Application security threats continue to increase in sophistication and number as the technologies that enable them do. There’s been a 12 percent increase in banking trojans. A 23 percent increase in spyware. A 22 percent increase in botnets and other crypto mining malicious apps. While there are tools and technologies available to developers and IT to thwart these threats such as static code analysis, signature-based intrusion detection systems, and the latest trend of using some kind of a machine algorithm or AI-based approach, they’re not stopping the increase.
Malware authors are intelligent. They learned to rewrite their code so that when it’s presented to established machine learning algorithms the machine will allow it though as genuine and not detect the breach. United Technologies (UTC) calls this “stealthy malware.”
At the recent first Mobile World Congress Americas, Department of Homeland Security (DHS) partnered with several companies including United Technologies, to exhibit new projects either ready for deployment or in beta, that will increase security. UTC is a $65B Farmington, CT-based company. It researches, develops, and manufactures products in several areas, including aircraft engines, aerospace systems, building systems, and industrial products. UTC is also a large military contractor, getting about 10 percent of its revenue from the U.S. government.
Dr. Devu Manikantan Shila, principal research scientist at UTC, described her project COMBAT, an acronym for Continuous Monitoring of Behavior to Protect from Mobile Application Threats, as an API-based solution that filters applications being downloaded to determine whether it’s malicious or benign using a patent-pending, proprietary algorithm called Explainable Analytics. Manikantan said, “Developers can think about COMBAT like an API. They developed their solution to call the COMBAT API, which will then return a threat score. If the app the user is attempting to download has a high threat level it’s in the red region, if it’s benign it will return in the green and the download will continue.” UTC is planning to outsource the technology and will be uploading everything to the hub so that developers can run the software and build on top of it.
COMBAT is the second API-based security project Manikantan has developed in partnership with DHS. The first was a solution called Castra. Based on behavioral biometrics, it was designed to provide seamless access to the Internet of Things. She explained, “The whole idea of behavioral biometrics is to recognize the user based on the way they are interacting with the device through behavior with multiple installed sensor-enabled apps on the device. When the phone is with me it automatically recognizes that I am the right person because it recognizes data like how I walk and where I keep the phone, then provides me access to the apps and more.” She said it automatically recognizes walking patterns after initial biometrics have been established, travel and location destinations. However, if a person deviates to a place it hasn’t seen, it will lower its trust code.
On the other hand, provided a high trust code, Castra enables the device to literally open doors to buildings, automatically set temperatures, turn lights on, etc. without having to take the phone out of pocket and input passcodes. Manikantan said, “It’s also secured. If someone is stealing your phone they will have a lower trust code because among other clues from data, your walking pattern is different. The unrecognized user will not be able to input the passcode on each of these apps.”
Software developers building access control products will call the Castra API, which will measure the trust code of the person using that phone. It provides a convenient approach to locking a device, increases convenience and makes passwords a thing of the past for device users.
Machine learning and artificial intelligence (AI) API-based security solutions like COMBAT and Castra are where the industry trend is moving. There are skeptics who question their safety, arguing that just as a brain can be tricked, so can machine learning algorithms and AI algorithms. Ultimately the value of these solutions lie in the technologies and the intelligence of the individual algorithms staying ahead of the curve of their malicious counterparts.