What Can AI Bring to Network Security?

Michael Fleck

Artificial intelligence is a very broad term that includes machines performing human tasks, such as learning, understanding spoken words, and deciphering meaning in speech, identifying objects seen with a camera or in pictures, and analyzing events to solve a problem. Until 2012, AI could not recognize pictures with an error rate better than 26%, and it was assumed to be a point of diminishing returns that could not be broken, like the four-minute mile. Since then, AI has made remarkable improvements, and picture identification error is now below 3%. These improvements in algorithms have propelled AI into every corner of our lives.

AI has made a well-publicized and highly advertised entry into our vehicles. Already today there are systems to warn you when you are crossing out of your lane, systems to apply the brakes when the vehicle is too close to another car or person—even if the vehicle 2 cars ahead stops. These systems can also warn you if there is a vehicle in your blind spot or in the lane you are attempting to move to. Every car maker on the planet, plus Apple, Google, Uber, trucking companies, and the U.S. military is driving competition to develop driverless vehicles.

In the home, we have various personal assistants like Amazon’s Alexa that can recognize speech, decipher spoken words, interpret the words as commands, and determine which device or app to deliver the command to. Likewise, Apple’s Siri can accept voice commands to search the Web for any information; “she” can check your email, call your mom (but you have to think of what to say to her yourself), remind you to feed Sir Barks-A-Lot, and look up your Alibaba stock’s performance today.

Xaoice, developed by Microsoft specifically for China, is practically a Chinese national celebrity! Users chat with “her” about their feelings and news of their day, and many cannot tell her responses from a human’s. She chats in a positive upbeat perspective, but knows when to offer consoling remarks; she can tell jokes, and she can identify a picture.

With AI in most corners of our home lives already, it seems inevitable that it would make its way into networking, with a strong initial emphasis in security. Malware is the most common application of AI, machine learning in particular; Cisco’s AMP is a front runner example of how machine learning is used to select which files are malicious. Introspect is a very similar Aruba product, and Aruba has other AI-driven products also: Niara and NetInsight. Cisco’s new DNA is built on 5 principles: cloud service management, automation, assurance, security, and virtualization. Assurance and security depend on machine learning.

Take Cisco’s AMP, which processes each and every file sent to or from you (and tens of thousands of others) with a hash algorithm to create a unique identifying signature, which is sent to their cloud data center, TALOS. If the file is a cartoon that has been floating around the Internet, it will be known to be innocuous and allowed through. Any previously identified file with an imbedded malware bot will be immediately recognized and removed from the email. Signatures for newly created and attached files, such as a quote I just generated and am sending to a customer, will be allowed but watched for a time to see if it duplicates itself, executes or injects code, or sends unexpected messages to remote servers or spam emails to all your friends.

This watching process is the province of AI. Not every packet sent to a remote server is a bad thing. A list of my friends’ email addresses could be bad, but if I were uploading them to Google+, LinkedIn, or Facebook, that would be fine. At one time the server’s location would reveal all you needed to know (any packet my laptop is sending to, say, the Ukraine is suspect!), but today’s criminals hide in Azure or AWS, right next to our favorite apps.

So the software has to learn what is malicious and what is not. But who can teach it? There is no rule book or master list of allowed vs. malicious activities. The software must be allowed to collect data on a plethora of different inputs so it can select the proper variables to define the “correct” formula for identifying maliciousness. This is machine learning. The software observes thousands of cases and decides for itself which events (variables) were actually significant clues or identifiable characteristics of maliciousness and which events are innocuous, harmless minutia—all without a human IT security person in a security operations center (SOC) trapping each file in a sandbox to determine if it’s safe.

Cisco is not limited in vision to security or machine learning either. They are also incorporating the capability to understand language. Cisco anticipates we will see voice interactions with machines increase. However, today’s devices, such as Alexa or a phone answering service, only understand specific commands—words spoken in a particular order. Cisco recently acquired MindMeld for their software’s ability to understand conversational speech. They are developing an AI-powered Cisco Spark assistant, “the world’s first enterprise-ready voice assistant.”

Cisco’s new DNA platform incorporates a module called Assurance, which they say will, “Proactively predict performance through machine learning to correlate user, device and application data for contextual business and operational insights. Identify issues and provide actionable insight to deliver better, more personalized experiences.”

Various aspects of AI, but especially understanding language and machine learning, are adding valuable features to new network infrastructure products. The advances in machine learning provide detection and notification of the kind of anomalies that humans monitoring networks manually would miss. The inclusion of AI in our networks should assist us in making the networks more secure and help to increase the network’s operational performance.

Michael Fleck is a Senior Systems Engineer at Connection, specializing in wireless networking. He has more than 15 years of experience in the field and is an Aruba Certified Design Expert and a Cisco Certified Design Professional. In his free time, Michael enjoys flower gardening.