by Angela Guess
Brian Barrett recently wrote in Wired, “Finding evidence that someone compromised your cyber defenses is a grind. Sifting through all of the data to find abnormalities takes a lot of time and effort, and analysts can only work so many hours a day. But an AI never gets tired, and can work with humans to deliver far better results. A system called AI2, developed at MIT’s Computer Science and Artificial Intelligence Laboratory, reviews data from tens of millions of log lines each day and pinpoints anything suspicious. A human takes it from there, checking for signs of a breach. The one-two punch identifies 86 percent of attacks while sparing analysts the tedium of chasing bogus leads.”
Barrett goes on, “That balance is critical. Relying entirely upon machine learning to spot abnormalities inevitably will reveal code oddities that aren’t actually intrusions. But humans can’t hope to keep up with volume of work required to maximize security. Think of AI2 as the best of both worlds—its name, according to the research paper, invokes the intersection of analyst intuition and an artificially intelligent system. Most of AI2‘s work helps a company determine what’s already happened to it can respond appropriately. The system highlights any typical signifiers of an attack. An extreme uptick in log-in attempts on an e-commerce site, for instance, might mean someone attempted a brute-force password attack. A sudden spike in devices connected to a single IP address suggests credential theft.”
Photo credit: MIT