Artificial Intelligence in Cyber Security
by Chris Cadiz
Posted on Monday June 12, 2017 at 1:25 PM
In our last two posts on AI we looked at the Rise of AI and AI in the NBA and NFL. What about applications that can be used in everyday business?
Think about your business and all of sensitive data on your network. Protecting that data is such a critical function. What are the implications of losing that data to hackers?
We'll look at how AI can be used in cyber security, which has a direct impact on both business and government organisations. When you think about it cybersecurity is another perfect fit for AI. The goal is to train a system to be able to recognize certain attack patterns.
AI Meets Antivirus
First up is an antivirus system from SparkCognition. It's called DeepArmor and combines AI techniques, such as neural networks, with antivirus.
By design, DeepArmor combs through files to identify suspicious components. Those components are then fed through neural networks that can recognize malicious patterns. This is in contrast to traditional, signature-based antivirus systems, which can be fooled by metamorphic malware. That is, malware that's able to change its signature.
An Entirely AI Security System
Another interesting AI approach to security is Darktrace's Enterprise Immune System and Antigena technologies. Their AI tech is modelled after the human immune system. It learns to detect threats by learning from human and device behaviour on an organistion's network, all without prior knowledge. Antigena is designed to then neutralise those detected threats automatically.
Darktrace hopes to build this out further. They claim that building AI security without the need for human intervention is not unreasonable in the future.
AI Merged with Human Experts
Researchers from MIT took a different approach. They partnered with PatternEx to build AI2, a machine learning system that uses input from expert security analysts. It merges AI with what they call analyst intuition, combining the best of both.
AI2 combines three different unsupervised machine learning methods to find anomalies in the network and presents them to the analyst. The analyst can then confirm threats and feed this data into a supervised machine learning model. This results in far fewer false positives (by a factor of 5) and 85% detection (a threefold improvement).
We looked at a number of artificial intelligence applications in security, but keep in mind that with the prevalence of AI there will also be a rise in malicious AI. AI is already being used by hackers and cyber security is a constant battle on both sides. Will you be ready for the AI arms race?
Further reading:
