Cognitive security: Securing the burgeoning landscape of mobile networks

The rapid proliferation of personal wearable as well as embedded devices point to the emergence of networks of unprecedented size and complexity in the near future. Unfortunately, traditional network security solutions fall short of addressing the unique security requirements of the emerging environment given their general emphasis on administratively managed, preconfigured security context and strong physical security mechanisms. To cope with the security challenges of this emerging environment, novel cognitive-inspired security architectures have been proposed that emphasize dynamic, autonomous trust management. Cognitive security systems take advantage of sensing and computing capabilities of smart devices to analyze raw sensor data and apply machine learning techniques to make security decisions. In this article, we present a canonical representation of cognitive security architectures and examine the practicality of using these architectures to address the security challenges of rapidly growing networks of mobile/embedded autonomous devices including the ability to identify threats simply based on symptoms, without necessarily understanding attack methods. Using authentication as the main focus, we introduce our canonical representation and define various categories of contextual information commonly used by cognitive security architectures to handle authentication requirements, and highlight key advantages and disadvantages of each category. We then examine three grand challenges facing the cognitive security research including the tension between automation and security, the unintended consequences of using machine learning techniques as a basis for making security decisions, and the revocation problem in the context of cognitive security. We conclude by offering some insight into solution approaches to these challenges.