The Role of AI in Cybersecurity

By Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3 •  Updated: 01/12/22 •  6 min read

The cybersecurity market can be considered quite mature on a global scale. Yet, the cyber-attack landscape continues to grow, coming up with more intricate intrusion methods. In this regard, proactive cyber defense becomes extremely important for businesses to keep their cybersecurity posture 24/7 in real-time. That’s why organizations are increasingly looking for innovative ways to boost their cyber defense capabilities. For example, the Threat Detection Marketplace by SOC Prime helps to defend against the latest digital attacks easier, faster, and more efficiently through the proactive delivery of custom detection algorithms that can be used across multiple security solutions.

Another example is the growing tendency to adopt Artificial Intelligence (AI) which is widely discussed as the key factor leveraging the Fourth Industrial Revolution (Industry 4.0). AI can play a significant role in intelligent cybersecurity services, helping to detect and mitigate the newest threats.

Capgemini Research Institute published a report called Reinventing Cybersecurity with Artificial Intelligence. They strongly suggest that implementing AI in cybersecurity is urgent for modern enterprises to improve cyber analysis and respond faster to breaches. Also, survey respondents believe that using AI is crucial because attackers have begun to practice AI for malicious activities. 

While AI is a relatively new set of technologies, the development of working solutions can seem challenging. Let’s review some of the key concepts behind the role of AI in cybersecurity and briefly discuss the most popular techniques.

AI in Cybersecurity – Key Things to Know

AI is one of the most innovative technologies that can elevate the whole cybersecurity ecosystem to a new level. However, it is necessary to understand some critical concepts before considering a defined AI action plan. Below are a few overarching ideas about AI in cybersecurity that are widely discussed today.

AI-Powered Cybersecurity Starts From Detection

Cyber-attack sophistication increases exponentially, and it is necessary to establish effective detection approaches that can identify the newest threats as early as possible. SOC professionals have to deal with massive amounts of raw data and the growing number of unknown threats. That’s where AI comes in.

AI technologies can spot anomalies that can cause massive damage, yet they are often detected only after the infiltration. They can also mitigate and automate responses to a flow of threats that happened before and can be easily identified. This approach, if employed, saves human resources and expenses for data maintenance within a cybersecurity department of a company.

AI is Not Just a Single Technology

There is no single approach to AI in cybersecurity, as well as among other industries. Moreover, it’s not just one piece of software that can either be used or not. Instead, AI is a complex term that might refer to a whole range of various techniques and approaches.

The AI sophistication level that cybersecurity professionals can potentially employ depends on the variety of algorithms used and their successful intersection. For example, clustering techniques, rule-based approaches, survival analysis, and inductive logic programming could be combined with neural networks and deep learning. Although, the greater amount of techniques is not always the best solution. Researchers suggest identifying a general toolkit that can process the tasks with the help of data reduction, data mining, and analytics.

EU Issued Regulations

The European Commission issued the “Artificial Intelligence Act” on April 21, 2021. The draft regulation includes a set of horizontal rules for AI-related products and services within the territory of the EU. A prominent place in this act belongs to a “product safety framework”. Namely, the European Commission will establish a procedure of market entrance and certification for high-risk AI systems. 

Provisions of this law foster ad hoc protection for such systems, concerning a secure development lifecycle in high-quality datasets, transparency, human oversight, and cybersecurity. Namely, when it comes to cybersecurity, the law stipulates that the measures for preventing and mitigating attacks should encompass the newest threats to AI in particular. For example, those could be data poisoning (attempts to manipulate the training dataset inputs), model flaws, or adversarial examples, causing the trained neural networks to make mistakes.

In general, this new law represents the beginning of a new period in the global economy where companies will have to ensure compliance with AI security regulations before introducing new technological approaches to the international market. Cybersecurity of high-risk AI systems will play a crucial role in the certification procedure once it’s settled. So, while the developers’ community tests new algorithms in AI-based cybersecurity, it looks like they will have to make sure that AI on both ends (SOCs and the systems they defend) complies with regulations.

An Overview of AI Techniques in Cybersecurity

AI techniques have been widely used in scientific research regarding cybersecurity. However, there is little evidence of the application of AI in major systems like SIEM, SOAR, EDR, XDR, and other security solutions. For now, it is efficient to use online tools such as Uncoder.IO for instant translations of threat detection content and its fast integration into a variety of interfaces. Yet with AI, there is more room to grow.

Computer scientists have been testing AI methods like machine learning, deep learning, natural language processing, knowledge representation and reasoning, the concept of knowledge, or rule-based expert systems. These methods can be applied to threat detection, cyber-attack prediction, access control management, and more.  

Some of the AI techniques applied in cybersecurity were highlighted by Springer research:

● Clustering – for analyzing intrusion detection data

● Support vector machines – for classifying and analyzing information on attacks, threats, DDoS

● K-nearest neighbor – for intrusion detection and reducing the false positives

● Genetic algorithm – for the prevention of cyberterrorism and intrusion detection 

● Reinforcement learning, hidden Markov model, rule-based approach, random forests, naive Bayes, decision trees, adaptive boosting – for intrusion detection

● Neural network and deep learning – for detecting threats, attack and malware traffic classification

● Natural language processing – for semantic, syntactic, lexical analysis for automated research of the latest threats

● Fuzzy logic-based rules – for solving complex cybersecurity issues

Conclusion

The globalization of businesses leads to an exponential increase of networks’ scale and complexity, making it harder to track the data flow and detect cyber threats. AI can be used to meet the need to constantly monitor vast amounts of data and effectively respond to threats in real-time.

Also, AI algorithms can learn to combine various detection signals, explore non-linear logical relations, and come up with the best decision at the right moment in time. Meanwhile, behavior analysis of malware or ransomware attacks can also become more sophisticated and even predict the threats before they happen.

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3

Donald Korinchak is a Cybersecurity Professional in the Washington DC area. Donald holds an MBA from the University of Pittsburgh Katz School of Business. Donald is considered a thought leader in business, leadership, and cybersecurity issues.