Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
AI Security Robotics

MIT Reveals AI Platform Which Detects 85 Percent of Cyberattacks (zdnet.com) 44

An anonymous reader writes: MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) says that while many 'analyst-driven solutions' rely on rules created by human experts and therefore may miss attacks which do not match established patterns, a new artificial intelligence platform changes the rules of the game. The platform, dubbed AI Squared (AI2), is able to detect 85 percent of attacks -- roughly three times better than current benchmarks -- and also reduces the number of false positives by a factor of five, according to MIT. The latter is important as when anomaly detection triggers false positives, this can lead to lessened trust in protective systems and also wastes the time of IT experts which need to investigate the matter. AI2 was tested using 3.6 billion log lines generated by over 20 million users in a period of three months. The AI trawled through this information and used machine learning to cluster data together to find suspicious activity. Anything which flagged up as unusual was then presented to a human operator and feedback was issued.Fast Co Design has an interesting take on this.
This discussion has been archived. No new comments can be posted.

MIT Reveals AI Platform Which Detects 85 Percent of Cyberattacks

Comments Filter:
  • by Anonymous Coward

    We're about to find out...

    (Although today's Slashdotting pales in comparison to the Slashdottings of yore...)

  • "MIT Reveals AI Platform Which Detects 85 Percent of Cyberattacks"

    So, out of 100,000 attacks, only 15,000 will go undetected? Break out the champagne, boys!

    • by StikyPad ( 445176 ) on Monday April 18, 2016 @10:30AM (#51932091) Homepage

      The headline isn't the raw number, it's the improvement in detection rate, which is a substantial step forward.

      I suspect that any machine learning algorithm is susceptible to being trained by attackers though, much the way 'Tay' turned into a Hitler-Loving Sex Bot [telegraph.co.uk]. Unsupervised learning [google.com] can be effective, but it's very easy to intentionally (and unintentionally) sabotage that success.

      • The headline isn't the raw number,

        Actually, unless it's worded incorrectly, the headline does appear to be the raw number.

        "The platform, dubbed AI Squared (AI2), is able to detect 85 percent of attacks"

        Yes, it's "roughly three times better than current benchmarks", but the 85% figure does seem to be the overall detection rate. The reduction in false positives seems like a good improvement, though.

      • The headline isn't the raw number, it's the improvement in detection rate, which is a substantial step forward.

        No, not really. They compare with their own (so called) state of the art unsupervised learner, and conclude that a bit of supervised learning beats that hands down. Yes, well, that's not really surprising, and it's not really a new result in intrusion detection research either. "Active learning" approaches have been proposed since at least 2004, and since they don't compare with state-of-the-art intrusion detection methods or systems it's very difficult to tell if their approach actually amounts to anything

  • Is it called Colossus or Guardian?

  • Not AI (Score:2, Interesting)

    Again: this is NOT AI. But PatternEx is looking for VC funding so it gets hyped as such. This is just another expert system that analyzes log data. There are dozens of those.
    • by Megol ( 3135005 )

      A "no true AI" argument? This uses a neural learning system rather than a rule-based one, AFAIK those aren't commonly called expert systems.

      However the new(?) thing is the design of the human-computer interaction, not the fact that it analyses log data.

      • Re: (Score:2, Flamebait)

        The concept of "neural learning" is a misnomer and used for hyping purposes. A neural network doesn't work like a neuron at all. Neural nets are not AI. They were a dead end in AI research.
        • Not a dead end, just a difficult rut, modern "AI" uses layered neural networks.

          I refuse to pooh-pooh every advancement short of Chappie or a shiny silver Robin Williams standing in front of me though.

  • In my opinion, anti-virus software has somewhat matured enough that most home users or small businesses, that remotely have a clue, use it. There's not a good analog for reading SIEM, event logs, etc. Solutions exist, but they tend to be cumbersome or expensive.

    Even I pretty much just rely on snort's registered user ruleset, rather than the subscription. It would be a very nice spot for heuristic or AI to monitor. Call me paranoid, but I'd want it in addition to the generic static rulesets.
  • No, that would be weather prediction. Pretty much the same thing though..

  • by Lumpy ( 12016 ) on Monday April 18, 2016 @10:38AM (#51932141) Homepage

    Step 1 : what is the source IP from?
    Step 2 : is the source IP from outside the USA?
    Step 3 : assume it is a cyberattack and throw out the packet.
    Step 4: go back to step 1.

    We never EVER needed anyone from outside the USA to access any of our servers, so we threw out all packets from outside defined IP sources. Solved over 85% of all cyberattack problems. Fake SSH and telnet login attempts dropped from 20 per hour to 1 per week. recently we started to remove IP ranges from Cable Internet providers and that significantly reduced the problems... No we dont care about consumers, we have very specific clients and they dont use consumer cable modems.

    Tighten up your firewalls and servers, dont allow ip ranges you dont need. and yes we tell the CTO that when he is off to china that it sucks to be him, he will not have access.

    • by khasim ( 1285 )

      You don't even have to go through all of that if you just want to stop the script-kiddies around the world.

      Move your SSH (don't use telnet) server to a different, RANDOM, port above 1024 and 99.99% of the login attacks will vanish.

      This won't make your server any more secure but it will make your logs a lot cleaner.

    • Doesn't work for a couple of reasons.

      First, identifying what IP addresses are out of the U.S. is actually not as easy as you think.

      Secondly, a malware-infected server somewhere within the U.S. could still mount an attack on you.

    • And how would Amazon, Google, Facebook etc. then work?

      Or do you think we ex nazi germans don't use them?

  • Can we see the source?
  • by Dunbal ( 464142 ) *

    while(1){

    if(GetIsIt80PercentTimeYet()){

    printf("Cyberattack detected, Putin did it!");

    }

    }

  • It's really just a 3.5 million character self-modifying regex. It should be aware by now. I knew this day was coming. What fools we've been!

    • It's really just a 3.5 million character self-modifying regex. It should be aware by now. I knew this day was coming. What fools we've been!

      I have a friend who says that our brain and our neural activity is "just a giant, continuously self-modifying regex pattern", and I'm not certain he's wrong. It would explain a lot, lol.

  • by Tom ( 822 )

    That is cute, but how does it react to new threats and changes in the patterns? We've been fighting this war for decades - improved detection leads to improved evasion leads to improved detection, etc. etc. - will it maintain this advantage or after attackers have adapted just become one more piece of expensive latency generator?

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...