A team of MIT researchers created an artificial intelligence system called AI2 that can help stop cyberattacks. The AI is designed to review data from tens of millions of log lines each day and look for anything suspicious. When it finds something out of the ordinary, it hands off the information to a human that checks for any signs of a breach.
"You can think about the system as a virtual analyst," said research lead Kalyan Veeramachaneni. "It continuously generates new models that it can refine in as little as a few hours, meaning it can improve its detection rates significantly and rapidly."
Current results suggest that the AI2 system, in combination with human help, can identify 86 percent of attacks and, in the process, save analysts the trouble of chasing dead-end leads.
Given the volume of work in the hands of data analysts, it is impossible to maximize security without the help of some sort of a computer technology. Now, AI2 gives them the ability to do so through the combination of analyst intuition and artificial intelligence.
AI2 primarily helps companies determine any breaches in their cybersecurity and aid them in the process of determining the appropriate response. For example, it highlights typical signifiers of an attack, including a surge in log-in attempts on an e-commerce site, or an increase in the activity of devices connected to a single IP address.
Although it's very effective at singling out suspicious activity, it needs input from the human mind to finish the job.
"You have to bring some contextual information to it," Veeramachaneni said.
This is where the human analysts come in, who can recognize external variables that can explain the suspicious activity pinpointed by the system. For example, some companies stress-test their systems, a procedure that an unsupervised AI would not be able to distinguish from a cyberattack.
"This paper brings together the strengths of analyst intuition and machine learning, and ultimately drives down both false positives and false negatives," said Nitesh Chawla, a computer science professor from the University of Notre Dame. "This research has the potential to become a line of defense against attacks such as fraud, service abuse and account takeover, which are major challenges faced by consumer-facing systems."
Although AI2 has been very effective in stopping cyberattacks thus far, it will never replace human analysts due to the importance and variability of cybersecurity.
"The attacks are constantly evolving," Veeramachaneni said. "We need analysts to keep flagging new types of events. This system doesn't get rid of analysts. It just augments them."