A new artificial intelligence (AI) system being developed at MIT’s Computer Science and Artificial Intelligence Laboratory is being trained by researchers to aid humans in identifying potential cyber-attacks.
Typically, when trying to pinpoint possible attacks, analysts are required to sift through massive amounts of data to find abnormalities and discrepancies—a method that is time-consuming and tedious. Anchored on the idea that AI never gets tired, the new computer based method means that humans can identify cyber-attacks more efficiently.
AI2 for instance—MIT’s new system, which honed its ability to identify threats after reviewing three months worth of log data from an unidentified ecommerce platform—can review millions of log lines every day. Once it spots something suspicious, a human can then take over and promptly check for possible signs of a security breach.
This AI/human tandem of identifying potential cyber-attacks can effectively point out more than 85 percent of possible breaches and relieve analysts of the most time-consuming (and mind-numbing) part of the process.
What sets AI2 apart from other machines is that it works together regularly with human analysts to provide information that is more relevant and increase its intelligence. AI2 can show an analyst, say, 200 of the day’s most abnormal events, at which point the analyst can provide feedback to identify actual threats, and the analyst then feeds this back into the system. From there, AI2 will use the information to fine tune its approach to monitoring.
In this regard, it actually gets smarter as time goes on.
“Essentially, the biggest savings here is that we’re able to show the analyst only up to 200 or even 100 events per day, which is a very tiny percentage of what happens,” says lead Kalyan Veeramachaneni.
It’s important to note that while the AI is a promising approach to cyber-attacks, it is questionable whether or not it will ever completely replace human analysts. Because threats online evolve continuously, human analysts are needed to keep up with it and ensure security is maintained.