Using AI and Machine Learning to Anticipate Cyber Threats

By Russ Banham, Contributor

Why battle hackers human to human when robots can fight instead? Artificial intelligence and machine learning applications now have the capability to draw a bead on a probable cyber attack, giving companies time to ward off the infiltration.

The work of analyzing data to discern a possible threat like malware, phishing and denial of service attacks has predominately fallen to corporate information security professionals. Eyes glued to large monitors charting the flow of data traffic across the network, the security experts hunt for anomalies indicating the presence of an outsider.

But with so much data clogging networks and systems today, and so many malware variants to scout for, people need help sniffing out the possibility of an attack.

“Digging through so much data to solve the magnitude of a problem like a cyber attack requires more than just human-derived decisions,” said Adnan Amjad, a partner in the cyber risk services practice of Deloitte. “Predictive technologies like AI and machine learning can help do the digging, excavating the relevant data for people to make better decisions.”

Clearer Vistas

Such help is direly needed in this age of big data, given the vast volumes of information companies create and consume, in many cases requiring analysis and protection by outside computer security specialists. A case in point is Secureworks, which provides information security services that protect customers’ computer, networks, and information assets from malicious activities like cyber attacks. The company reviews hundreds of thousands of files each day, looking for evidence of a possible breach.

“Predictive technologies like AI and machine learning can help do the digging, excavating the relevant data for people to make better decisions.”

— Adnan Amjad, Cyber Risk Services, Deloitte

“In addition to traditional sources of data like servers, huge volumes of data now flow from smartphones and the internet of things,” said David Stevenson, Secureworks’ senior manager of data science. “In this massive amount of data, it’s not uncommon to see thousands of malware variants and tens of thousands of malicious URLs. It’s our job to confirm that something that looks suspicious actually is suspicious.”

This is not a task for the fainthearted. “The amount of data a human analyst can process is relatively limited; we’re talking mounds and mounds of data literally boggling the mind,” Stevenson explained. “To help process this ever-rising volume of information, we’re deploying proprietary deep learning applications that we’ve developed in-house. We believe these tools have the potential for us to better predict cyber threats.”

Other cyber security experts see similar value in the predictive technologies. “Machine learning can identify network traffic that is not `normal’ for the company,” said Max Solonski, chief security officer at finance and accounting automation software provider BlackLine. “For example, if someone swipes a security badge in the office and then logs on to a company’s computer remotely from halfway around the world, it does not correlate with normal activity [and] the machine learning tool will flag it instantly, alerting the security analysts of a potential breach.”

AI and machine learning are particularly useful for their ability to filter the “noise” of data traffic and zero in on high-priority security events, he added. “The tools learn about the traditional patterns of activity in the network to respond when something stands out as unusual,” Solonski said.

Amjad agreed: “Instead of using machine learning to ferret out security issues across the entire network, companies can narrow the hunt to the data most important to protect, using the tool to primarily monitor these assets.

Creative Crawling

Stevenson from Secureworks noted another possible use of predictive technologies to combat cyber crimes. “Advanced learning tools can process very large volumes of text to draw conclusions that may indicate an imminent attack,” he said. “For instance, it would be possible to crawl the web and download large volumes of text for natural language processing by a deep learning application. Such an application could identify potential threatening intent – for example, on social media – even if indications are subtle, by analyzing the words, tone and content of posts as they are published.”

“The amount of data a human analyst can process is relatively limited; we’re talking mounds and mounds of data literally boggling the mind.”

— David Stevenson, Senior Manager of Data Science, Secureworks

Solonski said security firms can use machine learning to aggregate information from their customer bases and learn how malware progresses in a company that endures an attack, “providing insights into helping other customers avoid the same fate.”

Nevertheless, the information security experts said the use of machine learning and AI to fight cyber crime is in its incipient stages. “There’s a lot of talk about it and we’re certainly seeing some progress, but we’re not at a stage of ‘solving world hunger,'” Amjad said.

Stevenson concurred. “Certainly, we will see a lot more use of these technologies in the future,” he said. “As data volumes grow and analysis becomes more of an uphill climb, both AI and machine learning are opportune ways to lighten the load.”

Russ Banham is a Pulitzer-nominated financial journalist and author who writes frequently about cyber security.