Meloy, 6:00
R08
Nathan Dorman ( nad59@pitt.edu
)
Finally, I will briefly discuss the educational value of
: writing this paper, and papers like it as an engineering student. How writing in this form not only helps to develop
The number one danger to all computer systems currently on the market is the virus. These destructive collections of code can wreak havoc on all computers from higher levels of writing skills, but also helps to create a generation of engineers who enter the work place ready to begin work on the big issues. The issues they already have research on because they have written papers like these. the everyday consumer, to the super systems that keep our government afloat. Imagine if all the computer systems in the world were shut down in an instant by a lone virus. The
I understand the need to develop better and smarter systems. Being able to use a computer and access the implications would be catastrophic. Worldwide theft, violence and even possible revolt would all be plausible outcomes. While that may be a frightening thought, for as long as viruses have been, so has our protection from them. internet without the fear of intrusion or theft is a crucial liberty. It is important to me as an emerging engineer that all people can take advantage of the technological marvel that is the internet safely and securely. Part of being a successful
Almost every computer worldwide has some degree of anti-virus software to protect its systems and information.
These programs work to fend off all the intrusion attempts against computers from malicious software. Unfortunately, engineer is having the ability to network with others.
Through the use of the internet, engineers from around the world can share ideas, notes, solutions and even blueprints.
If the internet is left without a smart defense system, we may be left with a disconnected world full of ideas that can’t be fully expressed. just as most technology is evolving so are these viruses.
According to an article by Raviv Raz, around 80 percent of the malicious attacks are caught because of the users recycling old bits of code [1]. But what about the other 20 percent? If this percentage is constantly changing how can
we fight it? An example of this ever changing methodology of attack is the infamous Conficker worm. This worm, which will be detailed later, embeds itself in the computer’s
There are thousands of anti-virus and online protection programs that all claim to protect your computer from the background processes while downloading silent updates to alter its method to avoid detection. This is the kind of smartworm that is the start of the new level of cyber threat.
The importance of developing AI for cyber defense lies in the weapons that we will soon find ourselves defending against. In a June 2012 article, Enn Tyugu, an expert in
NATO Cyber defense, says “Rapid developments in cyber
(technology) might lead to intelligent cyber weapons that are hard to control and it's practically impossible to use formal methods of verifying the safety of intelligent cyber weapons by their users.”[2] It is essential that we develop a way to fight these “smart weapons”, and the best way is “smart defense.” Without a security system that can learn and think, it could be only a matter of years before a cyber-weapon comes along with the power to shut down the entire world.
Any engineer should realize the necessity of acting on this situation if they look only upon their code. The first and foremost canon is to hold paramount the safety, health, and welfare of the public. [3] Is the welfare upheld if the public is attacked through the use of the internet? The answer is of course no. I will explore further the codes of ethics and discuss what types of steps can be taken to help prepare our systems for total defense. thousands of attacks on your computer daily. Truth be told, they all work on the same, soon to be outdated, process.
Known as “fixing the plumbing”, [4] It follows the idea of having a plumber come to fix a bathroom. He can only fix where the pipes are already leaking and can’t predict where the next leak will spring from. By this logic, no one can never truly be safe from leaks, or in the case of the analogy, viruses and breaches of security. What if though, the plumber were to install a new set of pipes that were able to detect when a leak could occur, or if the water was able to communicate when it found corrosive materials and then filter it out? The plumbing would practically take care of itself. In an Institute of Electrical and Electronics Engineers
(IEEE) article, Carl E. Landwehr used this smart pipe/smart water analogy to describe the ideal way to protect our personal property from cyber-attacks. [4]
Currently a few systems that use AI like tools in their processes are available on the market. The most widespread being Expert systems. An expert system is software made to answer questions posed by either a user or another piece of software. [5] These systems work with the use of a knowledge base where the magnitude of the data and information is stored, and an inference engine which takes

Nathan Dorman the information requested and derives what other information could also apply to the asker. Many of these agents are seeing use in a variety of situations. For example, many banks use them in conjunction with their web-based loan applications. The systems are able to look at the information on the applications and compare it to the qualifications for loan receipt. This way, the bank doesn’t need to exhaust countless work hours rejecting applications from unemployed and low-credit score applicants. [6] While not currently applied in the realm of web defense, the system’s ability to quickly compare items to a database could be a helpful asset.
Another type of intelligent system is an intelligent agent.
