Over the last decade the use of technologies that intend to automatically prevent, detect and remediate Cyber Security (CS) threats, has exploded. Some of the largest CS technology and services companies today, such as Darktrace, Cybereason, Cylance (Blackberry), Tessian, Crowdstrike, Fortinet, VectraAI and many others, became and remained global players amongst other to the use of Artificial Intelligence (AI), on the basis of automation and Machine Learning (ML). Some of these companies use a variety of automated advanced analytics, specifically looking for trends in large volumes of data. They try to identify malicious activities in network traffic, machine behavior on endpoints and human behavior on the basis of pre-defined signatures of what is good and bad.
Relying upon millions and billions of transactions to build historical databases to detect patterns, and recognize the patterns in near real-time traffic, report them and allow for preventative actions to be taken.
In some more innovative cases, technologies allow for automated preventative actions to be taken by the systems themselves without human intervention. Fortinet calls this “Self-Healing“.
But many of today’s AI offerings do not actually meet the intelligence test. While they use technologies that analyse data and let results drive certain outcomes, AI could go further, reproducing cognitive abilities to automate tasks. Most of what many systems mainly do, is data analytics, a static process that examines large datasets in order to draw conclusions about the information they contain with the aid of specialised systems and software.
Data analytics is neither adaptive nor self-learning. There is in principle nothing wrong with that approach, as it supports the millions of daily automated cyberattacks taking place by bots looking for vulnerabilities in systems, networks being used by cybercriminals. It is an arms race. Hackers are continuously using similar technologies and approaches for reconnaissance, collecting millions of datasets, in order to find high value and low risk manners to drop their payloads into the naïve companies that consider not being targeted at all as an organisation.
AI systems are adaptive and dynamic. They become smarter with the more data they analyze, they “learn” from experience, and they become increasingly capable and autonomous as they go.
With the CSAI.network, our aim is to move beyond the stage of automated data analytics and to seek for models and techniques that provide some degree of intelligence beyond this level, that can serve CS technology approaches. We investigate the potential of the newest AI technologies, combining the best of both symbolic and subsymbolic techniques (such as Machine Learning – ML), by using a store of domain-specific knowledge; mechanisms to acquire new knowledge; and mechanisms to put that knowledge to use. ML, expert systems, neural networks, and deep learning are all examples or subsets of AI technology today. ML uses statistical techniques to give computer systems the ability to “learn” (e.g., progressively improve performance) using data rather than being explicitly programmed. These data-driven techniques work best when aimed at specific tasks rather than a wide-ranging mission.
Specific tasks are being provided by CSAI industry partners. Expert systems are programs designed to solve problems within specialized domains, and learn from human knowledge. By mimicking the thinking of human experts, they solve problems and make decisions using for example fuzzy rules-based reasoning through carefully curated bodies of knowledge. We will also look into newer techniques based on neural networks, like generative adversarial networks, extremely relevant in the arms race context of CS. We investigate how we can adapt deep learning techniques, now mainly tailored for vision, to identifying cyber attacks.
As an example, image recognition via deep learning is often better than any human capabilities, used in a variety of existing applications such as autonomous vehicles, scan analyses, security monitoring and medical diagnoses. Our ambition is to start from the current applications and to boldly go beyond to support Cybersecurity with AI techniques for prevention, identification, protection, detection, response, mitigation and control.
With this platform, we aim to collect and redistribute knowledge and expertise; detect, reflect and advance in actions, capabilities, research and operations; suggest, give insights and pointers; allow for companies to get started; build and grow a network of experts.
Connect and contribute; learn and educate; help expanding this exciting discipline of technology and expertise.