By Jamel M., Cybersecurity Consultant Squad
Cognitive cybersecurity is an approach that enables the understanding of artificial human behavior through the functioning of cognitive functions derived from human-machine interfaces.
It is based on a type of cognition that refers to the way in which artificial systems acquire data by producing representations and transforming them into knowledge using algorithms based on brain functions, with a view to implementing them in a system's activities and behaviors.
Cognitive functions are integrated into the operation of artificial intelligence applications and frameworks, such as the IBM Watson IoT platform, which allows other parameters to be introduced into methods of intruding into target systems. However, while they enable the cognitive hacking of individuals and organizations, there are also cognitive security countermeasures.
Defending yourself against cognitive hacking
Cognitive hacking involves self-learning systems that use the availability and exploration of sensitive and non-sensitive data, the recognition of deterministic patterns that systems use, and natural language processing in the construction of different types of algorithms: K-means, DBSCAN, KNN, WARD, Weka.
It targets cognitive functions integrated into the operation of a system or application. On March 22, 2016, the attack on Vinci's stock price was based on the content of an email designed to create a sense of urgency in order to bypass the first level of security controls.
It also targets the cognition of individuals within organizations. The main vector for this type of hacking is related to data access, meaning that CISOs, security managers, and human resources managers are potential disseminators.
Its effect is all the more destructive during times of crisis or in a tense human environment: terrorist attacks, health crises, jealousy, frustration, poor organization, deterministic education, uncontrolled ego, undefined boundaries between private and public life, lack of professional ethics or a healthy organizational culture, excessive surveillance.
Building cognitive security
It is defined by the ability to detect and remedy cognitive hacking processes produced by the construction of artificial data interpretation ecosystems that stimulate behavior leading to erroneous decisions.
On October 5, 2012, high-frequency trading algorithms caused a sharp drop in the NIFTY index, followed by an equally sharp rebound.
It plays a role in defining threat awareness, detecting anomalies in the behavior of systems and organizations, and responding to incidents. In each of these phases, cognitive security acts as a countermeasure to the specific data vulnerabilities that define each organization and individual.
In terms of data, these parameters can be applied, for example, to validated data models that are then used by business lines thanks to the predictive model of machine learning. This technology is defined by a machine's ability to quickly process different types of data for operational purposes.
At the individual level, behavioral abnormalities are the most visible signs of detection. And the encouraging factors are more related to psychiatry linked to each individual's history and the way their cognitive functions process information.
Cognitive security and action intelligence: the example of a health crisis
In the face of the health crisis, the difficulty lay in gathering data points across an entire chain involving governance and the medical sector. This cognitive dissonance leads to biased decisions and difficulty in determining the actions to be taken. As a result, it also provides opportunities for attacks by exploiting the weakness of automatic predictive mechanisms based on unsuitable and poorly configured data.
In the case of the DDoS attack on Paris hospitals on March 22, 2020, they contribute to reducing the availability and performance of health emergency plans. They also alter data quality in the case of the "Coronavirus Map" malware, which targets epidemic mapping data and users' personal data.
Cognitive remediation, in its function of repairing alterations caused by a new situation, takes the form of cybersecurity where sensors are produced to build a value chain through: a natural language-oriented algorithm with the "COVID 19 Chatbot" and the implementation of the "Robert" protocol in the form of an application whose coordination level is placed at the pan-European level.
The COVID-19 Bot is based on a series of questions and answers using natural language processing and automatic text generation. The Bot queries a knowledge base to enable it to respond to the identified subject.
The "ROBust and privacy presERving proximity Tracing" protocol is characterized by an architecture based on Bluetooth technology and the use of pseudonyms ("crypto-identifiers"). A server assigns temporary pseudonyms. These are exchanged, allowing a history of people encountered to be stored on the server, so that the application can check whether the pseudonym is on the list of infected people and alert the user if the answer is positive.
More articles on cybersecurity ⤵