These are types of software that feature some intelligent-like behaviors such as proactiveness, understanding a communication language and reactivity. [5] Once again, these mainly find their use on “help” websites as a tool to answer questions without needing the assistance of a live human. [7] But also as before these agents could be useful in fighting off attacks on a system’s ability to connect to its home server by determining where the malicious information is coming from and shutting off the receiving pathways.
The internet is one of the most dangerous battlefields of the current day. Every day there are countless numbers of assaults on computers around the world. Most of these are fairly inconsequential and can be ignored by most standard web browsers. Most does not encompass all though. There are plenty of major threats surfing below the surface that could crack a system in a matter of minutes. These are the true threats that must be accounted for. In the introduction I mentioned the Conficker worm as an example of a smart virus. To elaborate, we need to take a look at the timeline of the virus.
The virus enters the system using an exploit in the windows server and embeds itself to the background functions of the operating system. Once it has integrated itself, it begins to take notice of how exactly the user controls his/her system. After it has determined the tendencies of the user, it downloads one of 4 ‘lettered’ updates; B, C, D, or E. Each of the individual worms works to hide and protect itself in different ways. That is until eventually it updates itself to E which removed itself as of
May 3 2009. [8] While no real damage was done to the system, it left a very real reminder that our personal computers aren’t the only systems that have been given some form of artificial intelligence.
I’ve discussed what we have and what we are facing, but now we must look into the future. What must we develop so that we can truly surf the web with piece of mind? What systems and procedures must be tweaked and tuned to create a truly self-reliant protection web defense? We must develop a system that is able to see what type of attack is occurring.
This is exactly the job for an expert system. If it can be redeveloped to distinguish what exactly is causing a breach, it can find the correct system of defense to draw on. In order for the system to realize what is attacking though, the intelligence systems must be integrated in the network. In other words, in order to create what we would consider a self-sufficient web defender, we must find a way to integrate all the systems that currently have “intelligence like” features into one super powered defense wall.
While it may seem this future is far off on the horizon, it may be closer than we think. We already have systems that seem to be able to “learn” trends from the user. TiVo,
Google search, even email spam filters are all able to distinguish trends in their usage to tailor the returned info to match what has been requested in the past. As Benoit Morel of Carnegie Mellon University said in his paper,
Approaches to defense deliberately relying on AI may not deliver quick results. But they offer the perspective of a future very different and far more attractive than what the present approach based on ‘tweaking the plumbing’ offers.”[9]
All engineering fields are guided by one universal code of ethics as well as a code in their specific fields. These codes help to ensure that those who are creating the future are doing so in the most upstanding and genuine way possible. The fundamental canons include protecting the public, avoiding deceptive acts, and conducting themselves with honor and responsibility. [3] Without even looking into them in great depth, it is obvious that if something threatened the public, engineers would be obligated to attempt to help as much as possible. So why shouldn’t they be working on the defense of the internet? It would only end up hurting them in the long run, for without the connectivity that the internet provides, it would make it excessively difficult for them to work together. Even if a discipline of engineering isn’t completely integrated with computers, most of them are on their way to being so. This provides a great opportunity to spread the current knowledge base on web defense over all the disciplines. Thus we provide all engineers a chance to safeguard the future.
When we specify down into software engineering, it’s even more obvious that this subject needs addressing. Upon digging into the code of ethics for this discipline we see that they must: “cooperate in efforts to address matters of grave public concern caused by software, its installation, maintenance, support or documentation”. [10] It would

Nathan Dorman appear to me that a global smart virus would be a matter of grave public concern. They also shall: “Be encouraged to volunteer professional skills to good causes and contribute to public education concerning the discipline.”[10] With this code it’s fairly straight forward what needs to be done. I feel that the software engineers need to collaborate with the other disciplines of engineering in order to educate not only themselves but also the public. With such a widespread collaboration it is doubtful that the malicious groups who would design a smart virus could avoid the eyes of everyone.
With a smart public and a smart defense, no virus could ever be smart enough to deal significant damage.
The short and quick answer to this question is quite a lot.
They are a successful tool to use when trying to create a well-rounded engineering student. They also help to, in the long run, create a new generation of successful engineers. In an article by Charles Vest, President Emeritus of MIT, he said “To succeed [in engineering], we must do two things:
(1) discover new scientific knowledge and technological potential through research and (2) drive high-end, sophisticated technology faster and better than anyone else”[11]. Writing papers like these help to achieve both of these tasks in the long run by preparing the next generation.
