AI and Machine Learning in Cyber Security

Date Received : 2-Nov-2018
Location : Singapore

Key Take-Aways:
  • Intelligent machines now have the power to make observations, understand requests, reason, draw data correlations, and derive conclusions. Not only could AI help to effectively detect anomalies and tackle manpower shortage, but it could support rapid incident response operations against zero-day threats.
  • Traditionally, cyber security has relied on rules-based or signature-based pattern matching. With anti-virus (AV) for example, researchers at AV companies find malware and generate signatures that can be used to check files on an endpoint to see if they match a signature of known malware. This means that one can only detect malware that is known, and that matches a virus definition or signature.
  • With AI, instead of relying on code signatures, machines can analyze the behavior of the programme and use machine learning to find a match, where that behavior is predictive of malicious code.
  • The industry learns from case study such as Netflix who uses machine learning to automatically categorize and offer suggestions by aggregating across the entire database of films and users.
  • Machine learning has the ability to detect and predict new, complex threats. For example, privileged activity within an internal network can be tracked, and any sudden or significant spike in privileged access activity could denote a possible insider threat. If it is found to be a successful detection, the machine will reinforce the validity of the actions and become more sensitive to detecting similar future patterns.
  • Ease Burden on Cybersecurity Personnel - Machine learning is most effective as a tool when it has access to a large pool of data to learn and analyze from, reducing attack surfaces through predictive analytics. The volume of security alerts that appear daily can be very overwhelming for the security team. Automating threat detection and response helps lighten the load off of cybersecurity professionals who have to contend with prioritizing cybersecurity-related issues and can aid the detection of threats more efficiently than other software-driven methods.
  • Nonetheless, machine learning requires R & D and need to leverage on large data - a machine learning system can only only as good as the data that is fed in, which means that it can be manipulated based feeding on corrupted data.
  • According to research by Cylance, 62% of security experts believe that there will be an increase in AI-powered cyber attacks in the near future, and therefore, AI may be used as an intelligent cyber weapon. Bad actors could significantly develop their phishing attacks by using AI to circumvent machine learning-based phishing detection systems. In an experiment by Cyxtera, two attackers were able to use AI to improve their phishing attack effectiveness from 0.69% to 20.9%, and 4.91% to 36.28%, respectively.
  • Many cybersecurity experts have bold opinions on whether machines should be responsible to manage something as complicated as cybersecurity. According to IEEE, human and organizational responsibility for decisions should still be made by the people of the organization and its systems. Refusing to acknowledge the machine’s actions and pushing the liability on them is foolish and could give rise to a regulatory and public backlash.
  • Ultimately, the future requirements of cybersecurity are an interplay of advances in technology, legal and human factors, and mathematically verified trust. Effective cybersecurity should be about striking a balance between human and machines. Where computers cannot, humans make sense of the data by ensuring machine-suggested actions have business value too. Humans bring the business, legal, and commercial value into decisions, whilst machines have the capacity and speed to analyze and interpret big chunks of data. Both human intelligence and artificial intelligence must work symbiotically for optimal results. This is the way towards a comprehensive solution that protects against the full spectrum of threats facing today’s businesses.

  • Estelle Chiu, Customer Success Manager, Horangi Cyber Security
  • Ryan Permeh, Chief Scientist of Cylance said Historically, an AV researcher might see 10,000 viruses in a career. Today there are over 700,000 per day - the workload demand increases as society progresses.
  • Kevin Lee, Executive Chairman of Horangi Cyber Security said that there would always be a human factor behind every cyber attacks.


Editor's comments:
  • Machine learning requires continued R & D - it helps to create jobs for software engineers and related industries.
  • Given the fact that machine learning is still a new technology, far fetched implications can yet to be ascertained - anything new is always good for industry leaders and startups.
  • The editor,too, votes for the establishment of the Human-Machine Symbiosis.

Humans vs Machines: AI and Machine Learning in Cyber Security