Artificial Intelligence in Cyber SecurityThis has been the endeavor of many before me, and probably many after me. My hope is that someone, or some group, cracks the barrier to true cyber security intelligence in my lifetime. It will be a cool thing to witness.
In the meantime, we will continue to write less than true Artificial Intelligence code in order to approach the goal. The phrase "fake it 'til you make it" comes to mind. We can mimic the cognitive processes until we actually author cognition.
I don't want to go down the path of forming a definition of consciousness or the definition of being sentient, I just want to mimic thought processes with a computer. This is my goal, to mimic thought, not create sentience. I have always tried to design and implement at an abstract level. Remaining at a higher level of abstraction makes it easier to remain domain agnostic. Modeling with a specific domain problem as a use case helps make the implementation progress faster. Balancing the abstract with the tangible optimizes the path forward. Too much focus on the abstract, and you solve no problems. Too much focus on the specific, and you only solve one problem.
Mimicking the Neocortex
We want to mimic our brain’s neocortex process. By creating a functional mimicry of the neocortex column, we will create a process that can rationalize the ingested data.
A signal comes into the column and the column classifies it. The column examines the input and assesses it to see if it recognizes it as something it can name. If it can recognize the input, it passes that name to another column. The columns form a hierarchy which each successive column classifying the signal a little more abstractly than its predecessor. This hierarchy forms a Belief Propagation Network (BPN). The current beliefs of the system are represented by the objects that have risen to the top of the hierarchy.
We will also want to ascertain what class the input belongs to and label that input with the appropriate class name.
The class names are specified in an ontology. An ontology is a specification of a conceptualization. Or in simpler terms, an ontology is a dictionary of classes. Classes are sets of things that are similar to one another. Knowing that a thing is in a class allows you to understand the type of thing it is. Hence, class definitions are a data typing mechanism. In ontologies and Object Oriented Programming we say that classes are abstract data types.
When we have a collection of things that are labeled with their class name, we call it an object of the class type. In the real world model, we are very comfortable with this concept. Vehicle is a class of things. My specific Toyota Tundra that I drive is an object of type vehicle.
The Reasoning Lifecycle
There are a lot of companies out there taking steps toward this sort of automated thinking. At DarkLight™ we create Programmable Reasoning Object’s (PRO’s) that, like the neocortex, sort input data into their classes. We can take in data, examine that data, and if appropriate, bind that data together as an object, and label it with its class name. In simple terms, the PRO brings together any facts (represented as objects) it needs to classify the objects.
The gathering of the facts can be from the main semantic graph, local contextual semantic graphs, and/or from online semantic graphs. Once the facts (relevant objects) have been gathered together a Description Logic (DL) reasoner, also known as an inference engine, is invoked. The DL reasoner is responsible for examining all the facts in the PRO’s memory (local semantic graph) and inferring any additional facts that it can.
An important part of the lifecycle is the PRO’s ability to access and collect relevant facts from contextual semantic graphs. Some relevant facts are statistics about the ongoing situation. For instance, we may want the PROs in our systems to have access to trends. Information such as, knowing what Snowden’s average daily download size was.
If a PRO finds that it can classify the stuff in its local semantic graph it publishes the additional information into the main semantic graph. After running the DL reasoner, the PRO checks to see if the reasoner has inferred that the things in its local semantic graph are of the type it was designed to look for. If it can infer the classification, it will add the types to the objects and write the new types into the main semantic graph.
The Benefits of Cyber Security Intelligence
By mimicking the neocortex and automating the reasoning process, we can process data in near real time. We can use this information to identify anomalies, reduce false positives, and help protect our enterprise against internal and external cyber-attacks.
Does YOUR enterprise use software that can reason?