AI and Machine Learning in Cyber Security
The use of Artificial Intelligence is becoming decidedly commonplace. Wikipedia describes AI research as “the study of intelligent agents: any device that perceives its environment and takes actions that maximise its chance of success at some goal.” AI is often used interchangeably with Machine Learning, which is described as the subfield of computer science that, according to Arthur Samuel, gives “computers the ability to learn without being explicitly programmed.”
Machine Learning more accurately describes the technology that we are seeing more and more often in the IT industry, with machines programmed to have neural networks, which can plug into the internet and get access to the vast amounts of data and information stored there, and then interpret and classify that data in a similar way to the human brain. Feedback on whether the machine has predicted correctly or incorrectly closes the loop and allows the machine to learn, in order to modify future behavior.
Is it all hype though? Let’s find out:
What Can AI Do for Cybersecurity?
Given the state of cybersecurity today, the implementation of AI systems into the mix can serve as a real turning point. These systems come with a number of substantial benefits that will help prepare cybersecurity professionals for taking on cyber-attacks and safeguarding the enterprise.
New AI algorithms use Machine Learning (ML) to adapt over time. Simon Crosby Co–founder and CTO at Bromium, writes that ML makes it easier to respond to cybersecurity risks. New generations of malware and cyber-attacks can be difficult to detect with conventional cybersecurity protocols. They evolve over time, so more dynamic approaches are necessary. Cybersecurity solutions that rely on ML use data from prior cyber-attacks to respond to newer but somewhat similar risk.
Another great benefit of AI systems in cybersecurity is that they will free up an enormous amount of time for tech employees. AI is most commonly used to detect simple threats and attacks. Given that the simplest attacks usually have the simplest solutions, the systems are also likely be able to remediate the situation on its own.
How can cybersecurity experts leverage AI? They depend on intelligent automation to trigger risk red flags that humans may not have the time and resources to search for. Steve Grobman, CTO at McAfee states that AI won’t make human cybersecurity experts obsolete, but it is reducing the need to have as many on staff and is increasing their effectiveness.
Another way AI systems can help is by categorizing attacks based on threat level. While there’s still a fair amount of work to be done here (52% of cyber professionals say systems aren’t accurate enough), when deep machine learning principles are incorporated into your systems, they can actually adapt over time, giving you a dynamic edge over cyber terrorists.
AI systems that directly handle threats on their own do so according to a standardized procedure or playbook. Rather than the variability (and ultimately inaccuracy) that comes with a human touch, AI systems don’t make mistakes in performing their function. As such, each threat is responded to in the most effective and proper way.
Unfortunately, there will always be limits of AI, which is why Grobman states that human-machine teams will be key to solving increasingly complex cybersecurity challenges:
“If you think about other areas that are taking advantage of machine learning or AI, very often they just improve over time. A great example is weather forecasting. As we build better predictive models for hurricane forecasting, they’re going to continue to get better over time.
“With cybersecurity, as our models become effective at detecting threats, bad actors will look for ways to confuse the models. It’s a field we call adversarial machine learning, or adversarial AI. Bad actors will study how the underlying models work and work to either confuse the models — what we call poisoning the models, or machine learning poisoning – or focus on a wide range of evasion techniques, essentially looking for ways they can circumvent the models.”
According to a Workfront report, more employers are depending on automation to solve their most pressing challenges. Cybersecurity professionals are among the employees using automation to utilize their time more effectively and bolster job performance.
Applying Machine Learning to Security
In a somewhat simplified world, we can partition security use-cases into two groups: The problems where machine learning has made a difference and the ones where machine learning has been tried, but will likely never yield usable results. In machine learning lingo, from a supervised perspective, the former category is comprised of all the problems where we have “good”, labeled data. The latter is where we don’t have that. The unsupervised side looks a bit different. There we have to distinguish among the different unsupervised approaches. For this conversation, let’s consider clustering, dimensionality reduction, and association rule learning as the main approaches within unsupervised learning. All of these approaches are useful to make large dataset easier to analyze or understand. They can be used to reduce the number of dimensions or fields of data to look at (dimensionality reduction) or group records together (clustering and association rules). However, these algorithms are of limited use when it comes to identifying anomalies or ‘attacks’.