AI being put to work to help solve our cyber security crisis


You don’t need to have been victimized by the WannaCry ransomware—or worried about hack attacks on presidential elections—to understand that cybersecurity is the most pressing technology problem of our time and may soon become the biggest problem, period.

The threats are constant and relentless:

  • One third of all Internet traffic is malicious packets generated by software routines.
  • Every 4.2 seconds a new piece of malware is generated.
  • Ransomware attacks increased 36 percent last year and generated more than $1 billion in revenue for cyber criminals.

Fending off the onslaught of attacks is a nearly insurmountable task for security professionals. But it’s a perfect job for machines that can parse thousands of logs a second and identify potential threats a human might not even see. That’s why artificial intelligence (AI) has become a key weapon in the fight against cyber crooks, rogue hackers, and aggressive nation states.

But experts also warn that AI is not a magic fix. Machine learning (ML) systems are only as good as the data used to train them. AI produces more false positives than humans in many instances. And every technique used to fight attacks invariably gets co-opted by the attackers themselves. What happens when the bad guys start using AI against us?

The need for speed

Just as algorithms replaced humans for automated stock trading, AI will be needed to keep pace with constantly morphing malware and attack vectors, says Rick Grinnell, founder and managing partner of Glasswing Ventures, a venture firm focused on AI startups.

“Even the best human brains ultimately won’t be able to keep up with this pace of changing attack strategy,” he says. “Even if they could, it would be impossible to push the new defense patch or update to each endpoint, device, or network in time to prevent or stop an attack. Fast-to-react AI-based solutions will be required at multiple points in the network, from the endpoint through the various layers of public and private networks.”

One of the most pernicious attacks—and among the hardest to detect and thwart – are advanced persistent threats (APTs), where attackers quietly take up residence on a target’s network for months to observe user behavior and perfect their attacks. That’s how Russian security forces compromised the servers of the Democratic National Committee and how Chinese cyber attackers infiltrated government computers in more than 100 countries in 2009.

Read the source article at Enterprise.nxt.