Artificial intelligence in modern cybersecurity operations – George Wrenn

George Wrenn, Research Affiliate, Management Science

From Security Now 

AI has been around as a sub-field of computer science since the 1950s, but has undergone many “fits and starts.” Different factions have over time Balkanized the definition of AI as well as the applications of the concept. This explains the “AI winters” that have at times derailed the field and distracted focus to other computer science fields such as robotics and machine vision. Fortunately, the field has matured enough to cease these arguments and delays in practical use. However ethical debates still rage as AI has a historical backdrop that is rooted in “machines simulating or replacing human thought and actions.”

Here’s how Wikipedia defines AI:

Computer science defines AI research as the study of “intelligent agents”: any device that perceives its environment and takes actions that maximize its chance of successfully achieving its goals. More specifically, Kaplan and Haenlein define AI as “a system’s ability to correctly interpret external data, to learn from such data, and to use those learnings to achieve specific goals and tasks through flexible adaptation.” Colloquially, the term “artificial intelligence” is used to describe machines that mimic “cognitive” functions that humans associate with other human minds, such as “learning” and “problem solving.”

The evolution of AI has progressed from Cybernetics, which sought to replicate or simulate the human mind in computational endeavors, then evolved into cognitive as well as symbolic logic and expert systems, then lastly converging into the idea that a “general purpose intelligent machine” capable of performing most all functions and problem solving.

Fast forward to the present, AI is now broken down into a variety of approaches that include everything from ethics to statistical methods. Largely abandoning the historically conflicted evolution of the science.

Modern paradigms

As a rapidly evolving field of science, AI has become flexible to new approaches and tools allowing even cutting-edge technology such as quantum computing under its umbrella of methods.

In the spirit of this article we will explore common modern approaches and how they are applied to helping solve cybersecurity problems. Also, we will discuss how “chaining” of AI concepts and methods are used to solve or assist in security challenges.

AI-powered search

The first of such approaches is search, which is slightly different than traditional “Google” or brute force “match and report” methods. In modern AI the search adds some intelligence in the form of optimization seeking, that is to say the search is not just matching data but comparing the data to a given goal such as optimality, relationship to other data or simply pruning vast amounts of data to sets that meet a specific goal or outcome. More importantly these methods can nest beneath yet more intelligence, such as application of Darwinian like genetic algorithms that iteratively look for better results or mutate to become better at finding a solution to a problem.

Practical use in cybersecurity 

An example of this AI approach in cybersecurity is combing through massive data sets in the form of log files. Traditional and legacy security systems simply looked for keywords or things like IP addresses that matched known threat origins. However, using AI in cybersecurity operations can not only find these keywords, it can dynamically mutate the search algorithm to find other data that may also indicate threat events. This presents a much more robust automation capability for many log and security event analysis systems, not to mention increase the confidence of results found or alerted to lessen the human burden of investigation of false positives. In a nutshell AI enabled search has a myriad of known and yet to be discovered uses that are already reducing errors, finding threats and reducing false positives. All of which are desirable in today’s oft understaffed security operations departments.

Read the full post at Security Now.

George Wrenn is a Research Affiliate in Management Science at the MIT Sloan School of Management.

Leave a Reply

Your email address will not be published. Required fields are marked *