MixMode CTO and Chief Scientist, Igor Mezic, recently contributed an article for CPO Magazine that examines the evolution of Machine Learning (ML) and Artificial Intelligence (AI) within cybersecurity, the three waves of AI, and the modern-day application of predictive AI in cybersecurity to protect against adversaries who are also utilizing AI technology.
From the article:
Artificial Intelligence, Machine Learning and Deep Learning are terms that constantly get thrown around in cybersecurity to the point where they’ve got a bad reputation due to false promises.
However, as we move into a future with advanced adversaries that are also utilizing AI technology, the only option we have is to understand what distinguishes the good from the bad, and which type of AI or ML is truly helpful to the advancement of cybersecurity protections.
According to DARPA, the first two “waves” of AI that have been applied to cybersecurity don’t actually do much more than attempt to patch problems as they arise, and learn from these past attacks to try to prevent them in the future.
This may seem effective, and many enterprises continue to use them, but the problem is, by the time the First and Second Wave AI algorithms detect that an intruder is on the network and label it as such, it is already too late and likely that the hacker has accomplished whatever he has come there to do.
Third wave or Unsupervised AI is completely different from what’s presently being touted as AI on the market, as it does not depend on rules or labels to catch threats, and it is capable of stopping attacks that it has already seen before due to its ability to predict what should and shouldn’t appear on the network at any time.
This ”predictive” AI works by formulating a baseline of regular network activity after studying the network for just seven days. That way, it knows if its baseline has been disturbed, and the AI will spot it. This makes it very difficult to trick.
For an attack to be effective, the hacker would have to behave exactly as the network behaves, which gets the bad actor nowhere.
Third Wave AI Cybersecurity protects against some of these more advanced methods of attacks, like GANs, Ransomware, and Man in the Middle Attacks.
These types will not allow for a First or Second Wave AI approach because by the time you are responding to something like this, it is already too late.
The reactive AI approach, would be to patch it … to try to figure out if some traffic has been redirected, after the intruder already got in, redirected it, and did whatever damage the bad actor wanted to do.
Having a proactive, singular AI algorithm applied to all data on the network is a predictive approach that alerts analysts before an attack occurs.