When it comes to identifying early cyber threats, it’s important to have laser-like precision. Mapping out a threat environment can be done with a range of approaches, and a team of researchers from Purdue University created a new system for just such applications. They are calling that approach LIDAR, or “lifelong, intelligent, diverse, agile and robust.”
This is not to be confused with LiDAR, for Light Detection and Ranging, a kind of remote sensing system that uses laser pulses to measure distances from the sensor. The light-specific LiDAR, sometimes also written LIDAR, is a valuable tool for remote sensing and mapping, and features prominently in the awareness tools of self-driving vehicles.
Purdue’s LIDAR, instead, is a kind of architecture for network security. It can adapt to threats, thanks in part to its ability to learn three ways. These include supervised machine learning, where an algorithm looks at unusual features in the system and compares them to known attacks. An unsupervised machine learning component looks through the whole system for anything unusual, not just unusual features that resemble attacks. These two machine-learning components are mediated by a rules-based supervisor.
“One of the fascinating things about LIDAR is that the rule-based learning component really serves as the brain for the operation,” said Aly El Gamal, an assistant professor of electrical and computer engineering in Purdue’s College of Engineering. “That component takes the information from the other two parts and decides the validity of a potential attack and necessary steps to move forward.”
By knowing existing attacks, matching to detected threats, and learning from experience, this LIDAR system can potentially offer a long-term solution based on how the machines themselves become more capable over time.
Aiding the security approach, said the researchers, is the use of a “novel curiosity-driven honeypot,” which can like a carnivorous pitcher plant lure attackers and then trap them where they will do no harm. Once attackers are trapped, it is possible the learning algorithm can incorporate new information about the threat, and adapt to prevent future attacks making it through.
The research team behind this LIDAR approach is looking to patent the technology for commercialization. In the process, they may also want to settle on a less-confusing moniker. Otherwise, we may stumble into a future where users securing a network of LiDAR sensors with LIDAR have to enact an entire “Who’s on First?” routine every time they update their cybersecurity.