News

Bad apples

By Mollie Rappe

Photography By Randy Montoya

Friday, March 17, 2017

New brain-inspired cybersecurity system detects ‘malicious players’ 100 times faster

Cybersecurity is critical — for national security, corporations, and private individuals.

Sophisticated cybersecurity systems excel at finding “bad apples” in computer networks, but they lack the computing power to identify the threats directly.

Instead, they look for general indicators of an attack; call them “apples.” Or the system flags very specific patterns, such as “bad Granny Smith apples” or “bad Red Delicious apples.”

These limits make it easy for new species of “bad apples” to evade modern cybersecurity systems. And security analysts must sort the real dangers from false alarms such as the nonsense phrase “forbad applesauce.”

The Neuromorphic Cyber Microscope, designed by Lewis Rhodes Labs and then improved in partnership with Sandia, directly addresses these limitations. Due to its brain-inspired design, it can look for the complex patterns that indicate “bad apples,” all while using less electricity than a standard 60-watt light bulb.

From cerebral palsy to a cybersecurity system

The processor in the Neuromorphic Cyber Microscope is based on the neuroscience research of Dr. Pamela Follett, a co-founder of Lewis Rhodes Labs. Follett is a pediatric neurologist and neuroscientist who studies developmental diseases such as cerebral palsy in children. Her husband, David Follett, co-founder and CEO of Lewis Rhodes Labs, used her work as the basis for a computational model of how the brain processes information.

It’s more than 100 times faster and 1,000 times more energy-efficient than racks of conventional cybersecurity systems.

Comparing brains with cerebral palsy to healthy brains was key to the deeper insights. The Folletts built brain-inspired computer hardware — hardware they knew had the horsepower to solve some real-world problems. Enter Sandia, with a long history of solving real-world challenges.

A team led by computer systems expert John Naegle sought problems where the neuromorphic processor would excel. The team looked at robotics and pattern recognition before settling on cybersecurity.

“We quickly realized that we could use this architecture to greatly accelerate our ability to look for patterns and even look for complex versions of these patterns,” says John.

Brain-inspiration leads to faster, more efficient threat detection

Both the Neuromorphic Cyber Microscope and the human brain continually scan for threats. A hose or stick can cause you to jump, even if you’re not searching for a snake. Similarly, the Neuromorphic Cyber Microscope compares streaming data to suspicious patterns in a time-dependent manner. In contrast, conventional cyberdetection systems sequentially match small chunks of data against a library of “bad apple” patterns, which is less efficient, says John.

This completely changes the way that we look for suspicious activity . .

Sandia tested the Neuromorphic Cyber Microscope on its cybertraffic in a demonstration environment. As the “bad apple” patterns got more complex, the state-of-the-art conventional system slowed exponentially, but the Neuromorphic Cyber Microscope kept performing efficiently, says Roger Suppona, a cybersecurity expert at Sandia. In fact, it’s more than 100 times faster and 1,000 times more energy-efficient than racks of conventional cybersecurity systems. “This completely changes the way that we look for suspicious activity without running the risk of overwhelming our analysts with too much information,” says Roger.

The Neuromorphic Cyber Microscope, an R&D100 Awards finalist this year, is in the early stages of deployment.

Full utilization of the Neuromorphic Cyber Microscope isn’t going to be entirely smooth, warns Roger. “We as security analysts are going to have to rethink how we do things to make better use of this sort of a capability, he says. “We need to figure out how we describe the things that we’re interested in and how do we apply them in the most efficient way possible.” 

Sandia and Lewis Rhodes Labs are exploring what else they can do with the general neuromorphic architecture. They’ve explored a type of machine learning used for audio and image processing and sorting numbers efficiently. John says they’re still in early stages, looking at fundamental algorithms. This basic research is supported by Sandia’s Laboratory Directed Research and Development program. John says, “Eventually, we’d like to have completely new algorithms that really take advantage of the way the brain actually does its operations.”

David Follett has worked with Sandia off and on for more than 20 years. In fact, his earlier company jointly won an R&D100 award in 1996 for the ATM OC-12c Protocol Engine, a fast interconnect for computer-network communications.

“Sandia has a very unique culture and extraordinarily talented people,” he says. “The technical breadth of the lab and domains where they have world-class-expertise is very impressive. It’s an ideal environment for incubating novel, disruptive technologies like the Neuromorphic Cyber Microscope.”

A video about the Neuromorphic Cyber Microscope is available below, or on Sandia’s YouTube channel.