For without a fresh set of skills and minds, the pool for engineers may begin to get stale. This is why I feel that engineering students worldwide should be writing papers like this one. It prepares them for the world, for their professions, and for the future.
We looked at how ready our networks are to defend themselves, where the state of the attackers is and how we can cover the gap between the two. When a threat to your security presents itself on a level higher than you’re prepared to combat, it becomes necessary to get your defenses to at least that level if not beyond to defend against it. We the users should not be left to toil over addressing every possible threat to the network. Nor should major corporations be subjected to throwing millions upon millions into network defense. If those who would raise terror are able to use smart warfare, why can’t we? We need to stop patching the leaks and make the tubes and the water the smart systems. As an upcoming engineer, I want the future of the internet to be secure. I want to have a system that can think itself so that we may use that type of technology elsewhere. Maybe it could be a smart power grid that runs itself as efficiently as possible. Maybe it could be a smart financial system that can detect laundering and stop it. Whatever the technology ends up being, we need to start it first. Not many groups are researching into this technology. This is because the government, who funds them, wants to focus on weapons with more “flare.” If the government will put a little attention into our web defense, I’d expect there to be a quick surge in development. I also advocate that all disciplines within engineering take it upon themselves to gain some knowledge of web defense in order to safeguard their future and the future of the public. As for software engineers specifically, they are the primary key to safety. It shall be they that are tasked with our defense as well as educating the public. It is required not only by their code of ethics but also by their duty as a human citizen.
The final notes on educating engineers seem like a given.
We must prepare the next generation to face challenges unlike ever before as our technologies grow. Research and writing have become the first step in a much grander plan to create better engineers. Students worldwide should write papers of this type, to not only familiarize themselves with current issues, but also to begin to network themselves with the millions of other engineers who are preparing to pass over the reins to the future.
[1] R. Raz (2012) “IBM Predicts Artificial Intelligence Will
Lead Cyber Security” Chapters in Web Security.
(Blog
Entry). http://chaptersinwebsecurity.blogspot.com/2012/03/ibmpredicts-artificial-intelligence.html
[2] Unposted (2012). “Cyber experts warn of ‘intelligent weapons’”. Phys.org. (Web page) http://phys.org/news/2012-06-cyber-experts-intelligentweapons.html
[3] NSPE(2012).
NSPE Code of Ethics for Engineers”
NSPE.org
(Web page) http://www.nspe.org/Ethics/CodeofEthics/index.html
[4] C. Landwehr (2008). “Cybersecurity and Artificial
Intelligence: From Fixing the Plumbing to Smart Water.”
IEEEXplore . (Online Article) http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=04639
011 P.3-4
[5] E. Tyugu (2011). “Artificial Intelligence in Cyber
Defense.” IEEEXplore.
(Online Article) http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=05954
703
[6] V Nicks (2010) “Examples of Expert System
Applications in Artificial Intelligence” Suite 101.
(Web page) http://suite101.com/article/examples-of-expert-systemapplications-in-artificial-intelligence-a292500
[7] Various (2012) “Intelligent Agent” Wikipedia . (Web page) http://en.wikipedia.org/wiki/Intelligent_agent#Applications
[8] Various (2012) “Conficker” Wikipedia . (Web page) http://en.wikipedia.org/wiki/Conficker
[9]B. Morel (2011) “Artificial Intelligence a Key to the
Future of Cyber-Security” Delivery.org
(Online Article)

Nathan Dorman http://delivery.acm.org/10.1145/2050000/2046699/p93morel.pdf?ip=130.49.18.22&acc=ACTIVE%20SERVICE&
CFID=124821576&CFTOKEN=12159434&__acm__=1349
743136_4bd8366f3836d7b12d9723aaca6b7327 P.93-98
[10] IEEE (1999) “Software Engineering Code of Ethics and
Professional Practice” Computer.org
(Web page) http://www.computer.org/portal/web/certification/resources/ code_of_ethics
[11]C. Vest (2005) “Educating Engineers for 2020 and
Beyond” NAE (Article online) http://www.engineeringchallenges.org/cms/7126/7639.aspx
I gratefully acknowledge support from Barbra Edelman, my writing advisor; Todd Jasinski, my motivation, The Pitt
Library System for their wealth of information and Ron
Reha, my proofreader.