How industry, academia and government are working together to benefit the defence community

In a ground-breaking collaboration, researchers from Airbus and Cardiff University have used artificial intelligence (AI) to deliver a new, more effective way to protect computers and other devices from cyber-attacks.  

Together with experts from Airbus, researchers from the university are combining AI, machine learning (ML) and big data analytics to protect corporate IT networks, intellectual property and critical national infrastructure against emerging challenges in cyber-security. 

The goal is automated threat detection 

Dr Matilda Rhode, head of cyber innovation and scouting at the Airbus Centre of Excellence in Cyber Security Analytics at Cardiff University, says: 

“As attackers become more and more adept at avoiding detection, we need to focus on real-time defences to help secure not only our laptops and computers but also our smart speakers, thermostats, cars and refrigerators as the ‘internet of things’ becomes more prevalent. 

“Where traditional antivirus software detects threats as they occur, this new method uses AI to monitor and predict the behaviour of malware.  

“This is an important step towards automated real-time threat detection: as a result, a virus can be detected and killed in 0.3 seconds and up to 92% of files on a computer can be protected from corruption.” 

Harnessing sophisticated AI and data analytics for attack detection is a key approach in the future protection of critical systems. Ultimately, it will enable security teams to handle more threats, of greater complexity, with fewer people. 

AI enables real-time response 

Security incident and event management (SIEM) involves large pattern analysis, which is where AI and ML really excel as they are able to draw out patterns from huge volumes of data. AI and ML are already proving their worth in spotting zero-day malware, identifying and prioritising threats and – in some cases – taking automated actions to quickly remediate security issues at scale.  

But this new method goes a step further, as Dr Rhode explains: 

“Security solutions are predominantly reactive. Traditional antivirus software will look at the code structure of a piece of malware, say ‘that looks familiar’ and then add it to malware lists or monitor for known behaviours. The problem is, though, that malware authors can exploit the detection software to make it look like something unknown. 

“The new AI algorithms work by first learning from real-world malicious threats running alongside the normal programs that a user would have on their PC.  

“The ability to react in real time using automation means we can now respond immediately to how a piece of malware behaves. Once it starts attacking a system – opening a port, creating a process, or downloading some data in a particular order – it leaves behind a fingerprint. We can then use that to build a behavioural profile.” 

Using data modelling, cyber-security analytics enables the detection and blocking of malicious behaviour before it reaches maximum impact. It also helps build an understanding of what motivates the behaviour, what its likely impact will be, and how best to communicate security alerts among decision and policy makers. 

Collaboration between academia, government and industry delivers tangible results 

The new system is just one result of a collaboration – the first of its kind in Europe – between Cardiff University, Airbus and the Welsh Government.  

This collaboration allows rapid transfer of research into operational activities and allows academics to feed directly into the UK Government’s strategy to make the UK more resilient to cyber-attacks. It has already delivered tangible results: new AI-based behavioural DNA profiling of machine activity has been integrated into Airbus’ security operations centre. 

Find out more at Jisc Security Conference

Find out more about the collaborative work between Cardiff University and Airbus at Jisc’s security conference on November 7: From research to product: AI for cyber security innovation by Dr Matilda Rhode and Dr Pete Burnap, professor of data science and cyber-security, Cardiff University. They will also introduce the Cyber Innovation Hub – a £15 million programme to boost cyber startups and skills in Southeast Wales.