Artificial Intelligence in IT Security - Status Quo and Perspectives

The use of artificial intelligence (AI) is also playing an increasingly important role in cyber security. Artificial intelligence shows its strengths above all in the early detection of cyber threats or in the real-time monitoring of IT infrastructures. However, uncontrolled use of AI is definitely dangerous! In this article, you will learn what artificial intelligence can do in the area of cyber security and how AI can support cyber threat hunting and threat intelligence.

What is Artificial Intelligence?

Artificial intelligence refers to the simulation of human intelligence with computer systems. Artificial intelligence encompasses learning, i.e. the acquisition and processing of information, reasoning and self-correction. The term AI was coined in 1956 by the American computer scientist John McCarthy. In modern use, AI refers to a whole range of measures, from RPA (Robotic Process Automation) to actual robotics.

What are the different types of AI?

AI is categorised in different ways. One way of classifying AI is to divide it into weak and strong AI. Weak AI is a system that has been developed specifically for a certain task and trained accordingly. A well-known example of weak AI is virtual assistants such as Alexa or Siri.
Strong AI, on the other hand, describes a system that has generalised human cognitive abilities. Strong AI can find a solution to a problem when confronted with an unknown task through sufficient "intelligence". As early as 1950, the mathematician Alan Turin developed a test to find out whether a corresponding computer can think like a human. However, the Turing test is controversial as a method.

Another approach to categorising AI comes from Arend Hintze, assistant professor of integrative biology and computer science at Michigan State University. Hintze sorts AI into four type classes:

Type 1: Reactive machines. This form of AI can recognise known events and make predictions based on them - however, Reactive Machines have no memory and cannot use past experience to inform future experience. Reactive machines are developed for limited purposes and cannot be applied to other situations without effort.

Type 2: Limited memory. This form of AI can use past experience to inform decisions in the future. Limited memory AI is currently being tested in autonomous vehicles. Here, the AI can anticipate events in the not-too-distant future - for example, whether a vehicle ahead will change lanes. The observations made are not permanently stored.

Type 3: Native theory. This type of AI does not (yet) exist. The psychological term native theory describes the understanding that others have their own intentions, beliefs and desires that influence one's own decisions.

Type 4: Self-awareness. AI systems from this category have awareness, understand their current state and use the information to infer what others are feeling. This form of AI also exists only in theory to date.

Forms of AI technology in cyber security

Artificial intelligence is predestined for use in IT security. Here, AI primarily serves to optimise threat detection, i.e. threat detection or threat intelligence. AI methods used in cyber security are primarily machine learning (ML), supervised learning, unsupervised learning, decision trees or deep learning.

Machine learning: Machine learning is the science of making a computer perform an action without prior programming. There are currently three forms of machine learning. In supervised learning, data sets are labelled so that the AI can recognise patterns and use them to label new data sets. In unsupervised learning, records are not labelled but sorted by differences or similarities. The third form is reinforcement learning. Here, too, data sets are not labelled, but the AI receives feedback after one or more actions.

Deep learning: Deep learning is a subarea of machine learning. Deep learning uses artificial neural networks with various intermediate layers between the input and output layers. This results in an extensive inner structure that can have a complexity of up to one hundred million individual parameters and ten billion arithmetic operations per input data.

Decision Tree: Translated into German, Decision Tree means "decision tree". Decision Tree is a mathematical model and diagram that is used for decision-making. The diagram has a tree-like structure and represents a directed decision path. Typical applications of the decision tree are the classification of data objects or the clear visualisation of rules based on existing knowledge.

The relevance of artificial intelligence in cyber security

In the fight against ever better prepared cyber criminals and new forms of cyber threats, an enormous, multi-layered amount of data must be taken into account. The data that accumulates is extremely heterogeneous - starting with the IT in the office to the OT (operational technology) of machines and systems to networked devices (Internet of Things - IoT). The amount of data to be processed is impressively demonstrated by the example of developments in autonomous driving. A networked car alone generates almost 25 gigabytes of data per driving hour (!) - a volume that would be impossible to handle without AI.