MIT Reveals AI Platform Which Detects 85 Percent of Cyberattacks

An anonymous reader writes: MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) says that while many 'analyst-driven solutions' rely on rules created by human experts and therefore may miss attacks which do not match established patterns, a new artificial intelligence platform changes the rules of the game. The platform, dubbed AI Squared (AI2), is able to detect 85 percent of attacks -- roughly three times better than current benchmarks -- and also reduces the number of false positives by a factor of five, according to MIT. The latter is important as when anomaly detection triggers false positives, this can lead to lessened trust in protective systems and also wastes the time of IT experts which need to investigate the matter. AI2 was tested using 3.6 billion log lines generated by over 20 million users in a period of three months. The AI trawled through this information and used machine learning to cluster data together to find suspicious activity. Anything which flagged up as unusual was then presented to a human operator and feedback was issued.Fast Co Design has an interesting take on this.

A.I. platform that detects 85% of attacks?

[U2xhc2hkb3QgU3Vja3M]

Is it called Colossus or Guardian?

Re:Not AI

[Megol]

A "no true AI" argument? This uses a neural learning system rather than a rule-based one, AFAIK those aren't commonly called expert systems.

However the new(?) thing is the design of the human-computer interaction, not the fact that it analyses log data.

Re:Well ain't that grand

[StikyPad]

The headline isn't the raw number, it's the improvement in detection rate, which is a substantial step forward.

I suspect that any machine learning algorithm is susceptible to being trained by attackers though, much the way 'Tay' turned into a Hitler-Loving Sex Bot. Unsupervised learning can be effective, but it's very easy to intentionally (and unintentionally) sabotage that success.

I had one of these years ago.

[Lumpy]

Step 1 : what is the source IP from?
Step 2 : is the source IP from outside the USA?
Step 3 : assume it is a cyberattack and throw out the packet.
Step 4: go back to step 1.

We never EVER needed anyone from outside the USA to access any of our servers, so we threw out all packets from outside defined IP sources. Solved over 85% of all cyberattack problems. Fake SSH and telnet login attempts dropped from 20 per hour to 1 per week. recently we started to remove IP ranges from Cable Internet providers and that significantly reduced the problems... No we dont care about consumers, we have very specific clients and they dont use consumer cable modems.

Tighten up your firewalls and servers, dont allow ip ranges you dont need. and yes we tell the CTO that when he is off to china that it sucks to be him, he will not have access.

Re:The unseemly truth

[JustAnotherOldGuy]

It's really just a 3.5 million character self-modifying regex. It should be aware by now. I knew this day was coming. What fools we've been!

I have a friend who says that our brain and our neural activity is "just a giant, continuously self-modifying regex pattern", and I'm not certain he's wrong. It would explain a lot, lol.

He is, but DON'T ban him... why? apk

I absolutely LOVE kicking the snot out of trolls like him with facts vs. their trolling bs lies here https://yro.slashdot.org/comme... & here https://yro.slashdot.org/comme...

* There's PLENTY like him & they are FUN to knock-the-chocolate out of - see proof in those links above as my evidence thereof!

APK

P.S.=> "I rest my case"... apk