4 Different Types of AI — and How They Fit Into Your Cybersecurity Arsenal
 

Interested in finding out how to use AI and Machine Learning to stop email-borne attacks? Don't miss Roadmap & Demo Day, a half-day complimentary virtual event on 24-March. 

AI is on the tip of everyone’s tongue these days, from the boardroom to the living room. AI’s applications in the complex, data-driven world of cyber threat intelligence and security are substantial, driving growing adoption rates of AI-powered technologies in the space.

At a high level, most professionals understand the value that AI can deliver to cybersecurity teams. Yet, nuanced understanding of AI — in all its different forms — is scarcer. AI is not one thing; there are multiple categories of artificial intelligence, primarily:

• Machine learning (ML)
• Deep learning
• Computer vision
• Natural language processing (NLP)

Getting a grasp on the different types of AI — not only what they are, but how they work, and where they should (or shouldn’t) be used — is critical for cybersecurity professionals and company leaders. After all, your cyber adversaries certainly know them well.

Breaking Down the Types of AI

The following is a primer on the most common and valuable subsets of AI already at work in the cybersecurity and threat space.

Machine Learning Identifies Patterns

• What it is: Machine learning is the most prevalent subset of AI in most organizations and has been employed in cybersecurity for some time. ML includes all the techniques that enable a computer to learn from data and apply that learning without human involvement. ML techniques may be classified as supervised (the machine learns by ingesting labeled data) or unsupervised (the machine learns from data on its own). When you hear a cybersecurity vendor emphasize its machine learning capabilities, though, understand that ML itself is a very broad category (though slightly less broad than AI). As CompTIA explains it: “There is no single approach or algorithm that defines machine learning; instead, there are many different methods being used to produce machine learning capability. This means that an end user needs to know the details behind the specific machine learning process they are implementing.”[1]
• What it’s good at: Machine learning, in its various forms, excels at identifying patterns in data — infinitely faster than a human analyst ever could.
• Cyber applications: In the cybersecurity context, ML may be used to identify patterns in security incidents or derive insight from cybersecurity data to build a data-driven model for threat intelligence or protection.[2] On the other hand, bad actors can use machine learning capabilities to supercharge their cyberattacks — for example, deploying ML to perform repetitive tasks like password-guessing or making more adaptable and harder-to-detect malware.[3][4]

Deep Learning Solves Problems

• What it is: A subset of machine learning, deep learning is a statistical approach capable of enabling computers to solve even more complex problems. Unlike shallower categories of AI, a deep learning approach involves the machine ingesting large quantities of data (over and over again) to train a multi-layered deep neural network (DNN) designed to mimic the biological structure and performance of the human brain.[5] Once the DNN observes enough labeled data, it can successfully identify or categorize new, unlabeled data.[6]
• What it’s good at: It turns out that basic machine learning is quite bad at some undertakings that are second nature for mature humans — say, distinguishing between a picture of a cat and a dog or classifying a voice as male or female­. That’s where deep learning comes in; it can excel in dealing with unstructured data like images, audio and natural language.[7] The more data the DNN is exposed to, the better it gets at identifying and classifying. It’s what powers our shopping recommendations, intelligent home assistants and autonomous driving capabilities.[8]
• Cyber applications: On the cyber defense side, deep learning is being used to detect intrusions or malicious activity and classify malware and cyberattacks. It can also help organizations fortify their AI models, which are themselves vulnerable to attacks that wield misleading data. The defense involves training AI models with the bad data sets as they are discovered, so the models learn to ignore adversarial data in the real world.[9] Cyber bad guys, on the other hand, employ advanced deep learning techniques to create deep fake videos or images and to break CAPTCHA security codes.

Computer Vision Recognizes Images

• What it is: Computer vision is the field of AI that trains computers to understand visual data; in short, it enables machines to “see.” Using deep learning models, computer vision techniques are aimed at recognizing digital images in context — identifying and classifying them. Some computer vision systems are 99% accurate, thanks to the flood of visual data available for use in training machines combined with a wealth of computing power for analysis. Many are better than humans at detecting and reacting to visual input.[10]
• What it’s good at: The strength of computer vision technology is turning raw image data into higher-level concepts so that humans or computers can interpret and act upon them.
• Cyber applications: Computer vision can be used to identify visual inconsistencies or deviations from the norm. Thus, it can be incorporated into efforts to detect or interrupt phishing or social engineering attempts, prevent credential harvesting and theft of personally identifiable information, or catch website spoofing, fake logos and business email compromise.

Natural Language Processing Understands Speech and Text

• What it is: NLP is the category of AI that enables computers to understand, interpret and manipulate human language. The earliest applications were rules-based, but today NLP may be powered by ML, deep learning or both. There are a number of NLP subcategories, including natural language understanding, which involves reading comprehension by machines, and natural language generation, whereby computers transform data into human words.
• What it’s good at: NLP is the type of AI you want if you’re dealing with unstructured speech and text datasets. Because NLP can extract key words and phrases, interpret intent and even generate responses, businesses can employ it when developing intelligent assistants or chatbots, automating tasks related to complex documentation, or analyzing data in social media feeds or customer support calls.
• Cyber applications: NLP may be used to automate aspects of cybersecurity threat intelligence or detection, analyze system documentation to flag vulnerabilities, or detect phishing attempts and advanced persistent threats.[11] Given its ability to both analyze and generate language, NLP can also be useful in coordinating threat detection, investigation and response. In the future, NLP could be used to scan for bugs in software code (which is written in a language, after all).[12] Cybercriminals, on the other hand, can put NLP to work gathering intelligence to prepare for phishing attempts or cyberattacks.[13]

The Bottom Line

Understanding the most common — and valuable — types of AI is an important first step toward fortifying your organization’s cyber defenses. Then cybersecurity and business leaders can better determine which categories of AI to incorporate into their threat intelligence and cyber defense toolsets. Just as importantly, they can begin to think more creatively about the new cybersecurity approaches these subsets of AI can enable.

[1] “What Is AI?”, CompTIA

[2] “Cybersecurity data science: an overview from a machine learning perspective,” Journal of Big Data

[3] “The Emergence of Offensive AI: How Companies Are Protecting Themselves Against Malicious Applications of AI,” Forrester Consulting for Darktrace

[4] “Malicious Use of AI Poses a Real Cybersecurity Threat,” DarkReading

[5] “A Layman’s Guide to Deep Neural Networks,” Toward Data Science

[6] “What is a Neural Network?”, DeepAI.org

[7] “What is AI?”, CompTIA

[8] Ibid.

[9]  “Adversarial Attacks and Defenses in Deep Learning,” Engineering

[10] “Computer Vision: What it is and why it matters,” SAS Insights

[11] “A Natural Language Processing-Based Trend Analysis of Advanced Persistent Threat Techniques,” ResearchGate

[12] “Artificial Intelligence in Practice: Securing Your Code Using Natural Language Processing,” CMU Software Engineering Institute

[13] “Machine Learning for Cybercriminals 101,” Towards Data Science