DARPA has selected BAE Systems for a four-year effort to develop new automated, adversary-resistant cyber threat detection tools needed to protect large commercial and military enterprise networks capable from advanced persistent threats, the company said on Tuesday.
BAE Systems will work with DARPA on the Cyber-Hunting at Scale (CHASE) program to build on its existing capabilities and add tools for eliminating potential cyber attacks at the first sign of a threat.
“The goal of CHASE is to build tools that can process, at scale, massive data collected by the large distributed systems or networks used at both enterprise, government and military levels. The idea is to do this while still being able to dive into the low-level details needed to detect and defeat an advanced attack in real time,” Sam Hamilton, a chief scientist in BAE System’s cyber technology group, told Defense Daily. “BAE Systems has been working on cyber hunt technology for years, but the innovations on CHASE really are going to be a giant leap forward.”
Under the contract, originally awarded June 26, BAE is responsible for adapting its cyber hunt technology with adversary-resistant machine learning algorithms and fully integrated sensor capabilities.
Adversaries are currently able to manipulate data feeds and collect intelligence needed to build cyber threat models that identify vulnerabilities in detection technology and work around current detection technology, according to Hamilton.
“This is a very new field. So BAE Systems’ machine learning approach is specifically designed to combat this by introducing mechanisms directly in the underlying learning algorithms to detect and adapt to subtle manipulations of the machine learning process by an adversary,” Hamilton said.
Tools developed under CHASE would work to ensure even the smallest traces of suspicious activity are picked up and all detection vulnerabilities are mitigated, according to Hamilton.
“This should be a massive improvement in the ability to detect zero-day threats that are perfectly sculpted to avoid detection with good understanding of the defensive resources that we already have deployed. We expect it to be extremely challenging to beat the system,” Hamilton said.
CHASE would also include building in integrated sensors capable of picking up suspicious traces of malware hiding in memory stored in a single machine, areas that require greater resources to scan and track down. Hamilton said BAE Systems’ tools would automate the process of grabbing detailed data from the areas that cyber teams would not usually try to backup on a consistent basis.
“That’s a massive improvement in the ability to detect and defeat attacks,” Hamilton said. “This means it will be able to do a cost-benefit analysis of deployment of network resources. This allows you to get really quite detailed data when there’s suspicion in a way you really couldn’t in the past.”
Hamilton expects BAE Systems to be among the first testers of the technology following development in the CHASE program, with anticipated DoD interest in using similar capabilities to defend against cyber threats to weapons systems.
“Whether or not CHASE will fund development of specific sensors to go onto less traditional platforms is going to be up to the DARPA program manager. But that is absolutely an interest to BAE Systems,” Hamilton said.
Beyond CHASE, Hamilton sees an opportunity for the eventual technology to be used to solve persistent challenges cross-organizational coordination on combating shared cyber threats.
“We believe the types of technologies we’re working on in CHASE should be able to identify the specific characteristics that are indicators of an ongoing attack with sufficient anonymity to be able to share across organizational boundaries without sharing private information,” Hamilton said.