The arena of cyber security threat and intrusion detection and mitigation is growing exponentially, and the advanced persistent threat lies in the energy, creativity and resources of the world of governmental, industrial, criminal and casual cyber attackers. Traditional defenses that rely upon detection, analysis and reaction are insufficient in the onslaught of threats that are encountered every day. The non-criminal world moves slowly, relying upon debate, consensus and jurisprudence to restore confidence and trust in our institutions. This pace is glacial in comparison with the hypersonic speed of the un-thwarted and un-restrained attackers of our information systems.
Evolution is the heart of new ideas. They are created through the processes randomly arising out of a myriad of related issues and then facing the tests of survival in the arena of logical thought and practical applications.
Neural networks are early models for learning machines, being proposed for development and implementation in the middle of the 20th Century. A neural network is a model based upon the structure of the neural networks in the human brain and classically consists of a large number of neuron-models, developed as computational devices, and connected together in a complex network for communication.
The primary difference between an artificial neural network and the brain lies in the increased complexity of neural nodes and interconnection pathways in the human brain that show a high degree of randomness in comparison with the more formally rigid interconnectivity of the neural network computational devices. Introduction of randomness in the artificial network has not been sufficiently pursued to prove or disprove its value in an artificial learning machine. As the actual human brain network is increasingly understood in the future there may be an opportunity to devise a more sophisticated neural network model of the brain.
An example of a traditional approach to cyber security that does not include any forecasting is the MITRE proposal for a World-Class Cybersecurity Operations Center. See Carson Zimmerman, “Ten Strategies of a World-Class Cybersecurity Operations Center,” MITRE 2014. This proposal does call for a Red Team that is mandated to “actually execute an attack covering the entire cyber-attack life cycle against a segment of the enterprise that is important to the constituency mission.” Id. However there is no role for threat anticipation in the proposal, instead it relies upon conventional and documented antivirus and antispyware, all of which are well known and understood by threat developers and therefore easily overcome by malfeasants. The MITRE threat assessment requires that the Cyber security Operations Center “understands the adversary and effectively responds to incidents”, which is unfortunately an after-the-fact reaction to a persistent and successful intruder. See id. This approach is not conducive to solving the cyber threat atmosphere that is growing exponentially across the globe.
Thus, there is a lack of capability for anticipating cyber-threats, other than through the employment of Red Teams and the development of realistic and meaningful advanced area scenarios. The number of scenarios is very large and thus impractical to explore within a reasonable time. The current ability to anticipate the developments of the creative and dedicated minds of individuals and governmental cyber attackers and malign organizations to intrude upon our information security is nearly zero. Traditional response-to-attack methods are only effective after the damage has been perpetrated, and the delay times between successful intrusion and detection and defensive response continues to be measured in months rather than seconds.