Security Intelligence blog: An Interview With IBM Master Inventor James Kozloski on His New Security Patent: The Cognitive Honeypot

Posted on by

What does a master IBM inventor who typically models brain activity have to do with making enterprise networks more resilient to spear phishing attacks? If you ask James Kozloski, you won’t get a quick answer, but it will be interesting.

Kozloski, who is Manager, Computational Neuroscience and Multiscale Brain Modeling for IBM Research in Yorktown Heights, New York, is one of those guys who is always coming up with new ideas, and was recently part of a team of IBMers who received a patent for “cognitive honeypots,” or as expressed in the patent language, “an electronic communication evaluating device determines a suspicion level for an initial electronic communication.” You probably have no idea either what that means, so let’s take this step by step, because the invention is quite clever.

 

Most of us know what honeypots are: the concept goes back at least a decade if not longer, and involves trying to trap malware authors by simulating an unsuspecting user who happens upon an infected site. Microsoft and Google have used honepots and honeynets – collections of them – for years in this fashion, and they have been effective at locating new malware techniques. The German Honeynet Project is one such open source effort that has been useful to develop new honeypots, for example.

 

Many of Kozloski’s efforts have been in computational biology, where he uses high-performance computing clusters to simulate various neural components, in the hopes of building models on how the brain works. For example, he might want to build how to understand how the brain fails to comprehend something, or understanding what happens when it contracts a particular disease. He has worked in the past on modeling Huntington’s disease, a particular pernicious malady where brain cells degenerate over time.

 

But several years ago, he was standing by his office printing station and happened to engage another IBMer, Clifford Pickover, in a discussion about reducing the wait time for their print jobs. You know, just the average kind of conversation you and I might have, if you and I were brainy research scientists that have a bunch of patents to our names. That got him started and he hasn’t been idle since then in his search for understanding literally what makes humans tick.

 

So back to spear phishing. The issue for enterprise security managers is that they have to be ever-vigilant in detecting and preventing this spam: a single message that is acted upon by an unsuspecting user will infect the network and cause trouble. For the scammers, this means a numbers game: send sufficient emails, and eventually one or two or a few will succeed.  Kozloski’s efforts in computational biology got him interested in this topic, as he had more around-the-print-queue discussions with his colleagues at the IBM research labs in New York and around the world.

 

What if you could develop a honeypot that could mimic a clueless user, and respond to a spammer with the kind of email that would indicate the spear phishing succeeded? Better yet, what if you could overwhelm the spammer with hundreds of these false positive messages, so that it would waste the spammer’s time in trying to track down which were actual human responses, and which just were automated bots? Turnabout is fair play, after all. “The trick is doing this in such a way that it isn’t distinguishable from a human subject’s response,” he said. “For example, it could mimic an elderly user who is responding to an email about winning a lottery or someone in supposedly trouble overseas, with appropriate human response.” What the genius of the idea is that it consumes the most critical resource for the attacker, his time.

 

The honeypot project is an active area for IBM research, and while no current product actually exists from this patent, you might keep a lookout for one in the future.

 

Kozloski has been at IBM since 2001 and has written ten papers and had a hand in more than 100 different patents. He joins a small group of several dozen master inventors at IBM such as Lisa Secat DeLuca who are recognized by IBM for their contributions to the company’s prolific patent prowess. Last year was a bumper crop of more than nine thousand patents issued to IBM inventors, once again putting IBM in the lead for 25 years in this tally.

 

Being a master inventor usually means a three-year term and you are evaluated to see if your activities are worthy of an additional term. As part of his efforts, he leads regular workshops teaching other IBMers on how to better collaborate to come up with inventions. Does Kozloski feel any day-to-day pressure to come up with his own new ideas? “It is a cool title, to be sure,” he told me in a phone interview. “But it more about the work with my team and being recognized for doing something innovative.” His team stretches around the globe with IBMers in Israel and Hungary, who helped formulate the honeypot idea. “Being a single inventor is hard, because when you are a part of a team you can leverage each other’s skills and interests and be more productive,” he said. It is like that African proverb, “If you want to go quickly, go alone. If you want to go far, go together.”

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.