List of Contents
Synopsis: Zero shot AI model can help to develop a robust and adaptive cybersecurity defence against new attacks.
What makes AI a reliable tool in cybersecurity?
The ability to learn from large volumes of data and find patterns of abnormal behaviour makes AI and particularly machine learning (ML) attractive in cybersecurity.
ML algorithms can be used to find anomalies in different parts of the enterprise like application logs, network flows, user activities and authentication logs.
As enterprises adopt models like zero-trust, augmenting these with ML algorithms to monitor user behaviour patterns becomes critical.
How Zero shot AI is better than traditional systems?
Traditional supervised approach: The traditional approach to applying ML is supervised, where data points are used to train models to make predictions. While this is useful, these models can only learn from previously known attacks. So, a human would need to annotate the network flow for the attack data and feed it to build the model.
Unsupervised approach: The other approach becoming popular is unsupervised, where models learn to observe “normal” behaviour and flag any anomalies. This approach can highlight unknown attack patterns but only provide anomaly information to the security analyst.
One approach to tackle this is an upcoming research area in AI/ML called Explainable AI (XAI). Here, the models are either redesigned or enhanced to provide an explanation along with the prediction. So, when the model predicts an anomaly, it will also mention which feature values made it make that decision.
For example, let’s take an ML model that monitors network traffic in an office network. Say, it flags a data transmission above 100MB happening from a network computer to a Google drive account as an anomaly.
If we show the security operation centre analyst additional parameters that made us flag this as anomaly, like size of data files and destination domain, this information can save the analyst valuable time in classifying this as a data exfiltration attack.
The system can further take feedback from the analyst and start auto-labelling new such attacks as data exfiltration.
What are its advantages?
Zero-shot learning can save hours of valuable time spent by analysts in searching.
Potential enough to detect new and novel tactics adopted by hackers.
XAI and zero-shot learning can be applied to different areas of a cybersecurity ecosystem.
Source: This post is based on the article “Cybersecurity can be made agile with zero-shot AI” published in Livemint on 14th Sep 2021.
Terms to know: