Cybersecurity tool uses machine learning, honeypots to stop attacks

Purdue University researchers have developed a cybersecurity tool designed to stop cyber attacks using supervised machine learning, unsupervised machine learning and rule-based learning

By Chris Adam February 15, 2020

In recent months, the FBI issued a high-impact cybersecurity warning in response to increasing attacks on government targets. Government officials have warned major cities such hacks are a disturbing trend likely to continue.

Purdue University researchers may help stop some of those threats with a tool designed to alert organizations to cyberattacks. The system is called LIDAR – which stands for lifelong, intelligent, diverse, agile and robust.

“The name for this architecture for network security really defines its significant attributes,” said Aly El Gamal, an assistant professor of electrical and computer engineering in Purdue’s College of Engineering. “Our system is robust and able to adapt to different environments through lifelong learning.”

El Gamal created the technology with Arif Ghafoor, a professor in electrical and computer engineering, and Ali Elghariani, a graduate of electrical and computer engineering.

LIDAR can be used for computer systems and networks, including wireless networks. The system works with preprocessing components that are designed to be resilient to adversarial attacks and a cross-layer feature extraction mechanism for wireless networks. The LIDAR system also uses a curiosity-driven honeypot, which lures attackers but does not let them infiltrate the system.

The Purdue system is made up of three main parts: supervised machine learning, unsupervised machine learning and rule-based learning.

“One of the fascinating things about LIDAR is that the rule-based learning component really serves as the brain for the operation,” El Gamal said. “That component takes the information from the other two parts and decides the validity of a potential attack and necessary steps to move forward.”

The supervised machine-learning component uses an algorithm to compare abnormalities detected in the system to known attack templates. The unsupervised component uses an algorithm to detect any anomalies in the overall system being monitored.

Purdue University

– Edited by Chris Vavra, associate editor, Control Engineering, CFE Media and Technology,

Author Bio: Chris Adam, Purdue University