Читать книгу Enterprise AI For Dummies - Zachary Jarvinen - Страница 53
Network intrusion detection and prevention
ОглавлениеHackers and cyber-crime date back to the 1970s, but things have changed a lot since Matthew Broderick hacked into a government computer to impress a girl and almost annihilated the planet in War Games. (Spoiler alert: Regarding playing the game, the computer comes to its conclusion through the use of reinforcement learning, the same AI technique used to train computers to beat human experts at chess and Go, and to train robots to walk.)
Back in the real world, it took the proliferation of the Internet and the dawn of e-commerce to provide the incentive for electronic malfeasance on a global scale. Conventional network intrusion detection systems (NIDS) and network intrusion prevention systems (NIPS) detect and prevent network attacks.
However, these systems have a significant usability issue in the triggering of false positives, marking legitimate traffic or behavior as an attack and requiring human intervention to respond to the anomaly and mark it as safe. A 2018 SANS survey found that in the face of a false positive rate of 50 percent, many security teams have taken to tuning the security settings to reduce the number of alerts. The problem with this practice is the potential to increase the number of false negatives, identifying a breach as harmless traffic — and it only takes one breach to cause a world of hurt.
As early as the mid-1990s, designers began exploring AI techniques, including unsupervised machine learning and artificial neural networks, to improve protection while reducing the need for human intervention. AI offers these capabilities:
AI leverages supervised learning and, especially, artificial neural networks to build a massive library of markers of hostile code, and then it scans incoming data for matches.
AI uses machine learning and security analytics, including user and entity behavior analytics, to detect external and internal risks earlier and more accurately than a traditional rules-based approach.
Some systems use natural-language processing to repel text-based attempts to trick users into replying with sensitive information via email and messaging by pretending to be from a legitimate source, such as a tech support agent, bank, or government agency, also known as phishing attacks.