In 1971 Bob Thomas, an American IT academic wrote Creeper, the first computer program that could migrate across networks. It would travel between terminals on the ARPANET printing the message “I’m the creeper, catch me if you can”. Creeper was made self-replicating by fellow academic and email inventor, Ray Thomlinson, creating the first documented computer virus.
In order to contain Creeper, Thomlinson wrote Reaper, a program that would chase Creeper across the network and erase it – creating the world’s first antivirus cybersecurity solution.
How cybersecurity has developed
Back then it would have been hard to imagine how a virus as simple and harmless as Creeper could be the precursor to the development of destructive malware and ransomware such as ILOVEYOU and WannaCry.
Thankfully, modern cybersecurity has come a long way since Reaper. These days, any mention of cybersecurity will inevitably lead to discussion about artificial intelligence (AI) and machine learning (ML) driven security solutions.
This is because the next generation of cybersecurity threats require agile and intelligent programs that can rapidly adapt to new and unforeseen attacks. AI and ML’s potential to meet this challenge certainly hasn’t gone unnoticed by cybersecurity decision makers, the vast majority of which believe that AI is fundamental to the future of cybersecurity.
Yet despite the hype, many decision makers are still unsure about exactly how AI and ML powered security products work.
AI and cybersecurity
Recently “neural network” AI techniques have become extremely popular, fostering the perception that they’re shiny and new. Yet many are often surprised to learn that AI is not a new phenomenon.
AI is by no means the new kid on the block, neural networks have been around for more than half a century, and some of the first commercial neural networks for malware detection and destruction were developed over 20 years ago – protecting against floppy disk boot sectors viruses in the age of Windows 98.
Machine Learning techniques
Another thing that seems to come as a surprise is just how many different places ML is found helping protect systems. This might be due to people reacting to the “machine” part of ML. In reality, ML is just another form of learning from examples—a concept everyone can understand. So, whether it’s a human or machine that’s learning to perform a task, all that matters is the level of sophistication and expertise that results.
A good example is the predictive keyboard on your smartphone. It has a little machine learning engine in it that reads what you type and learns from your typing style to predict what you might say next—or at least what you intend to say next. As you feed it more and more text, it can more confidently and accurately learn what you personally say and how you say it.
The value is that you have your own non-human helper that can predict your speech. Instead of a predictive keyboard, if we feed the ML your typing, mousing and other activities, it can learn even more about your unique behavior, becoming an expert at recognizing you and your little idiosyncrasies.
Instead of text input, if you feed it malware – you have a malware detector. Feed it network attacks and you have an IDS. These and many variations are found in network and EPP products. It’s the first kind of application that many people think of for AI in cybersecurity, and it’s probably the most widespread and mature.
In practice, machine learning is far more complex than merely tasking a computer to solve a problem. As with Creeper and Reaper, the development of ML- and AI-based threat detection takes a high degree of understanding built upon experience as well as an innovative approach that is always a few steps ahead of the attackers.