Cognitive computing simulates the human thought process in an artificial intelligence (cognitive) environment. Teaching a computer how to use the type of unstructured information usually employed by security analysts requires tools such as data mining, pattern recognition, human-computer interaction or natural language processing.
Computerized cognitive systems expand their working database via mining, and as they go along they refine their information search and “evolve”, being able to predict issues and prepare solutions in advance. The machine learning algorithms gradually become more efficient and learn to know the predictable structure of events.
The link between cognitive computing and cyber-security consists nowadays of IBM’s supercomputer – Watson. Having access to over 200 million pages of structured and unstructured information (see its Q&A Jeopardy victory), Watson is assimilating thousands of documents, in view of building up its own corpus of knowledge.
In May 2016 IBM announced Watson for Cyber Security, aiming to respond the cyber-security skills shortage crisis and to speed up the adjacent analysis processes, while keeping all the human investigative capabilities involved.
Quantity enhancing quality in cognitive computing
Human cognitive processes are more flexible than automated processes. Yet humans stratify data and put aside bits and pieces of it to make room for fresh information. Registering huge quantities of data and accessing it at will may prove difficult. Watson has the ability to access and interpret the vast amount of information that progressively multiplies at a rate of “75,000+ documented software vulnerabilities, 10,000+ security research papers published each year and 60,000+ security blogs” per month.
In automated cognition, the quantity of unstructured, un-selected data actually increases the output quality, since the system is a self-learning one. The more data, the better-tuned connections, pattern identification processes and ultimately the better solutions Watson may provide. New data fills in the blanks, completes the puzzle with details and offers the chance to understand how facts and events connect and move together.
Proactivity instead of reactivity
The majority of already existing security systems are reactive: once they identify a problem, the system triggers a reaction. Considering the way cyber-security incidents occur, this usually means that the counteraction only happens after the damage, or at best during the event. Either way, reactive cyber defense systems require human decisions in order to discern critical situations from false alarm situations.
Overpowering reactive systems, cognitive security structures are proactive, making assumptions and preparing in advance for various scenarios. Alternatively, in simpler words, a system such as Watson can anticipate events before they happen and act on this in order to prevent cyber-incidents. Analyzing the material at their disposal in detail (for example, Watson is fed regulated malware bulletins), cognitive systems may discover patterns so far undetected, frequencies of occurrences, or expansion schematics, intervening before the attackers make their next move.
Automated cognition can strategize based on probability and on what the system has learned by working on the gathered information – a thing that represents a leap forward compared to:
- Human thought complexity, depleted of the simultaneous data richness (or)
- Limited (classical) IT systems’ capabilities, even when fed with big data.
A new student in town
In order for Watson to be able to “address the looming cyber-security skills gap”, IBM will cooperate with eight universities for a one year period, enrolling their computer in cyber-security “classes”. The California State Polytechnic University at Pomona, Pennsylvania State University, Massachusetts Institute of Technology, New York University, University of Maryland Baltimore County, the University of New Brunswick, the University of Ottawa and the University of Waterloo will annotate and provide the system with up to 15,000 security documents per month.
It seems that IBM’s X-Force library, comprising 20 years of security research/8 million documented spam and phishing attacks and one hundred thousand vulnerabilities, is either insufficient for this complex self-learning system, or it needs supplementary skilled contributions. Since other sources mention the X-Force Library as being the core resource employed in the training process, we can assume that the sum of information fed to the AI system will actually include the X-Force materials, as well as live feeds and other cyber-security materials, maneuvered by the Universities co-opted in the program and the IBM specialists.
Training Watson looks like a large-scale operation. Yet the perspective of an AI system being able to process and build upon unstructured data in its security intelligence activity is well worth the ample processes and equally high costs, especially that the AI race is ongoing and IBM wants to maintain its leading status.
Leveraging cyber-crime resources with cognitive computing
Nowadays cyber-criminals are ubiquitous, form networks and segment their activities cunningly in order to remain unknown and hard to stop, while the cyber-defense specialists are outnumbered and outpaced.
Watson in cyber-security is a possible equation of one against countless entities, but this time the one aims at reuniting human thought qualities with machine processing capabilities, in the hope that the scales will balance.
Cognitive cyber-security is yet another attempt to catch up with the new wave of cyber-crime, whose tools started to also include algorithms and machine learning tools. Reuniting resources and willpower in such projects might give specialized companies and law enforcement agencies the upper hand, as long as things move along as planned and the outcome is efficiently delivered in time.
Once implemented into commercial software solutions, cognitive cyber-security will migrate into enterprise security, helping businesses better keep malicious intruders at bay – the key being in the anticipation capacities of this method that allow preventive measures to be employed.
