The state of AI in cyber security

Avatar

With so much hype over these last years in Artificial Intelligence, it makes us wonder whether AI is already prepared to take over our business security or not. Many mathematical models have been designed for purposes such as computer vision, evolutionary computation, natural language processing, robotics and so on. While all these fields have experienced a great growth as many people have been developing new techniques, it seems that artificial intelligence in cyber security is still falling short.

There are four main reasons why AI is not keeping up with their other relatives:

The first reason falls on the definition of security itself. Most of the times organizations are not allowed to move and use most of the data that is gathered from IDS’s, IPS’s, WAF’s, F5’s and so on. Therefore, the task to build a huge dataset and give it to a mathematical model for training purposes gets harder.

The second reason is the lack of proper investigation. Cyber security is a closed field mostly working in secrecy and this may not help researchers get into it and do extensive studies that can help to develop this field further. Thus, the chances to involve enthusiastic young people in looking to solve security model problems is reduced by half. As an example, if we take a look at Kaggle.com and perform a search for security datasets, we will see that there aren’t many to say the least.

The third reason is the huge amount of data in cyber security. IP capture packets, payloads, malware data, phishing data, proxy data and threats are just a few that may contain a huge number of variables and information in themselves. Having such a big bucket, the task to create mathematical models to include and classify all these variables for every type of data gets more complex.

The fourth reason relies on the computational side. It takes a huge amount of processing work to be able to obtain insightful results. Many cloud platforms such as AWS, GCP and Azure help in this processing task, so companies don’t have to rely on the hardware side. However, as we stated earlier, uploading non-disclosed security information to the cloud is not something companies are willing to take. Unless, this data is already on the cloud or the company has the CDO’ agreement to use it.

To finalize, we as industry, should try to declassify some out-to-date information so researchers have more datasets to work with and can help our field to use the power of AI to detect threats and stop real time attacks.

Author: Victor Cardona

Leave a Comment

Responder to capture NetNTML