The rapid pace at which artificial intelligence (AI) has developed in recent years has begun to have transformative effects in a wide variety of fields.
In an increasingly connected world where cyberattacks are occurring with alarming frequency and magnitude, it’s no wonder cybersecurity is now turning to AI and machine learning (ML) to detect and stop attackers. The use of AI in cybersecurity not only expands the scope of what a single security professional can monitor but most importantly, it enables the detection of attacks that would otherwise have been undetectable to humans. Vectra, the provider of a platform for cyber security based on artificial intelligence, takes a critical look at the current development.
Despite the recent explosion in ML and AI research, no single method or algorithm works best in all cases. This has been formalized and presented mathematically in a result known as the No Free Lunch theorem (Wolpert and Macready 1997). No single algorithm outperforms all other algorithms across all possible problem areas, especially when considered under different real-world conditions such as spatial and temporal complexity and availability of training data.
Therefore, AI systems designed to detect advanced cybersecurity threats must be tailored to the specific problems they are used to address. You should use the best tools and algorithms available for the types of detections intended. As in other areas, Vectra believes that AI systems in cybersecurity must be validated according to the following criteria:
Can the AI system recognize, classify and make predictions that would not have been possible by humans alone?
How Does It Work?
Does the AI system make predictions and classifications that reduce the amount of human intervention and analysis required? Does it make predictions and classifications that increase the amount of human intervention and analysis required?
Developing an AI system capable of learning to achieve both goals simultaneously requires a deep understanding of the problem space and a breadth of understanding across machine learning algorithms in general.
Attempts to use monolithic solutions uniformly informed about the myriad security threats and gateways in modern networks will miss the former goal. At the same time, they generate too many false detections. Likewise, using multiple techniques or algorithms to detect each type of threat independently requires a complex knowledge of how each algorithm works and what possibilities it might have. Incomplete knowledge of the algorithm can result in underperformance in a system’s ability to detect a threat. Added to this is the additional workload that arises for network administrators due to false alarms.
Skilled cybercriminals are constantly coming up with new methods to attack networks and computer systems. In addition, networks and the devices connected to them are constantly evolving, from running new and updated software to adding new types of hardware as technology advances.
On the other hand, the current status of AI, while advanced, is similar in how it works to the human perception system. AI methods can process and recognize patterns in data streams, similar to how the human eye processes incoming visual signals and the ear processes acoustic signals. However, AI cannot cover all the knowledge of a seasoned system administrator, neither the knowledge of the networks that the administrator manages nor the complex web of laws, company policies and best practices that govern how best to go about it responding to an attack.
The development of the calculator did not reduce people’s need to understand mathematics but greatly expanded the scope and possibilities of what could be calculated. Hence the need for people with mathematical understanding to explore these possibilities.
Likewise, AI is just a tool that expands the scope and capabilities of detecting cyberattacks that would otherwise be undetectable. Anyone who has attempted to look at a high-frequency, multi-dimensional time series of encrypted traffic and determine whether that traffic is an attack or benign can appreciate the power of AI. For the foreseeable future, Vectra believes that artificial intelligence will remain a tool that makes it possible to detect and react to new, advanced cyber attacks over and over again.
Also Read: Storage Automation Requires AI