AI application overlooked in cyber security research

Despite the proliferation of cyber security products and services claiming to be driven by artificial intelligence, the application of the technology is being overlooked by research, a study shows

Cyber physical systems, privacy, internet of things (IoT) devices and cryptography make up the bulk of cyber security research, a survey of 1,200 global research projects reveals.

However, artificial intelligence (AI) is an “apparent omission” from the research which includes EU projects supported by more than €1bn, according to a review by cyber security technology commercialisation firm Crossword Cybersecurity.

A comparison of cyber security research from January 2008 to June 2013 with July 2013 to December 2018 shows the most popular cyber security research area is cyber physical systems (CPS), with more than 100 current projects identified in this area alone.

The data shows the US is the most active in CPS research, with a focus on securing critical national infrastructure.

Privacy is another leading area of research, with privacy-related projects up 183% in recent years, while projects with IoT elements have increased 123%, with around 14% of current projects having this privacy as the main area of focus.

With the promise of quantum computing on the horizon, the study shows there has been an influx of new projects that apply the technology to the future of cryptography, with a 227% increase in this area of research in recent years.

The study reveals significant differences between regions, with the EU focused on minimising exposure to cyber security risk for small to medium-sized enterprises (SMEs), while the US has a greater focus on the human component of cyber security.

Read more about AI and security

In addition to human factors in cyber security and cyber physical systems, top project funding areas in the US include securing the cloud, cyber crime, and the privacy of big data as applied to the scientific research community.

In the UK, the leading research verticals are critical infrastructure and securing the health sector, with 11 active projects each. Current funding across UK projects exceeds £70m, with quantum and IoT-related projects both more than doubling in the past five years. There are currently nine new UK projects with a focus on cyber physical systems.

The four UK projects with the greatest funding are in the fields of safe and trustworthy robotics, big data security, cyber crime in the cloud and quantum technology for secure communications. However, the most notable UK decline was in big data projects, which have dropped by 85%.

There are currently 52 global projects with a cryptographic focus, and at least 39 current live EU projects featuring a cryptographic element. In the UK, this area has been consistently strong over the last 10 years, with 18 projects starting between 2008 and mid 2013, and 19 projects from mid 2013 to now.

Tom Ilube, CEO at Crossword Cybersecurity, said the need to protect critical infrastructure has never been stronger as technology becomes more deeply embedded in every aspect of daily life.

“However, one apparent omission is research solely focused on the application of AI techniques to complex cyber security problems. We hope to see more of that in the future, as the industry works to stay ahead of the constantly evolving cyber security landscape,” he said.

AI-enhanced security necessary

AI-enhanced security products are necessary to keep up with cyber threats, and machine learning in particular can help organisations in making the shift from a focus on cyber defence to include detection and response, according to John Tolbert, lead analyst at KuppingerCole.

There are several places where machine learning comes into play for cyber security, particularly in anti-malware tools, where ML is “a must” because there are now millions of malware variants being created every day and only ML-assisted malware prevention products can keep up, he told attendees of the KuppingerCole Cyber Security Leadership Summit in Berlin in November 2018.

Other areas where ML comes into play, said Tolbert, is with firewalls, web application firewalls and application programming interface (API) gateways where ML can be used to analyse traffic patterns; threat hunting, where ML can augment capabilities to deal with huge volumes of data across thousands of nodes; data governance for auto-classification of data objects; authorisation and access control policies, where ML can aid with the analysis of access patterns and analyse regulations to auto-generate rules and polices; and with security information and event management [Siem] and user behaviour analytics, where ML can be used for efficient baselining and anomaly detection.

“Current tools are not able to cope with unknown attacks, and this is where AI and ML can be used to augment those tools. At the same time, we are seeing the emergence of tools that can help organisations to comply with regulations by building polices that can be reviewed by humans,” he said. 

Read more on Hackers and cybercrime prevention

Data Center
Data Management