MAY 25, 2018

Artificial intelligence (AI) is everywhere, but it seems everyone views it differently. To some, it harkens a new era in computing, business, and the very way people live their lives. To others, it is more a product of the Hollywood Hills than Silicon Valley. Movie studios have certainly done their part to imagine what a world with AI might transform into. From the brutally logical HAL 9000 to the dystopian world of I, Robot to the preposterous situations in Eagle Eye, the mysterious technology has taken on many mantels. Thankfully, most are still more fantasy than anything close to reality. For now, it is enough just trying to sort out definitions and practical applications for what many still generally refer to as AI.

As it stands, AI is best thought of as an overarching term, referring to one or more distinct subgroups. These subgroups include, but are not limited to: machine learning, neural networks, natural language processing, and expert systems. Functionally distinct, each subgroup presents a unique approach to programming man-made systems to think on their own. Some are built for very specific purposes and others are just different ways to tackle the same problems. Over the next few weeks, this blog series will cover AI disciplines in detail, but this inaugural post will focus on expert systems and why they are a critical component of the next generation of cybersecurity products and services.

First, a primer. For that, the proper motivation requires an understanding of the difference between inductive and deductive reasoning (expert systems depend on the latter). Inductive reasoning is an approach to problem solving that works from the bottom up. When someone uses inductive reasoning, he or she looks for evidence, uses that evidence to build hypotheses, then tests (falsifies) the hypotheses for a better idea of the truth. Too often, curious kids learn the hard way not to touch the stove because, through painful trial, they learn the meaning of hot (even if they don’t have the words to describe it). There has to be a better way!
Enter deductive reasoning. As opposed to the bottom-up inductive approach, deductive reasoning solves problems from the top down. Following from the previous example, rather than having to learn through trial and error, an adult can teach a child the concept of “hot” and its associated dangers, offering examples of hot things such as the kitchen stove. The child learns by trusting the adult and learning to associate things in terms of hot and cool or danger and safe. (Wishful thinking for many parents.)

Expert systems rely on deductive reasoning and knowledgeable practitioners to “teach” machines how to associate evidence with high-level concepts. In cybersecurity, this is useful because a human can program an expert system to learn about steps hackers are likely to take in an effort to attack a system, exfiltrate data, and otherwise wreak havoc. Because of the millions of functions computers perform every second, training a system what to look for and what to ignore makes cybersecurity analysts’ jobs a lot easier.

The most important thing to recognize before going too far with AI is that the goal is not to eliminate people from the process. In cybersecurity, human adversaries are making moves that can oftentimes only be recognized and countered by human specialists. The prospects of AI – even without the Hollywood hype – are amazing. The ability to transfer tedious, repetitious tasks to an automated system that can even predict for what comes next will free up headspace, changing the way people think. But at the heart of every AI system, of every resulting program, and of every ultimate action will be a live person directing operations.
The next post will dig deeper into the technical aspects of expert systems, then examine high-order thinking functions currently performed by humans that are ready to be performed by machines. It will also consist of a more thorough explanation as to why, given all the different “flavors” of AI, expert systems are the right choice for improving cybersecurity.