Artificial Intelligence & The Future Of Cybersecurity

Uploaded on 2016-09-15 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Developments

As more cyber-security threats arise every day, extensive research into prevention and detection schemes is being conducted globally.

One of the issues faced is keeping up with the sheer mass of new emerging threats online. Traditional detection schemes are rule or signature based. The creation of a rule or signature relies on prior knowledge of the threats structure, source and operation, making it impossible to stop new threats without prior knowledge.

Manually identifying all new and disguised threats is too time-consuming to be humanly possible. One solution that's getting global recognition is the use of artificial intelligence.

The subset of AI that relates to cyber-security is the ‘learning' branch. This field, called 'Machine Learning', relates to the capability of a computer to learn from data and improve over time. AI can use knowledge it gains to detect threats, including those that are yet to be discovered, by identifying shared characteristics within families of threats.

Decision making

It is hard to believe AI could one day replace a room full of humans monitoring a network. The human brain is limited in its ability to simultaneously consider multiple variables during decision-making. Psychologist Graeme Halford estimated this number between four and five variables at any one time. AI has filled this gap by providing a tool that can take into account hundreds of variables at a time, whilst processing millions of records per second.

Working together

AI is most accurate when it can get feedback on the decisions it is making. One thing AI cannot currently borrow from humans is the ability to assess a decision based on the situation and environment. Combining the situational and environmental awareness of a human with the data processing and pattern recognition abilities of AI makes for the strongest possible detection scheme. 

This was recently proven by a research team at MIT with the creation of their AI Squared detection scheme that used AI learning reinforced by a security analyst giving the AI feedback on its most unusual decisions. This reduced the number of false positives the AI was making by a factor of five.

Cyber-threats are rapidly evolving. Attacks are stealthier, more targeted and more evasive than ever before. Because of this, we tend to move away from prevention towards detection, relying upon a human component to take action. 

What is abnormal is not necessarily intrusive, and what looks to be legitimate might not be within a given context. Attackers can use stolen credentials and access systems posing as a legitimate user. There is no way to differentiate this from a regular user without situational awareness. Because of this, humans must remain in the detection scheme, whether it is to take action or provide feedback to the system for it to improve.

What to expect

The future of cyber-security will continue as it always has, as a game of cat and mouse.  Attackers will create new methods of concealment and defenders will create new methods of detection. The difference with AI is that we are trying to make something that will adapt to the changes the attackers make. 

Current research suggests we will soon see distributed AI detection schemes operating similarly to the human immune system, giving some form of environmental awareness. Like the human immune system, one part would be dedicated to addressing common threats (innate immune system), whilst another part would investigate anomalies to detect threats that have not yet been seen by the system (adaptive immune system).

The primary objective of AI-based security solutions is to help detect what other controls fail to. Many researchers and vendors are claiming unheard of accuracy rates for their AI detection schemes. Specific families of threats can be detected in a very accurate manner, however, emerging families of threats may display changing characteristics, or characteristics that purposefully try and trick AI detection. This makes accuracy metrics relative as researchers and vendors can only assess the detection performance against a small set of threats, amongst infinite real-world possibilities. 

There are good products out there that will truly enhance your security posture, however, accuracy statistics are more of a selling point than a feature to be relied upon. For now, AI detection schemes are strongest alongside human decision makers. This will make them commonplace in environments like security operations centres in the near future, allowing a huge workload to be alleviated with help from AI.

SC Magazine

 

« The White House Has Four Keys To Improving Cybersecurity
GCHQ To Create A UK National Firewall »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Soracom

Soracom

Soracom offers secure, scalable, cloud-native connectivity developed specifically for the Internet of Things.

Sepio Cyber

Sepio Cyber

Sepio is the leading asset risk management platform that operates on asset existence rather than activity.

Sift

Sift

The Sift Digital Trust Platform protects your business and customers from all vectors of fraud and abuse through our Live Machine Learning, global trust network and automation technologies.

Lynx Technology Partners

Lynx Technology Partners

Lynx Technology Partners is a full service, full life-cycle risk-based security consulting firm.

IoT Defense

IoT Defense

IoT Defense (IOTD) is a cybersecurity and networking company building solutions that enable the protection of networks and the ever-increasing prevalence of IoT devices.

Polish Centre for Accreditation (PCA)

Polish Centre for Accreditation (PCA)

PCA is the national accreditation body for Poland. The directory of members provides details of organisations offering certification services for ISO 27001.

QNu Labs

QNu Labs

QNu Labs’s quantum-safe cryptography products and solutions assure unconditional security of critical data on the internet and cloud across all industry verticals, globally.

Datenschutz Schmidt

Datenschutz Schmidt

Datenschutz Schmidt is a service provider with many years of experience, we support you in complying with numerous data protection guidelines, requirements and laws.

Boxphish

Boxphish

Boxphish provides a proven solution to reduce Human Error and Cyber Human Risk via automated learning journeys and intelligent phishing simulations.

Cyber Insurance Academy

Cyber Insurance Academy

Cyber Insurance Academy was founded to provide insurance professionals with the knowledge needed to work in cyber-insurance and cyber-related insurance fields.

Information Technology Solutions (ITS)

Information Technology Solutions (ITS)

Information Technology Solutions is a single source provider for managing and securing mission-critical IT services.

Aiden Technologies

Aiden Technologies

Aiden simplifies your IT process, giving you peace of mind and security by ensuring your computers get exactly the software they need and nothing else.

Strac

Strac

Eliminate Personal Data Risks from your business. Our Dataless SaaS removes the need to manage sensitive data across web, mobile apps, servers and communication channels.

B&L PC Solutions

B&L PC Solutions

B&L PC Solutions deliver top cyber security services on Long Island and New York city to protect businesses from evolving online threats.

BCX

BCX

BCX, a subsidiary within Telkom Group, is one of Africa’s largest systems integrator and digital transformation partners for enterprises and public sector organisations.

Softsource vBridge

Softsource vBridge

Softsource vBridge are an ICT systems integrator providing specialist technology solutions, professional services, technical expertise and data centre services.