NSF funds institute to research AI-powered cybersecurity
NSF funds institute to research AI-powered cybersecurity
Malware. Ransomware. Zero-day exploits. There’s no rest when it comes to protection from cyberattacks. And in an increasingly connected world, with expanding cyber and cyber-physical spaces and access to tools like artificial intelligence, attacks are likely going to become more diverse and sophisticated.
Yung-Hsiang Lu, professor in Purdue University’s Elmore Family School of Electrical and Computer Engineering, is among a group of the nation’s best computer scientists and engineers that have come together to form the National Science Foundation-sponsored Institute for Agent-based Cyber Threat Intelligence and OperatioN (ACTION). This $20 million, five-year project is one of seven newly funded National Artificial Intelligence Research Institutes. ACTION brings the continuous learning – and now, reasoning – of AI to the constant situational awareness and actions that are fundamental to cybersecurity.
“AI is used routinely now for things like malware analysis to identify malicious documents and malicious webpages,” said UC Santa Barbara computer science professor and cybersecurity expert Giovanni Vigna, who will head the project. “What we don’t have are entities that are capable of reasoning. This is an opportunity to bring artificial intelligence and security together in a novel way.”
“The National AI Research Institutes are a critical component of our Nation’s AI innovation, infrastructure, technology, education and partnerships ecosystem,” said NSF Director Sethuraman Panchanathan. “These institutes are driving discoveries that will ensure our country is at the forefront of the global AI revolution.”
Dongyan Xu, the Samuel Conte Professor of Computer Science and director of CERIAS, the Center for Education and Research in Information Assurance and Security, is Purdue’s principal investigator and ACTION Institute's use-inspired research lead. He and five other Purdue faculty members – Elisa Bertino, Z. Berkay Celik, Ninghui Li, Yung-Hsiang Lu and Ming Yin – will join ACTION collaborators from the University of California, Santa Barbara; UC Berkeley; Georgia Institute of Technology; the University of Chicago; University of Washington; University of Illinois Chicago; Rutgers University; Norfolk State University; University of Illinois and University of Virginia.
Purdue University will serve as one of ACTION’s major hubs for research, education, workforce development and technology transfer, leveraging CERIAS programs and initiatives to engage faculty and students, as well as industry and government partners. The Purdue team will contribute expertise in key areas such as cyber-physical security; cyber-physical knowledge discovery, integration and reasoning; and human-AI agent collaboration across the end-to-end cyberdefense lifecycle.
“I am pleased with Purdue University’s involvement in the newly established NSF AI Institute, where our team of cybersecurity and AI experts will work side-by-side toward groundbreaking advancements in this critical and rapidly evolving field,” said Karen Plaut, Purdue executive vice president for research. “We are excited to be part of this transformative effort, and the timing couldn’t be better with our recent announcement of the Purdue Computes initiative."
Security-inspired AI and AI-empowered security
Here’s a possible scenario: Cybercriminals gain access to software used by a fictional smart city, a municipality whose water and power distribution infrastructure are automated and integrated. They introduce a software vulnerability that is both complex and too evasive to set off any cyber or physical alarms. From there they use this vulnerability to conduct a supply-chain attack that progressively compromises parts of the cyber-physical system in ways that may seem like glitches and unusual connections, but nothing the threat detection system has been trained to identify. Eventually, they gain access to control systems that allow them to shut down the water and power, effectively paralyzing the city. They do all of this by seemingly trivial actions through encrypted connections that are unnoticed by the intrusion detection systems.
It's not an entirely hypothetical situation. In fact, a similar hacking campaign was orchestrated in 2021 that compromised several U.S. government agencies by breaching applications monitoring software created by vendor SolarWinds. This type of attack, according to the researchers, is why a more sophisticated type of AI-powered cybersecurity is needed.
“There’s this concept of an AI ‘stack,’” Vigna said. “Imagine multiple layers of functionality that support AI in various ways, such as reasoning, learning, strategic planning and human-AI interaction.” This stack will enable the creation of autonomous, intelligent “agents” that will be able not only to identify a potential attack but also the attacker and also mount a response and conduct recovery.
The ACTION collaborators will begin by conducting research along four main thrusts: learning and reasoning with domain knowledge, human-agent interaction, multi-agent collaboration, and strategic gaming and tactical planning. These research thrusts act as the foundation of knowledge that can grow to handle large data sets, while extracting semantics and promoting inference and reasoning, in potentially adversarial and combative scenarios.
Meanwhile, the AI research will inform and be inspired by the end-to-end cyberdefense lifecycle. The ACTION collaborators will develop and customize intelligent agents equipped with the AI stack to perform four main tasks in the cyberdefense lifecycle: threat and vulnerability assessment, attack detection, attack attribution, and attack response and recovery. While performing these tasks, the agents will acquire new knowledge and experience that improves their effectiveness and efficiency over time.
“Today, any system that has a cyber component, such as a processor or sensor, may face cybersecurity threats,” Xu said. “Adversaries can survey, infiltrate and strike in a matter of seconds. ACTION’s intelligent agent approach to next-generation cybersecurity offers a promising opportunity to out-scale, out-speed and outwit the adversaries.”
In addition to developing next-generation AI and cybersecurity technologies, ACTION will implement learning and training programs to engage K-12, undergraduate and graduate students, postdoctoral researchers, and working professionals, with an emphasis on outreach to underrepresented communities and the goal of creating a “cybersecurity + AI” talent pipeline.