AI to cyber security rescue

Artificial intelligence is making small but impactful inroads into the world of cyber security.

15 July 2016
Dominic White, SensePost


While many people are not aware that they encounter artificial intelligence (AI) on a daily basis, the reality is the technology has become entrenched in nearly all aspects of the internet. Now, AI is making inroads into the world of cyber security, with startups leading the charge.

In fact, security startups, leading academics, government agencies, and some of the largest digital security firms in the world have invested heavily in AI technology for cyber security. These entities believe that recent advancements in processing power could allow computers to outperform humans when it comes to many aspects of defending networks.

The adoption of AI comes on the heels of growing concern among companies and governments that they might be losing control over cyber security. The rapid changes in how people use technology to communicate and the increased number of connected devices mean that points of weakness are increasing.

Because the pace of change has been so rapid, security hasn’t adapted fast enough and hackers are taking full advantage of that. AI may be the only solution to keep up with cyber criminals, and numerous computing methods of AI have been increasingly playing an important role in cyber-crime detection and prevention.

Intel Security Group estimates that cyber-crime costs the global economy more than a whopping $400-billion annually. That’s more than the national income of most countries. To make things even more unsettling, over 390 000 malicious programs are released every day in attempts to infiltrate computer networks and steal trade secrets and personal data, according to Intel.


A recent whitepaper from the International Journal of Artificial Intelligence & Applications states that numerous computing methods of AI such as computational intelligence, neural networks, intelligent agents, artificial immune systems, machine learning, data mining, pattern recognition, fuzzy logic, heuristics, etc., are increasingly playing an important role in cyber-crime detection and prevention. It explains that AI enables security experts to design autonomic computing solutions capable of adapting to their context of use, using the methods of self-management, self-tuning, self-configuration, self-diagnosis and self-healing.

“When it comes to the future of information security, AI techniques seem a promising area of research that focuses on improving the security measures for cyber space,” the research paper notes.

Marco Slaviero, lead researcher at security firm Thinkst, says it’s worth a reminder that AI is a very broad term and encompasses a huge array of tools, techniques and approaches.

These vary from emulating neurons and the evolutionary process, to older approaches like fuzzy logic and heuristics, he says. “While the public may think of AI in movie terms – all-knowing, capable of advanced thought – the reality is it is much more domain-specific and usually more mundane,” says Slaviero.

However, he adds the use of AI in cyber security is nothing new. For example, spam filtering has long employed filtering and learning techniques from AI.

Anti-virus software has anomaly detection and uses heuristics, which trace their roots to AI. More recently, there have been efforts to use AI to determine if documents such as PDFs contain malware or not, to make actions like e-mail attachment-opening safer.

“What these have in common is classification – determining if an e-mail, program, network probe or file appears to be dangerous. But the approaches were not relying on large-scale machine-learning. “More recently, fuzzers – programs that try to crash other programs to highlight bugs – have relied on AI to reduce the amount of work they need to perform. “In the past couple of years, we’ve seen the emergence of machine learning as a way to enhance malicious activity detection.”

Academia roots

For Dominic White, CTO of information security firm SensePost, historically, AI has been spoken about a lot, but rarely actually used in the world of cyber security. “In the past, it's been referenced in academic articles, but rarely used in resulting products.”

Etienne Greef, CEO of the SensePost group holding company SecureData, says traditional cyber security has relied on signatures, whitelists and blacklists. He notes the move towards intelligent, self-learning and adaptive detection/reactive solutions has greatly increased in the past two to five years.

“AI has traditionally been an academic pursuit. This has evolved over time to fit into fields where problem-solving based on predictable decisions is key. A prime example of this is navigation. Think of the early problems faced with using a GPS, being directed up dead-ends, one-ways, etc. Today, we rely on GPS and assisted guidance on a daily basis, with Google Maps and Waze providing real-time route recommendations based on changing road conditions,” Greef says.