Press "Enter" to skip to content

Artificial Intelligence’s Next Task: Defend Our Networks

Rob Lundy 0

It’s that time of year when the biggest names in hacking and cyber security gather in Las Vegas for the Black Hat USA convention. If the presentations at last year’s show are any indication, this week’s sessions on machine learning will be among the hottest at the event.Machine Learning and other forms of Artificial Intelligence continue to wow the general public as human levels of skill are achieved in activities ranging from beating world-class Go players to navigating the chaos of traffic.  Thought leaders from Elon Musk to Stephen Hawking have even gone so far as to issue warnings about the existential threat Artificial Intelligence poses to mankind should the technological genie get out of its bottle.

However, while futurists debate whether or not our algorithms will someday replace us as the dominant beings on earth, it is useful to keep in mind the powerful and practical benefits that machine learning and other forms of AI can provide to us today.  One such benefit is the potential for helping skilled security analysts to protect our networks from increasingly sophisticated cyber attacks.

An Answer to a Growing Issue

Despite the media awareness of cyber security issues and the salary premiums offered to security specialists, industry leaders make yearly predictions of growing labor shortfalls in cyber security. The problem is typically attributed to the increasing complexity and prevalence of cyber threats.  Part of the problem comes from the rapid growth of connected technologies. More networked devices present new opportunities for attackers while further adding unknowns for defenders.  Another part of the problem, well known by those in cyber security, is that cyber attacks have become much more profitable for the perpetrators.  Because of the increased payout, the perpetrators are able to afford personnel and tools to reverse engineer and defeat traditional forms of threat detection.  The rise of these determined attackers, often referred to as Advanced Persistent Threats (APTs), has been a major driver of innovation in cyber security for the past several years.

Machine Learning Brings New Hope…and Problems

One trend gaining momentum among cyber security vendors is the use of machine learning for threat detection.  Traditional methods of cyber security focused on the use of heuristics and rules to efficiently and accurately intercept known threats.  However, with the rise of APTs came a significant rise in customized attacks designed specifically to bypass a given organization’s threat defense.  Traditional methods of defense failed as even trivial customizations to malware code enabled it to bypass the sensors.  The industry began looking to machine learning for its ability to generate algorithms that generalize from known data in order to properly classify new and unknown data. The application of machine learning is not limited to malware detection.  As evidenced by Splunk’s acquisition of Caspida, a behavioral analytics company, the industry is seeing success in the use of algorithms to effectively classify and visualize the behavior of network elements. These developments give tier 1 security analysts the tools to perform at a higher level of skill.

With Great Potential Comes Great Challenges

Despite its great potential, getting machine learning to produce useful algorithms is no easy task.  One major challenge involves feature engineering.  Before the math can be let loose on a problem, data scientists need to determine the features of the problem that the model will analyze.  This is a naturally arduous process that requires an appropriate level of domain knowledge to be brought to task.  Domain knowledge in cyber security is varied and complex, requiring the data scientist to work closely with a network security expert.  In this case, feature design depends on the openness of communication between two types of individuals, both in short supply and each engaged in deep levels of thought within disparate technical disciplines.

Machine Learning Goes Deeper

Cyber security product vendors are starting to look toward a particular branch of machine learning that has been making impressive advances in recent years.  Deep learning is credited with giving computers the ability to correctly identify objects in photographic images, and the ability to parse meaning from natural human speech.

These deep learning models are based on “neural network” architectures, so called because they draw inspiration from models of the human brain. One of the processes replicated by deep learning is the automatic discovery of features significant to classifying data. In other words, deep learning methods remove the need for feature engineering.  This does not quite mean a free lunch since these methods have their own challenges and limitations. However, they can provide novel approaches to security problems that are better suited to a development team’s resources.  Already, companies are working with deep learning to identify unknown protocols or discover malware on enterprise networks.  Cyber security firm, Deep Instinct, prominently advertises its use of deep learning for endpoint protection.  At last year’s Black Hat conference, another endpoint protection provider, Cylance, demonstrated its research in converting code to bitmaps so that it could be analyzed by deep learning models.

The momentum in the field of deep learning should be a reassurance to innovators still looking to get involved. Growth of the field can be measured by one of its most prominent benchmark competitions, the ImageNet Large Scale Visual Recognition Challenge (ILSVRC).  The contest draws some of the biggest names in technology including IBM’s Watson Research Center, Google, Microsoft Research, and MIT, as well as many up and coming startups, competing to demonstrate deep-learning’s ability to surpass human capability in image and object recognition across several categories. Many of the category winners in last year’s competition were aided by deep-learning optimized platforms that featured NVIDIA GPUs to greatly reduce the time needed to develop and train deep learning neural networks. Three of the winning teams at ILSVRC 2015, including Microsoft Research and SenseTime, a leader in facial recognition for video surveillance applications, placed 1st in their respective categories supported by Deep Learning platforms developed by AMAX. By collaborating with AMAX, developers gained world class platforms both for use in their own ground breaking research and as security appliances to be deployed at customer sites in order to thwart the next generation of cyber threats. For more information on deep learning platforms or OEM services geared towards cyber security companies looking to bring an integrated security appliance to market, please contact AMAX to fast-track your development.

Rob Lundy is an independent technology and product marketing consultant with a decade of experience in hardware and software solutions for national defense and cyber security. He can be reached at