slide 1: 10/4/2019 Artificial Intelligence in Cybersecurity - usm systems - Medium
https://medium.com/swetha23/artificial-intelligence-in-cybersecurity-4a7608564fc1 1/7
Articial Intelligence in Cybersecurity
usm systems
Jul 21 · 8 min read
AI has made some inroads in the cybersecurity sector and several AI vendors claim to
have launched products that use AI to help safeguard against cyber threats. At Emerj
we’ve seen many cybersecurity vendors offering AI and machine learning-based
products to help identify and deal with cyber threats. Even the Pentagon created the
Joint Artificial Intelligence Center JAIC to upgrade to AI-enabled capabilities in their
cybersecurity efforts.
In this article we list out some of the more common use-cases for AI in cybersecurity
where there has been some evidence of real-world business use. Specifically we cover:
AI for Network Threat Identification
AI Email Monitoring
AI-based Antivirus Software
slide 2: 10/4/2019 Artificial Intelligence in Cybersecurity - usm systems - Medium
https://medium.com/swetha23/artificial-intelligence-in-cybersecurity-4a7608564fc1 2/7
AI-based User Behavior Modeling
AI For Fighting AI Threats
We begin our analysis of AI in the cybersecurity space with an explanation for why AI is
such a good fit for cybersecurity.
The Natural Fit for Artificial Intelligence in Cybersecurity
For a business safeguarding their data network security is critical and even small data
centers might have hundreds of applications running each of which needs to have
different security policies enforced. Human experts might take several days to weeks to
fully understand these policies and make sure the security implementation is successful.
Cybersecurity inherently involves repetitiveness and tediousness. This is because
identification and assessment of cyber threats require scouring through large volumes of
data and looking for anomalous data points. Companies can use the data collected by
their existing rules-based network security software to train AI algorithms towards
identifying new cyberthreats.
Understanding the consequences of the attack and the response needed from the
company also requires further data analysis. AI algorithms can be trained to take certain
predefined steps in the event of an attack and over time can learn what the most ideal
response should be through input from cybersecurity subject-matter experts.
Human security experts cannot match the speed and scale at which AI software can
accomplish these data analysis tasks. Additionally AI-based cybersecurity data analysis
software can complete the task with consistently higher accuracy than human analysts.
Large-scale data analysis and anomaly detection are some of the areas where AI might
add value today in cybersecurity.
Many cybersecurity intrusions usually operate over the enterprise network monitoring
the data going in and out of the network is one way to detect cybersecurity threats.
Monitoring each ‘packet’ of data that is part of the enterprise networks communications
is almost impossible for human analysts to monitor accurately.
slide 3: 10/4/2019 Artificial Intelligence in Cybersecurity - usm systems - Medium
https://medium.com/swetha23/artificial-intelligence-in-cybersecurity-4a7608564fc1 3/7
Machine learning-based software can potentially use multiple techniques such as
statistical analysis keyword matching and anomaly detection to determine if a given
packet of data is different enough from the baseline of data packets used in the training
dataset.
All of this seems to indicate that artificial intelligence is now starting to be seen as an
effective tool to gain serious advantages against fraudsters and hackers.
AI for Network Threat Identification
Enterprise network security is critical for most companies and the hardest part about
establishing good network cybersecurity processes is understanding all the various
elements involved in the network topography. For human cybersecurity experts this
means time-consuming work in tracking all the communications going in and out of the
enterprise network.
Managing the security of these enterprise networks involves identifying which
connection requests are legitimate and which are attempting unusual connection
behavior such as sending and receiving large volumes of data or having unusual
programs running after connection to an enterprise network.
The challenge for cybersecurity experts lies in identifying which parts of an application
whether on the web mobile platforms or applications that are in development or
testing might be malicious. Identifying the malicious applications amongst thousands of
similar programs in a large-scale enterprise network requires enormous amounts of time
and human experts are not always accurate.
AI-based network security software can potentially monitor all incoming and outgoing
network traffic in order to identify any suspicious or out of the ordinary patterns in the
traffic data. The data in question here is usually too voluminous for human cybersecurity
experts to accurately classify threat incidents.
In a real-world example the startup ShieldX Networks claims they use AI to speed up the
process of identifying which security policies are applicable for each application. In
addition the company claims its software can study the network communications data
for each application over a period of time and then generate suggestions for security
policy for that application.
slide 4: 10/4/2019 Artificial Intelligence in Cybersecurity - usm systems - Medium
https://medium.com/swetha23/artificial-intelligence-in-cybersecurity-4a7608564fc1 4/7
Apart from this in the banking sector AI vendors such as now acquired by eSentire
offer enterprise cybersecurity AI software that uses anomaly detection to identify
network security threats. The company claims its software can help financial firms and
banks with adversary detection and cybersecurity threat management.
AI vendor now acquired by eSentire offers enterprise cybersecurity AI software called
the VSE Versive Security Engine which they claim can help banks and financial
institutions analyze large datasets of transactions and cybersecurity-related data using
machine learning.
Versive claims banks NetFlow network protocol developed by Cisco for collecting IP
traffic information and monitoring network traffic proxy DNS data computer network
data as inputs to the Versive Security Engine. The software can then monitor enterprise
networks using anomaly detection to alert human officers in case of deviations in the
data that might be similar to events in past cyber threats.
AI Email Monitoring
Enterprise firms understand the importance of monitoring email communications in
order to prevent cybersecurity hacking attempts such as phishing. Machine learning-
based monitoring software is now being used to help improve the detection accuracy and
the speed of identifying cyber threats.
