What’s the easiest way for hackers or spies to penetrate a secured computer network?
让网络管理员打开门,请他们进来。
几乎所有的网络都从第三方创作者那里购买基础软件。 坏人已经发现,第三方为他们提供了一个渗透软件供应商系统的机会,并将恶意软件隐藏在要购买的软件中。 The software becomes a digital Trojan horse, carrying attackers inside the network’s walls.
这就是2020年12月首次披露的一场大规模间谍活动背后的策略,这场间谍活动损害了包括司法部和财政部在内的几家主要美国政府机构,以及包括b谷歌和微软在内的私营公司。 它被描述为历史上规模最大、最成功的数字间谍案之一。
That’s where Professor Dianxiang Xu comes in. 在Robert W. Plaster自由企业与研究中心的SS&C数据分析、网络安全和高性能计算设施中,徐正在使用人工智能(AI)的一个专业领域——深度学习模型来帮助对抗新出现的威胁。 目标是使用计算机程序的静态代码分析来发现潜在的缺陷和安全漏洞。 这项工作是由美国国家科学基金会资助的。
“Software vulnerability is a major source of cybersecurity risks. It is very difficult to identify vulnerabilities in software code as software has significantly increased in both size and complexity,” Xu says.
“Finding software vulnerabilities is analogous to ‘searching for a needle in a haystack.’ Recent advances in deep learning can be promising for predicting software vulnerabilities.”
Spies and hackers aren’t the only bad guys Xu is working to combat. 他还在研究如何利用人工智能收集和处理数字证据,以便在法庭上提交给陪审团。 徐将他的网络安全工作建立在一个名为“变形金刚”的深度学习模型上。
“Finding software vulnerabilities is analogous to ‘searching for a needle in a haystack.’ Recent advances in deep learning can be promising for predicting software vulnerabilities.”
“The Transformer is a deep learning model introduced in 2017, used primarily in the field of natural language processing, or NLP,” he says. “It has enabled training on larger datasets than was possible before it was introduced. The pretrained transformer systems such as BERT (Bidirectional Encoder Representations from Transformers) have achieved state-of-the-art performance on a number of NLP tasks.”
“Considering the similarity and difference between natural languages and programming languages, we expect the transformer systems can be pretrained with a large amount of computer code so as to improve various program understanding tasks, such as detection of vulnerabilities in source code.” 那么,像徐这样的计算机科学家正在进行的反间谍软件研究有多重要呢?
In an article for 《纽约客》, Sue Halpern wrote: “The simple truth is that cyber defense is hard, and in a country like the United States, where so much of our critical infrastructure is privately owned, it’s even harder. Every router, every software program, every industrial controller may inadvertently offer a way for malicious actors to enter and compromise a network.”
在石膏中心里,你可以看到徐在一点点地消除那些网络威胁,一次一个模型。