Mark 2016 as the year that researchers applied artificial intelligence (AI) to the challenges of cybersecurity. If machines can steer our cars and predict our shopping habits, then why not watch over our networks and servers too?
IBM in May 2016 announced Watson for Cyber Security, in which the IT behemoth began teaching its pattern-recognition supercomputer to learn the difference between safe and risky data. That could ease the burden on overworked cybersecurity professionals, IBM hopes.
SEE: Video: How IBM is using Watson to improve its approach to cybersecurity
Several universities involved with that project began having students train the system within the past several weeks, explained IBM Watson‘s Jeb Linton, chief security architect.
“We’re ramping up from the phase where we have a little over 30 people selecting documents and annotating documents, to the phase where we’re… a much larger group by bringing in these college students,” Linton explained.
“It’s very much an interactive process. You put the machine-learning process into Watson and see what you get from it. I wouldn’t say anything has really surprised us so far,” Linton said. “We added in a level of complexity a few months ago that was a little less than optimal, and we trimmed some of that complexity back out.”
Linton’s team found that Watson struggled to understand the difference between a URL, an email address, and a hashtag. That’s the artificialness in AI–even humans need teaching from humans, rather than learning everything ourselves.
Students at the Massachusetts Institute of Technology (MIT) are among those who are about to begin teaching Watson about security issues. MIT Professor Stuart Madnick said he agrees there are not enough cybersecurity workers and that he’d like to see Watson used for active security response, not just prevention.
IBM has been relatively quiet about other cybersecurity applications for Watson. Linton said his team is thinking about regulatory compliance, such as ISO 27000 standards, and how Watson could help evaluate that. Also, there are Watson applications internal to IBM for insider threat protection, and there is a commercial service already available for government, military, and intelligence clients, he said.
SEE: Governments and nation states are now officially training for cyberwarfare: An inside look (PDF download)
More about AI and cybersecurity
Big Blue isn’t alone in thinking about how to make enterprise IT security smarter; smaller companies are also working on AI for cybersecurity, including several that are getting venture funding, according to a report by VentureRadar last spring.
The Association for the Advancement of Artificial Intelligence included nine papers on AI for cybersecurity at its annual conference in Phoenix, Az. last winter. Topics include machine-readable descriptions of malware, active perception for intrusion detection, and socio-cultural modeling of hackers.
Google and Microsoft have AI projects of their own. Google works through a British company, DeepMind, which the search engine giant acquired in 2014. Microsoft Cognitive Services launched last spring. Representatives for both companies declined to comment on whether their programs will be applied to cybersecurity.
There are skeptics about AI changing the way IT security works. Time will tell who’s right.