AI and the transforming cyber security landscape

AI and the transforming cyber security landscape

Sohrob Kazerounian at Vectra explains how artificial intelligence is particularly well suited for strengthening cyber security defences

Although 2020 will undoubtedly be remembered as the year of the global COVID-19 pandemic, another subtle trend may also come to be seen as a hallmark of the last year; namely, the maturation of Artificial Intelligence (AI).  Remarkably, this was not the result of any novel technological or conceptual breakthroughs, rather, it was due to successful iteration and improvement of existing algorithms and datasets.

Unlike previous periods where the promises of AI were short-lived and ultimately failed to deliver, the current AI renaissance is the result of the right techniques becoming popular at the right time, on the right technologies. This transition out of the realm of sci-fi speculation and into practical application is not only starting to make waves in expected domains (e.g., language understanding, computer vision, etc), but also beginning to transform fields like cybersecurity, which might not have been typically associated with AI.

In domains like cybersecurity, AI systems are not only proving capable at defending against attacks but are increasingly necessary in order to do so. This is a consequence of the fact that the scale of cloud and network traffic, as well as the speed at which they are generated, makes the task of detecting attackers impossible to human-eyes only. This is only further exacerbated by the fact that much of that traffic is either encrypted or otherwise not human-readable.

Like more traditional domains of AI research, the application of AI in cybersecurity is quickly moving from the realm of curiosity and proof-of-concept, to becoming a staple in a defender’s toolkit. As such, it is interesting to look at some of the breakthroughs in AI applications over the last year, and assess how those models in particular, and the trends they represent, might begin to affect cybersecurity in the next few years.

How Transformers are changing the world of AI

One of the biggest developments of the last year was OpenAI’s GPT-3 model (Generative Pretrained Transformer 3), which advanced the state of the art in understanding and generating natural language. The breadth of GPT-3’s abilities are impressive to say the least, already proving capable at tasks such as question answering, writing poetry and fiction, and even writing snippets of computer code in response to natural language descriptions of what that code should do. Unlike previous generations of AI-generated text, it has become increasingly difficult for humans to distinguish content created by GPT-3 from the work of other real humans.

GPT-3 makes use of a Transformer model in order to process sequences of text. Transformers make use of a mechanism referred to as ‘attention’ (not unlike our notion of attention when it comes to humans), in order to learn which portions of an incoming language stream the model should focus on.Here, Transformers can learn how different parts of the input are relevant in the context of others, enabling it to quickly relate distant parts of the input sequence. In short, this means that large chunks of the training process can be done in parallel, massively cutting down the time it takes for an AI to learn new tasks on ever increasing amounts of textual data.   

Developing GNNs

Another key area of development has been in the field of graph neural networks (GNNs), which enable deep learning AI to learn and analyse graph-structured data. This is a hugely influential area of study as there is a vast amount of data ranging from computer networks and transport routes to molecule and protein structures that all involve data sets that can be naturally represented as graph structures.

As GNNs start to gain wider attention, we expect their use will increase in a variety of fields. This is partly due to the fact that it naturally extends already proven Deep Learning and Neural Network algorithms to domains in which the data is not easily captured by older models, but allows processing of this data to occur with unified algorithms whose development is not domain-dependent. More specifically, advances in graph neural networks for protein structure prediction (for example), could readily advance the state of the art in models of computer networks, even though the fields have little to do with one another.

AI, friend or foe?

Interestingly, both GPT-3 and GNNs, as well as other AI models, may play increasingly prevalent roles in the domain of cybersecurity. While it is easy to imagine how Graph Neural Networks can be readily applied to various types of tasks regarding computer networks (themselves often represented as graphs), it is also interesting to note that generative models like GPT-3 will also start to gain adoption by attackers looking to expand their attack arsenal. 

Language models that can convincingly mimic human speech patterns, will begin to be used for things like widespread automation of targeted spear phishing. Specifically, these types of models  lower the barrier for attackers to target the interests of individual users with spam emails and social media messaging, increasing the likelihood of the said user clicking on a link or downloading a file that happens to be malicious. The ability to do this at scale, without human intervention, will inevitably prove to be hugely valuable to attackers, given that it only takes a single stolen credential for an attacker to get a foot in the door.

More so than full-blown, autonomous AI systems attacking networks, these types of narrowly scoped use-cases wherein an AI system can aide, augment and automate certain tasks, are the likeliest place where attackers will begin to make use of AI.

How AI helps combat cyber threats old and new

Unlike past periods of rapid development in the field, what GPT-3 and GNNs have shown is that the capabilities of modern AI systems are not simply theoretical in nature. On the contrary, exponential increases in computational power and the ever-increasing availability of data have given these models commercial viability and social utility. The cyber security industry is ideally positioned to benefit from these capabilities. Not only does it focus on analysing large and complex data sets, but speed and accuracy are extremely important when an active threat is involved, and the clock is ticking. Machine learning and automation already play a prominent role in the sector, so there are many clear fields where advanced AI can be directly applied.

AI’s powerful abilities to identify patterns is well suited for behavioural analytics, for example. Security AI can be quickly trained to recognise normal user activity and immediately identify deviations that may point to malicious activity. New breakthroughs have also increased the ability for AI to extrapolate new patterns without direct instructions, which is extremely useful for both identifying signs of previous unknown zero days and detecting new malware strains and attack techniques that are variants on previous threats.

In 2021 we anticipate increasingly advanced AI becoming far more mainstream and accessible, blending seamlessly into our daily lives. With AI serving as a powerful tool for everything from stopping cyber threats to fighting COVID-19, it’s safe to say we will be seeing some impressive real-world applications over the next year.

Sohrob Kazerounian is AI Research Lead at Vectra. Sohrob is highly experienced in artificial intelligence, deep learning, recurrent neural networks, and machine learning. He received a B.S. in cognitive science as well as computer science and engineering from The University of Connecticut and a doctor of philosophy (Ph.D.) in cognitive neural systems from Boston University

Main image courtesy of

Copyright Lyonsdown Limited 2021

Top Articles

The silent weapon: uncovering the threats of adversarial AI

Organisations concerned about rising threat levels from the criminal use of AI should consider deep learning as a defence

Addressing cyber-resilience gaps across key infrastructure assets

While no single security tactic will give you 100 per cent protection, there is a way to foster a defence-in-depth approach.

Will 5G Accelerate Cybercrime?

If you pay attention to such things, the press coverage of the ongoing roll-out of the 5G network in the UK has been dominated by two subjects.

Related Articles

[s2Member-Login login_redirect=”” /]