Does Artificial Intelligence Apply to Network Security and DDoS Attacks?
Artificial Intelligence, or AI, has captured the imagination of the mainstream populace in the past year due to several prominent scientists postulating both fabulous and dire consequences of pursuing advances in this area of computing.
The Rise of Artificial Intelligence
AI is starting to take a more prominent role in network security. While tools are already available that can monitor networks and alert of any suspicious behavior, this is going one step further with technology such as Qualcomm’s latest chip, which comes with built-in AI that can block malware on smartphones. In another example, security cameras are using AI to identify and detect unusual behavior. (The automated camera system AIsight works by monitoring camera feeds in real time, alerting authorities if it spots unusual activity.) In the future, it’s likely AI will be more frequently used to identify patterns, and will be able to take action every time against an adversary.
Scientists have made great progress in AI, so there is a tendency to want to apply AI to every vexing computing problem. One of the most challenging computer problems is the growing onslaught of cyber attacks, including distributed denial of service (DDoS) attacks. A DDoS attack– in which huge groups of automated ‘bots’ take down websites, network services or applications – is one of the most common forms of cybercrime, and preventing such an attack is practically impossible (however, DDoS attacks are routinely detected and blocked).
It is true that in most cases human intervention alone is no longer sufficient to stop cyberattacks. At first glance it seems that network and application security certainly might benefit from AI to enhance detection and response to increasingly complex attack and exploitation vectors. However, it’s important to recognize that not all software techniques that are automatic or reactive should be classified as AI.
Automated Network Security ≠ AI
There are many emerging algorithmic approaches to enhancing network security efficacy that use high performance packet and application inspection, coupled with deep analytics, to create an autonomic response to illegitimate behaviors and attack vectors. These techniques are incredibly valuable in that they allow security systems to adapt in real time and respond effectively to block incursions without requiring human analysts to provide input. It’s easy to see why people want to ascribe AI to this form of security architecture, but it would be an overreach to do so.
This does not mean that research in areas of autonomic response algorithms and the use of real-time, deep analytics to improve automatic security system response in the face of an ever-evolving threat landscape is any less valuable. It’s not likely you will be having a live conversation that would pass the Turing test with your network and application security solutions any time in the near future – but you can be rest assured that these systems will be improving in ways that appear to imply that they have a mind of their own when it comes to effectively removing threats from your environment. That’s a good thing, because the problem of cybercrime is escalating in a manner that human response systems simply can’t match.