Several different AI technologies are being used for this use-case. For instance some
software use computer vision to “view” emails to see if there are features in the email
that might be indicative of threats such as images of a certain size. In other cases
natural language processing is used to read through the text in emails coming in and
going out of the organization and identify phrases or patterns in text that are associated
with phishing attempts. Using anomaly detection software can help identify if the email’s
sender recipient body or attachments are threats.
This use-case again highlights AI’s strengths with large scale data analysis. It is not
difficult for a human employee to read through an email and identify suspicious
features but doing so for millions of emails sent and received within large organizations
on a day-to-day basis is simply impossible. AI software can instead read through all the
slide 5: 10/4/2019 Artificial Intelligence in Cybersecurity - usm systems - Medium
https://medium.com/swetha23/artificial-intelligence-in-cybersecurity-4a7608564fc1 5/7
incoming and outgoing emails and report the most likely cases of cybersecurity threats
to security personnel.
For instance claims to provide email monitoring AI software that can help financial
firms prevent misdirected emails prevent data breaches and phishing attacks. The
company’s software likely uses natural language processing and anomaly detection in
different steps in order to identify which emails are likely cybersecurity threats.
AI-based Antivirus Software
Traditional antivirus software functions by scanning files on an enterprise network to see
if any of them match the signature of known malware or viruses. The problem with this
approach is that it is dependent on security updates for the antivirus software when new
viruses are discovered. Additionally this method makes traditional antivirus software
slow in terms of real-time threat detection and makes deploying a scalable system
challenging.
In contrast AI-based antivirus software in many cases uses anomaly detection to study
program behavior. Antivirus systems using AI focus on detecting unusual behavior
generated by programs rather than matching signatures of known malware.
While traditional antivirus software works well for threats that have been previously
encountered and identified through its public signature new threats are not easily
detected and resolved by these types of software. Steve Grobman SVP at McAfee claims
that most traditional antivirus software can achieve a 90 threat detection rate. The
added advantage that AI brings to the table in this use-case is in increasing the threat
detection rate to even 95 or above.
Cylance which was acquired by Blackberry claims their Smart Antivirus product
offering uses AI to predict detect and respond to cybersecurity threats. The company
claims that unlike traditional antivirus software Cylance’s AI-enhanced Smart Antivirus
does not need virus signature updates but rather learns to identify patterns that indicate
malicious programs from scratch over time.
AI-based User Behavior Modeling
slide 6: 10/4/2019 Artificial Intelligence in Cybersecurity - usm systems - Medium
https://medium.com/swetha23/artificial-intelligence-in-cybersecurity-4a7608564fc1 6/7
Some types of cybersecurity attacks on enterprise systems can compromise specific users
in the organization by taking over their login credentials without their knowledge.
Cyberattackers who have stolen a user’s credentials can gain access to an enterprise
network through technically-legitimate means and are thus hard to detect and stop. AI-
based cybersecurity systems can be used to detect a pattern of behavior for particular
users in order to identify changes in those patterns. In doing so they can alert security
teams when that pattern is broken.
AI vendors such as offer cybersecurity software that they claim to use machine learning
to analyze raw network traffic data to understand the baseline of what normal behavior
is for each user and device in an organization. Using training datasets and inputs from
subject-matter experts the software learns to identify what constitutes a significant
deviation from the normal baseline behavior and immediately alert the organization to
cyber threats.
AI For Fighting AI Threats
Companies need to improve the speed at which they detect cyber threats because
hackers are now employing AI to potentially discover points of entry in enterprise
networks. Thus deploying AI software to guard against AI-augmented hacking attempts
might become a necessary part of cybersecurity defense protocols in the future.
In the past couple of years companies around the world have succumbed to cyber
threats and ransomware attacks such as WannaCry and NotPetya. These types of attacks
spread rapidly and affect a large number of computers. It’s likely that the perpetrators of
these types of attacks might use AI technology in the future. The advantage that AI could
give these hackers is similar to what AI offers in businesses: rapid scalability.
Cybersecurity Vendor Crowdstrike claims its security software Falcon Platform uses AI
to guard against such ransomware threats. The software reportedly uses anomaly
detection for end-point security in enterprise networks. The video below demonstrates
how the software works:
The Future of AI in Cybersecurity
AI-use in cybersecurity systems can still be termed as nascent at the moment. Businesses
need to ensure that their systems are being trained with inputs from cybersecurity
slide 7: 10/4/2019 Artificial Intelligence in Cybersecurity - usm systems - Medium
https://medium.com/swetha23/artificial-intelligence-in-cybersecurity-4a7608564fc1 7/7
experts which will make the software better at identifying true cyber attacks with far
more accuracy than traditional cybersecurity systems.
Businesses need to understand that these systems are only as good as the data that is
being fed to them. AI systems are usually famously touted to be “garbage in garbage
out” systems and a data-centric approach to AI projects is necessary for continued
success.
The one challenge for companies using purely AI-based cybersecurity detection methods
is to reduce the number of false-positive detections. This might potentially get easier to
do as the software learns what has been tagged as false positive reports. Once a baseline
of behavior has been constructed the algorithms can flag statistically significant
deviations as anomalies and alert security analysts that further investigation is required.
Cybersecurity applications are among the most popular AI applications today. This is in
large part due to the fact that these applications rely on anomaly detection which
machine learning models are very well suited for. Additionally most large businesses
might already have existing cybersecurity teams product development budgets and IT
infrastructure to handle large amounts of data.
Want to know more about AI services then have a free consultation for USM systems
Cybersecurity Articial Intelligence Machine Learning Ai Services Ai Solution
About Help Legal