Correction appended
An "arms race" is quickly evolving between computer security programmers and the hackers determined to compromise those programs, according to Richard Lippmann, a senior staff member at the Massachusetts Institute of Technology's Information Systems Technology Group. Lippmann presented ways to combat hackers' evolving techniques and increasing determination in his lecture, "Using Machine Learning to Improve Security in Adversarial Environments," held Friday in Spanos Auditorium.
If systems programmers want to outsmart their opponents, they must familiarize themselves with potential attack techniques and develop coherent defense mechanisms to ensure that the attacks can be blocked, Lippmann said.
"Cyber adversaries have a very wide choice of attack mechanisms," he said.
In 2009, there were 5,155 detected vulnerabilities in security systems that potential adversaries could exploit, according to Lippmann.
Lippmann pointed to the attacks' increasing sophistication as an indicator of the developing conflict between programmers and hackers.
While spam began as simple text sent through e-mails, it evolved into text accompanied by complicated images. It eventually transformed into targeted attacks known as "spear phishing," through which hackers try to obtain access to confidential information. As an example, Lippman explained that an individual might send a message that is disguised as a subpoena from a United States District Court to chief executive officers of large companies.
"[The hackers] knowing everything is the worst case scenario," he said. "They can test your system and reverse engineer their attack."
Hackers can exploit security systems in two main ways, including gaining access to training data, which is used to simulate attacks on security systems. Other hackers can determine the type of classifier used by a particular system so that they can implement the "right kind of attack," Lippmann said.
The necessary "taxonomy of defense" against hackers draws attention to several methods that programmers can use to protect systems from security breaches, Lippman said.
Detecting the website that serves as the attack's source provides insight into the geographic area where a specific attack originated, according to Lippman.
The number of viral attacks varies greatly by nation, Lippmann said. South Korea, for example, has the lowest rate of malicious activity in the world due to its strong Internet anti-defamation rules and its requirement of a nationally-issued individual ID number that is necessary when posting on large web servers, he said.
Lippmann also encouraged programmers to deny hackers access to training data and classifier information. If programmers use a "committee of multiple classifiers and randomized parameters," it is more difficult for attackers to reverse engineer security systems, Lippman said. Ensuring that the security systems' detection methods are as accurate and as robust as possible is also important, he said. The ability to adapt rapidly to changing attacks will be essential if programmers hope to evade hackers, according to Lippmann. Security systems should be retrained and updated frequently since defense techniques can quickly become outdated and ineffective, Lippman said.
"Adversarial learning engenders an arms race," he said. "To survive, you must proactively perform an analysis of available attacks and choose effective defenses."
This lecture was one installment of the Jones Seminars on Science, Technology and Society hosted by the Thayer School of Engineering.
Approximately 100 people, a majority of whom were graduate school students and community members, attended the lecture. Students at the lecture interviewed by The Dartmouth said that attendance was mandatory for their Engineering Design Methodology and Project Completion course.
