Malicious cyber activity is ubiquitous and its harmful effects have dramatic and often irreversible impacts on society1. Given the shortage of cybersecurity professionals, the ever-evolving adversary, the massive amounts of data which could contain evidence of an attack, and the speed at which defensive actions must be taken, innovations which enable autonomy in cybersecurity must continue to expand, in order to move away from a reactive defense posture and towards a more proactive one.
Such capabilities would include autonomous agents which can reason over untrusted and incomplete information, learn from its own successes/failures and the insights of cybersecurity professionals to evolve with cyber threats. Additionally, these agents must be transparent in their decisions and provide logical and explainable mitigations to the most sophisticated of cyber attacks.
The challenges in this space are quite different from those associated with applying AI in other domains such as computer vision. The environment suffers from an incredibly high degree of uncertainty, stemming from the intractability of ingesting all the available data, as well as the possibility that malicious actors are manipulating the data. Another unique challenge in this space is the dynamism of the adversary causes the indicators of compromise to change frequently and without warning.
However, AI for cybersecurity shares a number of similarities with AI applied other domains. For example, the large space of states and actions in robotics is reminiscent of the complexity of the cybersecurity problem. Additionally, as in domains such as autonomous vehicles, the human factor aspect of this problem space remains a key area of focus. Indeed, when it comes to protecting sensitive information and other assets from malicious actors, the human is ultimately responsible and they must be able to trust the tools at their disposal, else they are of no use.
In spite of these challenges, machine learning has been applied to this domain and has achieved some success in the realm of detection. While this aspect of the problem is far from solved, a growing part of the commercial sector is providing ML-enhanced capabilities as a service. Many of these entities also provide platforms which facilitate the deployment of these automated solutions. Academic research in this space is growing and continues to influence current solutions, as well as strengthen foundational knowledge which will make autonomous agents in this space a possibility.
Indeed, there is great potential for AI to be used for reasoning and response selection during a cyber attack. As AI applied to other domains continues to mature to handle the level of complexity of a cyber environment, it is likely that AI will continue to become more and more critical to cyber defense systems.