This article was written by James Normand, Security Consultant at FoxPointe Solutions
With the rise of ChatGPT, deepfakes, and AI-generated art, many people are being exposed to the black box that is advanced computer science. While the inner workings of AI algorithms are known to their developers, the tools that are created can be used by anyone to create unique outputs that are virtually indistinguishable from human creations or even real life. Possible outputs/creations include essays, articles, photos, videos, or even award-winning art in various styles.
What is AI?
AI is a tool, sometimes referred to as an agent, and a field of study that seeks to make computers more intelligent. In ancient times, AI referred to mythical automatons capable of waging war, possessing wisdom, and feeling human emotion. Today, we know AI as robot vacuums, autonomous vehicles, trading algorithms, voice assistants, spam filters, and facial recognition, among many other applications.
The advent of performance computing heralded new problem-solving techniques including machine learning and deep learning. AI agents use these learning/training techniques and copious amounts of data to emulate human problem-solving behavior. More data, theoretically, means a more intelligent AI agent that can more accurately carry out its task. For example, an automated vacuum given a floor plan can make its way around the area assuming no obstacles exist. An automated vacuum programmed with an AI agent and fed constant data from exterior sensors can analyze the environment and adapt its path to accommodate changes in the floor plan.
AI and Cybersecurity
For complex applications of AI agents, including cybersecurity, problem reduction can make the process more manageable. Problem reduction, as it sounds, takes a complex problem, and simplifies it into more easily solved precursor states. Solving the precursor state leads to the solving of the desired problem. An example of this in cybersecurity could be intrusion detection.
The output for this task would be a report of possible intrusions sorted by confidence. The input would be constantly updated network logs or a real time stream of network data. Getting from our input to the desired output is where our AI agent comes into play. A scoring system can be used to help define the severity of the risk or, to put it another way, to determine how confident our agent is that the event relates to an intrusion risk.
For example, if an unknown IP address accesses an organization’s network, the incident is given one point. This could be a bad actor or simply a client signing in from a new location or device. This event is relatively low risk. If a user who typically signs in from one location, presumably their office, suddenly has a rash of bad login attempts from the opposite side of the world, there is a higher risk of an intrusion taking place. For this example, scoring could be two points for the repeated bad login attempts, three points for extreme distance change, and another point for the unknown IP address. This event would be scored at a six, making it much more likely to be an intrusion risk.
In creating the scoring scheme, we now have a way to assess intrusion risk quickly and continuously. The scoring scheme breaks down intrusion risk into more manageable precursor states (location, IP address, login attempts, etc.) that, when solved, provide insight into the likelihood of network intrusions. Scoring can be altered after analyzing results to ensure that intrusion risk definitions are up to date and accurate.
With the creation of the scoring scheme, it has become clear that more inputs are needed. Data relating to physical location of clients, the range of IP addresses commonly used by clients, contract details, physical and virtual device properties, and lists of IP addresses commonly used by bad actors would greatly improve the agent’s ability to find connections and define intrusions.
Hopefully, after reading this brief overview of AI, it is clear just how powerful AI agents and problem solving can be. AI agents can be, and are, used in virtually every sector, including but not limited to banking, trading, e-commerce, education, robotics, automobiles, vision processing, audio processing, research, gaming, and cybersecurity.