Cybersecurity Artifical Intelligence
In 2010, we embarked on a multi-year interdisciplinary research project to build AI to detect when cyber insiders (an outside intruder or a rogue insider) are active within a network. Our approach models normal behaviors from multiple data sources inside a network and detects anomalous changes that are consistent with adversary activity. This approach demonstrates aspects of third-wave AI like explainability and model-based learning of sparse data, that are more sophisticated and efficient than deep learning.
Intrusion tolerant cyber systems maintain certain performance characteristics even when components have been compromised. Our work focuses on managing trust relationships, and specifically authentication mechanisms, in complex systems.