T2017-357 Data-Driven Inspection, Alerts, Maintenance, Observable Network Decision Control System with Cyber Action Taker to Address Less Inspected Hosts Including Cell Phones
Cyber security is an important facet of many major corporations and government entities. The implementation of effective cyber security protocols is an arduous process because the most targeted individuals, C-suite and boardroom level personnel, understand the protocols the least. A lack of adherence to protocols can cause vulnerabilities. Exploitation of a vulnerability can overwhelm the IT staff, which leads to unresolved security issues. Cyber security firms have pioneered a number of solutions to reduce the likelihood of a single mistake taking down a system, but no system is perfect. To decrease the manual workload the IT industry has turned to artificial intelligence, specifically machine learning that train computers to find potential security holes in real time.
Researchers at The Ohio State University, led by Dr. Ted Allen, have developed the Data-Driven Inspection, Alerts, Maintenance, Observable Network Decision (DIAMOND). DIAMOND is a data-driven neural network trained to monitor communication within a network, especially mobile hosts, such as cell phones, to increase cyber security. Originally intended to observe single transitions in research robotics, the program analyzes multiple sources across an entire system. The work improves upon previously defined systems, such as the Bayesian Adaptive Markov Decision Processes (BAMDP) and a Partially observable Markov decision process (POMDP). These improvements to the machine learning process have produced a program that monitors a network in real time and alerts IT staff to critical vulnerabilities before they are exploited.
- Cyber Security
- Mobile Network Security
- DIAMOND may have a similar scope and require less human intervention for some applications than some versions of IBM's Watson.
- The technology helps organizations to begin scanning, patching, and other actions to hosts of types that they currently only address in limited ways including erasing vulnerabilities in non-fixed IP addresses.