Artificial Intelligence for Cybersecurity

As improved machine learning algorithms enhance the cognitive ability of artificial intelligence, analysts claim it to replace human intelligence at some point of time in future. While that state is still a good several year away, the cyber industry has already witnessed some practical implementations of shallow and deep learning algorithms that could be considered as the entry point for artificial intelligence through machine learning into the cybersecurity space. The areas of cybersecurity that have seen machine learning algorithms accelerating the attainment of cybersecurity objectives are the simpler and more established security disciplines:

• Anti-phishing and anti-malware

• Fraud detection

• Network intrusion detection

Another evolving area of cybersecurity that could benefit greatly from the application of machine learning algorithms is Continous Authentication - which I will talk about in my next post in the series.

Existing cybersecurity technologies have certain limitations across threat detection, prevention and mitigation as they are majorly governed by rule-based policies that enforce generic security policies and configurations. A lack of machine learning techniques applied to these scenarios deprecates learning from past examples of attacks and renders the experience gained by these systems useless. It is increasingly becoming important that we build systems that are capable of learning from past experience and adapt their behaviour accordingly. Applying machine learning techniques to cybersecurity can help organizations recognize patterns from past interactions with an entity and take actions that are guided by past experiences rather than programmed or pre-configured rules. With the application of appropriate machine learning algorithms for threat detection, prevention and response, security & risk leaders can expect to realize one or more of the following benefits in the short term:

• Reduced rate of missed detections – Use of 'one-shot learning' techniques can be effective here to learn and identify threat patterns that have previously been missed and/or are incorporated through other channels (manually or third-party systems)

• Reduced false positives – Application of 'continuous learning' techniques offer un-supervised learning for the creation of descriptive models that allow for real-time identification of 'false positive' patterns and adapt accordingly to minimize them

• Improved forensics & investigative capabilities – 'Deep learning' techniques help with processing and analyzing of loads of information gathered from collective sources (SIEM systems, log analyzers etc.) to correlate activities and extract meaningful patterns

Use of artificial intelligence technologies for driving business decisions has seen a good uptake in recent time but its relevance has remained largely limited to business applications, particularly CRM and ERP. With some of the (still conceptual) application of machine learning algorithms to perform feature selection, extraction and pattern recognition autonomously through a process is driving and will strengthen the adoption of artificial intelligence in cybersecurity.

For more on practical use-cases of cybersecurity leveraging on AI to deliver effective threat detection and response as well as Intelligent Identity and Access Management (IIAM), look out for my next Linked-in post :)