eric Bachura, assistant professor of information systems and cyber security. Luis Selvera, a graduate student, is also assisting with the project.

“Today’s security analysts and threat hunters are overloaded with data and mired down by manual processes,” said Beebe. “Automation, cyber analytics, machine learning, artificial intelligence and other enabling technologies need to be integrated into current concepts of operations to allow them to spend time on higher-priority mission activities. We are very excited to partner with Raytheon to solve these challenging problems.”

“Raytheon Technologies is proud to partner with UTSA’s world-class faculty who will bring cutting edge artificial intelligence and machine learning techniques to tackle urgent cyber challenges facing our nation’s computer systems,” said John DeSimone, vice president of Cyber, Training and Services at Raytheon Technologies. “Our partnership with UTSA demonstrates our commitment to leading innovation and to the continued development of expertise for our nation’s cyber workforce.”

Identifying abnormal behavior automatically to detect attacks on systems based on operational system and network logs could function as a powerful proactive security tool, especially during a pandemic, as more people are working remotely online.

The joint research with Raytheon Intelligence & Space resulted in anomaly detection from system and network logs using a transformer-based AI system, an automated way of detecting abnormal behavior from log files. “By combining natural language-based learning models, the anomaly detection framework parses the information stored in log data, learns normal behavior from the parsed log data and detects abnormal behaviors from new log entries,” said Rad.

Building upon previous work conducted by Cyber Center faculty, the team built a natural language processing model for detecting time-series patterns on logs. The model’s architecture consists of three components: parsing, training and detection. Then, the team trained the model using “normal” behavior patterns and known threats to predict future threats.

“With our language model, we wanted to determine if system log files and network logs could be treated similar to finding misinformation in text files or social networks,” said Rad. “Using transformer models, we learned the distribution of good vs. bad behavior, which would almost be undetectable to the human eye.”

In phase two of the project, which began this fall, the researchers will expand their approach to multimodal log files and build a federated AI algorithm, as well as develop a spectral feature-based approach to anomaly detection.

UTSA’s Cyber Center for Security and Analytics conducts high-impact, applied cyber security and data science research, development, operations and training to address imperative societal issues and national challenges.

— Wendy Frost