The functionalities, or characteristics of an Artificial Intelligence system in cybersecurity
As it relates to cybersecurity, there are three main functionalities of an Artificial Intelligence system which makes it quite different from the other security tools that are available. They are as follows:
1) It can learn:
One of the main themes that has been pointed is that a good AI system can learn, with or without human intervention (of course, the latter is much more preferred). The way that it learns is that literally billions of pieces of data are fed into it, via many intelligence feeds. Once this data is fed into it, the Artificial Intelligence tool can then “learn” from it by unearthing any trends or threat vector-based attack signatures that have not been discovered previously. It can even also learn from known trends as well.
By combining these two together, the AI system can then make reasonably accurate observations or predictions as to what the cyber threat landscape will look like on a daily basis, if that it is what the main purpose of has been designed to accomplish. It is important to note, while this is done on a 24 X 7 X 365 basis, the data and information that is fed into it must be done on an almost minute by minute basis. If this is not done, the AI system can lose its robustness very quickly, can literally become “stale”.
Also, based upon the datasets that are fed into it, a good AI system can also even make recommendations to the IT Security team as to what the best course of action it can take in just a matter of minutes. In this regard, Artificial Intelligence can also be used as a vehicle for threat mitigation by the cyber incident response team. An AI system that is designed for the cybersecurity industry can also digest, analyse, and learn from both structured and unstructured datasets (this even includes the analysis of written content, such as blogs, news articles, etc.).
2) It can reason:
Unlike the other traditional security technologies, Artificial Intelligence tools can also reason and even make unbiased decisions based upon the information and data that is fed into it. For example, with extremely high levels of accuracy and reliability, it can “… identify the relationships between threats, such as malicious files, suspicious IP addresses or insiders.” (SOURCE: 1).
In other words, an AI system can look at multiple threat vectors all at once and take notice of any correlations that may exist between them. From this, a profile of the cyber attacker can be created and even used to prevent other new threat variants from penetrating into the lines of defences.
Very often, a cyber attacker will launch differing attacks so that they can evade detection. For example, cyber attackers have been known to hide their tracks after penetrating an IT/Network Infrastructure by covertly editing the system logs of the servers, or even just simply reset the modification date on a file that has been hijacked but replaced with a phony file.
These cannot be detected by the standard Intrusion Detection Systems (IDSs) that are being used today; they can only be discovered by anomalies if significant deviations can be found. But with the use of AI, these and other hidden commonalities can be discovered very quickly in order to track down the very elusive cyber attacker. Also, an AI system does not take a “garbage in/garbage out” view of a threat vector. It tries to make logical hypotheses based upon what it has learned in the past. In fact, it has been claimed that Artificial Intelligence can respond to a new threat variant 60X faster than a human could ever possibly do.
3) It can augment:
Again, as it has been mentioned before in the last subsection, one of the biggest advantages of Artificial Intelligence in cybersecurity is that it can augment existing resources. Whether it is from filling the void from the lack of the labour shortage, or simply automating routine tasks that need to be done, or even filtering through all the false positive warnings and messages to determine which of those are for real, AI can absorb all of these time consuming functions that can take an IT security team hours to accomplish and get them done in just a matter of minutes. It can also be a great tool to conduct tedious research-based tasks, can calculate the levels of risk very quickly so that the IT security team can respond to a cyber threat in just a matter of seconds and mitigate it quickly.
It is important to keep in mind that although the use of Artificial Intelligence will be a great boon for the cybersecurity industry in some regards, it can also be a grave threat as well. For example, these kinds of tools are also available to the cyber attacker, and can also be used for nefarious purposes, for creating what are known as “deepfakes”. No one business entity should rely upon Artificial Intelligence 100% completely, it should be used as a supplement to the existing IT and network infrastructure.
Click here to read Part 1 of this series on Artificial Intelligence in cybersecurity.
Ravi is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas.Tech, Inc. He is also studying for his CompTIA Security+ Certification.