How AI is Sharpening the Edge of Cybersecurity

AI innovation has recently re-emerged as a key strategy for commercial enterprises, governments, and research institutions. One of the main areas where society stands to benefit greatly from Artificial Intelligence is cybersecurity

Illustration: Bigstock

Artificial Intelligence (AI) uses methods, algorithms, and systems that imitate the way humans think – to enhance our ability to carry out complex tasks. Some of the fundamental challenges of AI include learning, knowledge modeling, and reasoning. These solutions draw on concepts from computer science, statistics, and linguistics, among others, and embrace techniques for machine learning (ML), natural language processing, problem-solving, and automated inference.

AI has had its ups and downs since being established as a scientific discipline in the 1950s by academics from MIT, CMU, and IBM. Today, AI innovation has clearly re-emerged as a key strategy for commercial enterprises, governments, and research institutions. One of the main areas where society stands to benefit greatly from AI is cybersecurity. In fact, a recent IBM survey across hundreds of global decision-makers showed that 46% of responders believe AI can help their organizations improve security and compliance, and reduce risk in their business operations.

What fueled the renewed interest and investment in AI-based cybersecurity? The main force is the continuous onslaught of digital data being generated and the need to analyze it. All the critical digital systems we rely on for day-to-day living generate data. From on-premise computer systems to cloud platforms and internet-of-things services, all are producing data that is growing exponentially from applications, systems, users, and business processes.

On the one hand, this deluge of security-related data carries the potential to provide deep insights about emerging cyber threats. On the other, it requires new approaches to understand, reason, predict and respond to these threats. This is where innovative AI methods like machine learning come into play, alongside powerful computing infrastructures built for AI computations (like graphical processing unit arrays). These can perform complex computations and process sophisticated algorithms that craft valuable knowledge from raw digital data.

Leading tech companies and scores of startups and researchers have been racing to develop AI solutions that address cyber threats. Many of these research and product efforts focus on key AI paradigms such as machine learning and natural language processing.

One fascinating example demonstrating the use of an ML-based approach for cybersecurity solutions is user authentication. Traditional methods rely primarily on password-based schemes or biometric methods to authenticate an individual. Using AI, we can go beyond these traditional methods and have machine learning algorithms track the interaction profile of each user. By "learning" the user's click speed and geometric patterns of mouse movement, keystroke rhythm, and patterns, or the way they typically touch the mobile device – we can immediately detect whether the user is trying to type in a password or an imposter is trying to gain access with a stolen password.

We can also use machine learning to detect phishing websites and blacklist them and limit access to reduce the damage and risk to users. The technique works by automatically analyzing site data such as the document structure, URL, text, and even images like company logos and their wording. Based on these characteristics, AI algorithms trained to differentiate between legitimate and phishing sites can generate an alert if a site is a fake one set up by hackers.

AI and ML are also ideal for quickly detecting new and zero-day malware, by investigating properties related to the structure and content of the suspected file or script. The next generation of malware detection solutions are based on AI techniques and algorithms that allow in-depth file inspection and high throughput to identify suspicious files and execution scripts before they have time to cause further damage.

Powerful solutions based on the three approaches mentioned here have already been developed at the IBM Cybersecurity Center of Excellence in Be'er-Sheva and integrated into IBM Security products. Feedback from users indicated that these techniques led to notable improvements in the protection of users against web fraud. In the upcoming Cybertech 2018 conference, a panel session titled "Opportunities in the AI Era" is a great opportunity for conference attendees to learn about the latest accomplishments and challenges in applying AI to deter emerging cyber-threats. Panelists in this session include industrial and academic AI experts along as users of AI technology.

Capitalizing on a significant body of academic research, providers of security solutions are beginning to invest in advanced AI-based malware detection products that leave traditional methods in the dust when it comes to accuracy and staying on top of the malware developments.


Dr. Yaron Wolfsthal is the Director of the IBM Cyber Security Center of Excellence in Be'er-Sheva, Israel