The Rise of Artificial Intelligence in Cyber Defense
Cyberspace is an increasingly hostile environment. In 2015, a PwC study of U.S. organizations found that 79 percent of respondents had detected a security incident during the year.
Today, malicious hackers continue to wage on business networks and systems. Their aim - to extract data to sell on the black market. Making use of the latest technology, these criminals exert huge pressure on businesses to defend its assets. As they continue to adopt rapidly advancing attack technologies, the differentiation between a malicious attacker and a genuine user is increasingly difficult to spot.
Cybersecurity experts are facing the daunting reality that they may have reached the limit of what humans can achieve in cyber defense. Thankfully, the answer to this issue may already have arrived, following in the form a platform known as AI-Squared.
Rise of the robots.
Unveiled to the world in April, AI-Squared is a collaborative project between MIT’s Computer Science and AI Laboratory (CSAIL) and a machine-learning startup known as PatternEx. Its function - to identify cyber-attacks.
The platform combines Artificial Intelligence (AI) and Analyst Intuition (AI) - hence the name AI-Squared. It works by parsing huge amounts of data - generated by users -- searching for odd activity using a recurrent neural network in combination with machine learning techniques. This is a process known as unsupervised learning, and it's used to find anomalies - the proverbial needles in the haystack.
Once identified, the platform notifies a human analyst, presenting its findings. The human analyst then confirms whether the user activity is an attack or a genuine visitor, which is relayed back to the AI. The AI turns these decisions into a model for use the next day. This is a process known as supervised learning.
It was announced that the platform is now capable of detecting 85 percent of cyberattacks.
How good is AI-Squared?
While machine learning platforms exist in the cybersecurity space, this is the first artificial intelligence platform for enterprise cybersecurity to integrate analyst intuition. AI-Squared is three times better than current benchmarks set by these existing machine learning platforms.
In a three-month period, AI-Squared analyzed more than 3.6 billion log lines and successfully identified 85 percent of attacks. This statistic is incredible, considering the platform continues to learn. I wouldn’t be surprised to hear future announcements from PatternEx and CSAIL that the platform has moved well beyond the 90 percent benchmark.
The system is also capable of reducing false positive identified by a factor of five.
On day one, when the platform was launched, it picked the top 200 abnormal events, which were fed to the human analyst to respond on whether this was an attack or a genuine user. In a matter of days, the platform reduced the number of events to 30 or 40 a day. This reduces time for analysts, who can be freed up to work on other areas of threat detection.
Artificial Intelligence and the future of cyber defense.
The emergence of AI-Squared marks the start of the next evolutionary phase in cyber defense. A future where cybersecurity experts can increasingly rely on machines to defend their organizations. Leaving them free to focus on mitigating attacks, while tracking down and prosecuting those who launched them in the first place.
Whilst AI-Squared still relies on human input to learn, CSAIL and PatternEx have undoubtedly set us on the path to a time where artificially intelligent cybersecurity defense platforms could be autonomous - no longer requiring input or direction from their human counterparts to function.
With widespread application, AI-Squared is capable of curbing the disturbing rise in data breaches. A comforting thought for organizations, with the average cost of a data breach now reaching $4 million, according to the 2016 Ponemon Cost of Data Breach Study. Of course the cynic in me views this as an arms race. How long until we have artificially intelligent systems capable of attacking business systems and organizations. Did someone say Skynet?