Using AI To Fight Cyberthreats - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Data Management // Big Data Analytics
08:06 AM
Connect Directly

Using AI To Fight Cyberthreats

SparkCognition, working with Carnegie Mellon and IBM's Watson, aims to provide cyber-security researchers with better threat data using predictive models powered by machine learning.

Windows 10 At 1 Year: 9 Ways It's Changed
Windows 10 At 1 Year: 9 Ways It's Changed
(Click image for larger view and slideshow.)

SparkCognition, a company that applies machine learning to predictive analytics, has begun working with Carnegie Mellon University's Software Engineering Institute (SEI) to develop an automated threat identification and remediation system that works in conjunction with IBM's Watson.

As part of the arrangement, SparkCognition says it plans to train researchers at SEI's CERT Division how to use IBM Watson to record and index vulnerabilities in the Common Weakness Enumeration (CWE) list and CERT Secure Coding Rules. By doing so, the researchers will make vulnerability information more accessible and more useful to those focused on protecting critical national infrastructure.

To fight automated attacks, organizations need automated defenses in order to help security professionals separate signal from noise.

"Cybersecurity has evolved to a point that without AI, it's really hard to keep up with all the attacks today," said CEO Amir Husain in a phone interview. "The purpose of this partnership is to combine our collective capabilities, and to be able to predict attacks even when the specific threat is not something that's been seen before."

(Image: SparkCognition)

Through automated modeling and machine learning, which the company uses outside the security industry to anticipate wind turbine failure, SparkCognition can predict the behavior of unknown software and flag it for analysis. Husain said these sort of models can help people make better decisions by presenting them with better information.

"AI will find things for me to pay attention to," said Husain, stressing that companies should not seek to completely automate their defenses out of concern for liability, "for the same reason the military does not want AI to pull the trigger."

It's an approach that Husain argues is superior to traditional antivirus tools like blacklists and signatures.

"The rate at which these attacks are being created is so rapid no blacklist can keep up," said Husain.

SparkCognition's SparkSecure automates the process of analyzing inbound and outbound server log data to aid in the detection of malicious software, bot traffic, and suspect IP addresses. It looks at how software is built and the resources it uses before the code gets run.

[See 10 Hot Security Technologies Enterprises Need Now.]

Husain said his company's system has flagged malware that was missed by more than 60 antivirus engines. When analyzed by a security researcher, the flagged software turned out to be a common decompression utility that had been injected with a previously unseen -- and thus undetectable by signature -- strain of malware.

The role of IBM Watson in this ecosystem is to provide advice, available through natural language queries, to those responsible for dealing with threats. Having been fed massive amounts of security-related information, like device manuals and vulnerability data, Watson acts as a AI help desk.

Husain contends his company's technology is ideal for organizations that have a security information and event management (SIEM) system in place that either is being underutilized or is overloading administrators with alerts.

More than half of all website traffic comes from bots, many of which are trying to scrape data, scan for vulnerabilities, or facilitate identity theft, said Husain. AI can make sense of that vast amount of data more readily than a person.

(Cover image: alengo/iStockphoto)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
Charlie Babcock,
User Rank: Author
7/27/2016 | 6:06:33 PM
A necessary move: automated defense
Machine learning as a pillar in defenses against cyber attacks is absolutely necessary and overdue. Whether Watson or some other system, the analysis of constantly evolving malware must be done by automated means to identify it and take remedial action more quickly. This is a good development.
User Rank: Apprentice
7/27/2016 | 12:57:21 PM
Ibm watson as a virus checker ?
Thank you for the Image.
Numbers are crazy... between 400$ ~ 500$ billions... Hope IBM Watson will help in the future, maybe we will be able to "install it" as a Virus Checker.
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll