“Human analysis is very limited. We quickly get overwhelmed,” says Leyla Bilge, a member of the Symantec Research Labs whose team studies the future use of artificial intelligence in blocking attacks. “AI on the other hand can handle millions of calculations in a second. It can identify malicious activity that humans miss.”
The good news is that advances in AI, machine learning, and advanced behavioral analytics may change the equation in security’s favor.
These cognitive tools are being deployed to scan and catalogue millions of known malware files in order to identify similarities that can help it identify new risks, so-called zero-day malware, before they happen. Trained algorithms are learning the signature characteristics of hackers themselves to stop their illicit entry into systems. And algorithms are learning the behavior of in-house users to help detect an intruder.
All of these tools leverage AI’s signature strengths. It can be taught to recognize millions of facts, identify visual patterns, and make decisions. In the case of anticipating new malware files, engineers can teach AI to recognize known characteristics of previous malware files, such as size, content, and coding. When a user clicks on a suspect file, the AI can then instantaneously compare it to its database of malicious code and create an alert if it detects a threat.