In 2017, cyber security firm Dragos caught a hacker group known as Xenotime attempting to install never-before-seen malware into the industrial control systems (ICS) of dozens of power grids.
The group has not yet gained access to any power grid, but it continues to attempt credential snuffing, network scans and reverse engineering on ICS, according to Ars Technica Security Editor Dan Goodin in “Hackers Behind Dangerous Oil and Gas Intrusions Are Probing U.S. Power Grids.”
“Most observed XENOTIME activity focuses on initial information gathering and access operations necessary for follow-on ICS intrusion operations,” Dragos researchers explain in Goodin’s article.
“As seen in long-running state-sponsored intrusions into U.S., U.K. and other electric infrastructure, entities are increasingly interested in the fundamentals of ICS operations and displaying all the hallmarks associated with information and access acquisition necessary to conduct future attacks.”
With mission-critical utilities on the line, cyber security intrusion detection is becoming an integral part of maintaining safe and reliably secure networks both on the internet at large and on industrial intranets.
An online cyber security master’s degree can introduce cyber security professionals to the security flaws, exploits and unauthorized access incidents they will see during their career. A Master of Science in Cyber Security (MSCS) degree can also familiarize them with the tools necessary to combat hackers: intrusion detection systems (IDS).
What Is an Intrusion Detection System?
Most large businesses and corporations, as well as government entities, wisely invest in both IDS software programs and hardware devices and appliances in an effort to catch would-be hackers before a major security breach occurs.
Two types of IDS exist — host-based and network-based — according to Mary K. Pratt’s CSOonline.com article, “What Is an Intrusion Detection System? How an IDS Spots Threats.” These two categories refer to where security professionals place IDS software and hardware — on the business’s network or at the host/endpoint.
Both types monitor traffic flowing through systems and networks for any type of suspicious activity. IDS technology is passive in nature and does not block or prevent suspicious attempts the way a firewall does. For this reason, corporate cyber security departments generally purchase IDS as part of a suite of products.
When an automated IDS detects suspicious incidents, it flags them and sends alerts to cyber security experts. Knowledgeable, experienced cyber security professionals are imperative because automated intrusion detection often yields false positives and can sometimes miss legitimate threats from hackers who learn how to bypass IDS.
Machine learning technology plays a large part in IDS, cyber security authority Alexander Polyakov writes in “Machine Learning for Cybersecurity 101” for TowardsDataScience.com. Ways that artificial intelligence (AI) and machine learning (ML) help with IDS include:
- Predicting network traffic packet parameters and comparing them
- Identifying different classes of network attacks
- Clustering data for forensic analysis
- Predicting and comparing the next system call for executable processes
- Dividing programs into categories such as malware, spyware and ransomware
- Clustering data for malware protection on secure email gateways
AI and Intrusion Detection
Polyakov points out just how important AI and ML are to IDS defenses. Data mining continues to build massive databases of information that can aid in detecting intrusions. AI algorithms put these databases to better, more intelligent use, making the task of hacking past cyber security defenses more difficult for malicious actors.
Machine learning still requires constant human supervision, however, and observant cyber security professionals working with ML systems still yield the best results.
Traditional IDS searched only for known attacks and anomalies, so sophisticated hackers could bypass IDS safeguards with little effort, according to IBM MSS SIEM analyst Mutaz Alsallal’s “Applying Machine Learning to Improve Your Intrusion Detection System” on SecurityIntelligence.com.
All that hackers needed to know to beat a network’s defenses was which attack approaches IDS systems were programmed to look for and how to avoid using those approaches.
Alsallal instructs cyber security professionals working in IDS to work hand in hand with AI and ML algorithms to:
- Analyze network traffic at packet, connection and session levels
- Extract features that help distinguish between normal and harmful traffic
- Create useful data sets and test those data sets via penetration testing
- Select and classify features (some features might be too specific for ML to work with; generic features present in most legitimate traffic work best)
Graduates of cyber security graduate programs can expect to work with IDS throughout their careers. And as AI progresses and ML applications become smarter, they will be needed to assist IDS in differentiating between harmless and harmful network traffic. Intrusion detection systems are now an integral part of a full-featured cyber security defense.
University of North Dakota’s Master of Science in Cyber Security Program
Choosing the right online cyber security master’s program is crucial. The best programs offer courses that keep current with today’s cyber security issues and concerns.
UND’s online cyber security master’s degree program is accredited by the Higher Learning Commission and ranked by U.S. News & World Report as one of the Top 25 Most Innovative Schools (2018), alongside such prestigious institutions as Stanford, Harvard and MIT.
UND offers a cyber security curriculum that prepares students for careers in cyber security with concentrations in Autonomous Systems Cyber Security, Cyber Security and Behavior, Data Security, and General Cyber Security. For more information, visit the program’s website.
Hackers Behind Dangerous Oil and Gas Intrusions are Probing US Power Grids – ArsTechnica.com
What Is an Intrusion Detection System? How an IDS Spots Threats – CSOonline.com
Machine Learning for Cybersecurity 101 – TowardsDataScience.com
Applying Machine Learning to Improve Your Intrusion Detection System – SecurityIntelligence.com