By John King
With the success of Google’s AlphaGo and IBM Watson—the poster children of the third wave of artificial intelligence, or AI 3.0—there is a prevailing question about the extent of human capabilities that AI can automate.
We know that the AI subfield of machine learning has delivered exceptional results wherever quality data is available. And with the cyber threat landscape constantly evolving, machine learning technology is being employed more and more in the field of cyber security.
In the world of retail, the pressure is on to integrate new devices and technologies in order to provide a converged shopping experience via multiple channels. But with these added channels comes increased risks, making cyber security a top concern for the industry. The price of protecting consumer data—especially crown-jeweled loyalty program information—keeps rising, with cyber breaches now costing close to $165 per record. Yet even as retail CISOs struggle with constant budget constraints to secure their network, there is still pressure to continue adding massive amounts of in-store IoT devices, mobile connections, and new payment systems to their networks, such as point-of-sales devices.
Detecting malware, in particular, is a major challenge for retailers. In 2015, the number of zero-day vulnerabilities discovered saw a 125 percent increase from the year before, and the trend has only continued since then. Zero-day threats present a unique challenge for security providers as these threats cannot be detected using the same methods to protect against known malware, which traditional antivirus vendors have identified and blacklisted. This, however, is exactly the sort of problem machine learning is designed to address: one that requires deduction and novel solutions.
The most notorious retail malware of 2016, Shifu and Dyer, were detected by this type of cognitive cybersecurity system; namely, SparkCognition’s next generation Anti-Virus, DeepArmor. DeepArmor, which is powered by advanced natural language processing (NLP) and an ensemble of machine learning algorithms with reinforcement learning, accomplished this feat by comparing the DNA of new threats to that of the millions of threats on which it’s been trained.
Imagine a system that can find new and sophisticated threats across your IT systems, research and reason like a human expert, and deliver remediation, all while keeping things in context to cut down reaction time by 60x. AI today has the power to do so even when the problem is so fluid. In essence, what systems such as DeepArmor offer is the mind of a security expert that can detect and make decisions at a machine scale, leveraging cognitive pipelines to detect zero-day threats in seconds.
Humans derive conclusions from research, reason, inference, and by analyzing multiple inputs within context. To have the same capability, a true cognitive security system must be able to perform static analysis on unknown files, make a reasoned prediction on the true intent of those files and conduct automated threat research in natural language to deliver recommendations or remediation.
Automating security is similar to automating a car. While there are easily enough data available to properly train the vehicle’s basic behavior, there will also be new situations where the car has to make decisions based on its own reasoning engine.
For cyber security software, achieving this kind of independent reasoning means drawing from reinforcement learning and multi-agent systems—as well as an understanding of unstructured data—in order to identify and aid with diverse threats. By combining these very human capabilities with the scale and efficiency of machine operations, AI can mimic and surpass human capabilities in the cybersecurity arena.
