Ai in cyber
security
where do we stand today with
artificial intelligence in cyber security? First of all, i will stop using the
term artificial intelligence and revert back to using the term machine
learning. We don’t have Ai yet, so lets not distract ourselves
with these false concepts.
Where are we with machine
learning in security? To answer that question, we first need to look at what
our goal is for applying machine learning to cyber security problems. To make a
broad statement, we are trying to use machine learning to find anomalies. More
precisely we use it to identify malicious behaviour or malicious entities; call
them hackers, attackers, malware, unwanted behaviour, etc. But beware! To find
anomalies, one of the biggest challenges is to define what’s normal. For
example, can you define what is normal behaviour for your laptop day in day
out? Don’t forget all the exceptional scenarios when you are traveling; or
think of the time that you downloaded some game from the internet. How do you
differentiate that from a download triggered by some malware? Put in abstract
terms, interesting security events are not statistical anomalies. Only a subset
of those are interesting. An increase in network traffic might be statistically
interesting, but from a security point of view, that rarely ever represents an attack.
Resources :
1-https://www.information-age.com/role-ai-cyber-security-123465795/
2-https://medium.com/swlh/how-artificial-intelligence-is-changing-cyber-security-a243294ccdfe
