Machine Learning in Cognitive Science and application in Cyber Security
The world is growing at a faster pace. The increasing reliance on cyber infrastructure by governments, industries, and economies makes them more vulnerable and increases the chances for cyber attacks.
In their most disruptive form, cyber-attacks target the enterprise, military, government, or other infrastructural resources of nations and their citizens.
Cognitive security may be particularly helpful as a way to prevent cyberattacks that manipulate human perception. Such attacks sometimes referred to as cognitive hacking, are designed to affect people’s behaviors in a way that serves the attacker’s purpose. Cognitive hacking is a cyberattack that seeks to manipulate the perception of people by exploiting their psychological vulnerabilities. The purpose of the attack changes in behavior, usually resulting from exposure to misinformation. As such, cognitive hacking is a form of social engineering although it may target a broad audience rather than specific individuals. Cognitive security efforts in this area include non-technical approaches to making individuals less vulnerable to manipulation as well as technical solutions designed to detect misleading data and disinformation and prevent its dissemination.
Like other cognitive computing applications, self-learning security systems use data mining, pattern recognition, and natural language processing to simulate the human brain, albeit in a high-powered computer model. Such automated security systems that are designed to solve problems without requiring human resources.
Enhanced SOC operation
A pillar of a mature cybersecurity program is the ability to detect when an attack is occurring. Today, tools already exist to aid first-and second-level support functions in detecting attacks and incidents. However, with the increasing sophistication of both IT systems and attackers, the cost of labor required to keep systems safe can increase to untenable levels. Here enters cognitive computing, where the ability to automatically ingest, weigh, discriminate and evaluate immense quantities of data can be expected to represent a centerpiece of modern threat detection. While human attention may fail, and simpler algorithms may misdiagnose threats, the cognitive computer promises to be powerful enough to see the whole system at once, and clever enough to see through subtle anomalies and attack patterns. Moreover, it can not only automatically identify a threat, but also actively scan for vulnerabilities in a systems’ configurations, and propose corrective actions. All at speeds that could define the success or failure of a cyber-attack. For example, by using a cognitive computing-based platform, a security operations center (“SOC”) provider has been able to reduce the average time for threat investigation and root cause determination from 3 hours to 3 minutes4. This may serve to increase the coverage of an organization’s SOC, also helping to bridge the gap in skills and talent that many SOCs experience today, since fewer security engineers are required for triage and first-responses.
Automated threat intelligence
So far, much of cybersecurity has depended on reactive strategies, responding to threats as and when they manifest. While cognitive technologies can achieve this, they also have the potential to proactively protect their owners’ systems by turning their skills of massively parallelized information analysis towards the vast repositories of cybersecurity information that exist today. Vendors of cognitive technologies promise the ability to ingest data from millions of disparate information sources so as to identify actionable threat intelligence that is meaningful to individual companies, allowing them to prepare proactively. Such intelligence consists of hints and early indicators of threat actors’ intentions, targets, and methods used. When the speed and accuracy of your response determine the impact of attacks, the promise of cognitive computing to tap millions of information sources in search of early indicators can be invaluable.
The other side of the coin — applying cybersecurity to protect cognitive computing
Security plays an equally important but often neglected role as an enabler for cognitive computing. To take full advantage of cognitive computing, it is crucial to build and maintain preventative and detecting cybersecurity capabilities to ensure the confidentiality, integrity, and availability of underlying systems and data. Medical diagnostics, another strong example of the power of cognitive computing5, is one such case where the security of information being handled (private medical data), is of paramount importance. Furthermore, solving more complex problems may require additional computing power that needs to be provided by external distributed systems, such as public clouds. Additionally, the effectiveness and accuracy of predictive analyses based on neural networks and associated insights will rely on the availability of correct data sources that are neither corrupted nor manipulated. In all these cases, the implementation and enhancement of well-known cybersecurity capabilities such as rigorous and fine-granular identity and access controls, data leakage prevention mechanisms, strong encryption technologies, as well as system-health monitoring capabilities remain equally important as any investments in cognitive computing technologies themselves.
Cognitive outlook
At this stage, cognitive computing is still complementing human security specialists by suggesting strategies and calculating probabilities of outcomes. However, major industry players have already launched cognitive-based services for threat detection and security analytics. An example close to home is SIX, the operator of the Swiss financial market infrastructure, who is in the process of deploying IBM Watson for cybersecurity in a new “Cognitive Security Operations Center”
As humans and computers are learning to collaborate in ways that were impossible in the past, it is expected that more security capabilities based on cognitive computing will evolve over time. One day, such systems may even become capable of protecting themselves from threats, hence addressing the need for security in cognitive computing. While this may still be years out, the journey has definitively begun.
