Intelligent Threat

Intelligent Threat Analytics: Graph Data Structuring

October 13, 2020

The artificial intelligence (AI) technology based on deep neural networks has made breakthroughs in a wide range of fields, but only seen limited adoption in cybersecurity. At present, it is impractical to expect a hierarchical neural network to implement threat identification, association, and response from end to end. According to Zhou Tao, an algorithm expert, AI can hardly play its role in threat detection for the following reasons:

  • Machine learning is good at detecting behavior of normal patterns, but intrusion is a type of behavior deviating from the normal.
  • Possession of big data is not equivalent to control of large quantities of labeled data. Unsupervised learning delivers inaccurate data.
  • Threat detection is an open-ended issue as the loss function is very difficult to define.
  • There is a permanent pursuit of accountable results.

Zhou’s explanations touch upon the model, data, and usage scenarios, providing a penetrating insight into why machine learning, especially deep learning, cannot fit in well with security modeling. However, deep learning and machine learning are not all AI is about. In cyberspace, deep learning and machine learning, when used with intelligent threat analytics platforms with capabilities of anomaly awareness, event inference, and threat response, can serve as normal data processing tools rather than core capabilities.



Subscribe to the NSFOCUS Blog