Autonomous cyber defence tools
Associate Professor Hung Nguyen
The digital networks we use every day for business, recreation and security have become so complex that it’s impossible for anyone to understand and eliminate all the vulnerabilities in a given system, even with the most advanced tools.
In addition, our defence is often designed to be static, so the information and how you access it stays the same and you know where you need to go to find what you need.
The problem is that people who wish to attack our systems are not static. They can, for example, run multiple attempts to access networks until they find a weakness. Attackers need to be right only once whereas defenders need to be right all the time. Human network engineers struggle to keep networks safe and spend much of their time patching weaknesses once they have been exposed by attacks.
In partnership with DSTG and with funding from NGTF cyber, ARC and industry, A/Prof Hung Nguyen and his team are solving this problem using mathematics, AI and machine learning. He explains “We can create a graph which models all the key components in a complex system and their relationships, then teach a machine to interpret the graph, identifying possible pathways that an attacker could use to get into and move around the system. This creates an ‘active defence’ which means, for example, that we modify weaker areas to change at intervals. When an attacker tries to enter the system, they don’t find static information but a new variable each time which they need to try and overcome.
"We can also create algorithms using well-known computer science models such as ‘context-free grammar’ to train AI agents to effectively interpret the methods of the attackers, allowing us to better understand and anticipate what they may try next.
These techniques have already been tested in the real-world and have been very successful in identifying chokepoints which need actively defending in large, multi-user networks.
As our work evolves however, so do the attackers, making it vital that we continue to investigate new ways to defend our networks."