Problem Statement
The Security Industry is deeply fragmented. Currently there are more than 4000+ Vendors in the Cyber Security Space.A normal expectation would be for Cyber Crime would be at an all time low, or at least trending down. Contrary to that, Cyber Crime is at all time high and continues rampant.
AI Mechanisms have never been so advanced. A new wave of technologies based on Generative AI, promise some additional capabilities to defender, but initial assessments seem to bolster Cyber Criminal capabilities due to cost and scale benefits.
While OpenSource CyberSecurity Projects exist in some well established domains such as (Network Segmentation, Firewalling, Logging, Detection, etc ) most project today lack “advanced, next generation capabilities”. Next Generation Capabilities are a mixed of obscured Thread Intelligence, Machine Learning, and over hyped snake oil.
It is necesary to build a foundation upon which develop modern capabilities to integrate and enhanced long standing mature opensource security projects, and start some new ones.
Theres a large amount of Academic Research performed on the area of Machine Learning, Malware Detection, Phishing Detection etc, but most of this work are “one time views” or “frozen on time” and not maintained after the research papers are published.
Digging Deeper into the Problem
Cyber Security is an adversarial problem. New Detection Capabilities are quickly reversed and bypassed by Attackers. This cat and mouse game requires a continous maintenance and development of capabilities. More important it requires a commitment to automation and maintenance of such automation capabilities.
This is a very different to other problems in the OpenSource world where code could remain relevant for multiyear without much rewrite or maintenance.
This is why we suspect most Open Source Antivirus have failed. Also partly why current projects such as PfSense, comparatively to most “next-gent-appliances” provide no machine learning derived modules or capabilities.
The Approach
It is then advisable, or required for the field to progress, to setup a taskforce of individuals interested in developing and maintaining an ongoing infraestructure of data collection, sharing, and automation that foster oingoing research and maintenance of modern detection technologies against cybercrime.
This Taskforce of individuals, a mixed of Professionals, Volunteers, Seniors, Juniors and Researchers could contribute to build critical foundational OpenSource Security ML Models that could later be addopted and integrated into other Open Source projects at large.
As this work is necesary to be ongoing and long term, the community management, rotation and recruitment becomes a critical part of the project success.
Seed Ideas
As a series of examples, of potential work in the future for inspiration, some base ML Models could greatly increase the resilience of Open Source Projects and Environment against current Cyber Security Threats.
- Static Malware Detection for PEFiles.
- Dynamic Malware Detection for PEFiles.
- Email Phishing Clasification.
- Malicious URL Prediction based on URL Features.
- Malicious site prediction based on site content.
- Web Categorization based on site content.
- C&C Detection based on Network Records and Beaconing Behaviour.
Ground Work
For the previous work to be developed and maintained, some base infraestructure and corresponding code need to be written for Sample Collection, Model Trainning, Model Distribution, Model Evaluation, Results Display. Currently this ongoing work is not perform by Academia Research, due to the way Academic Papers are funded and are incentivized.
A taskforce that would be able to provide continuation to this work, and defende models or improve them when their threshold are breached are required for the progress of the industry.
Join the Alliance!