IBM's AI Watson might be solving cyber-crime by end of year

IBM Watson
IBM Watson

IBM will train its Watson artificial intelligence system to solve cyber-crimes, the tech giant announced.

Big Blue will spend the next year working with eight universities to help the Watson AI learn how to detect potential cyber-threats. The eight educational institutes include California State Polytechnic University, Pomona; Pennsylvania State University; Massachusetts Institute of Technology; New York University; the University of Maryland, Baltimore County (UMBC); the University of New Brunswick; the University of Ottawa and the University of Waterloo.

The cognitive system will process large amounts of information and students will train up Watson by annotating and feeding the system security reports and data, according to IBM.

This data also includes information from IBM's X-Force research library, which contains more than 100,000 documented vulnerabilities. As many as 15,000 security documents, such as intelligence reports, will be processed each month.

The project is designed to improve security analysts' capabilities using cognitive systems that automate the connections between data, emerging threats and remediation strategies.

Watson for Cyber Security will be the first technology to offer cognition of security data at scale using Watson's ability to reason and learn from "unstructured data" – 80 percent of all data on the internet that traditional security tools cannot process, including blogs, articles, videos, reports, alerts and other information.

IBM said that most organisations only use eight percent of this unstructured data. It will also use natural language processing to understand the vague and imprecise nature of human language in unstructured data. This means that Watson can find data on an emerging form of malware in an online security bulletin and data from a security analyst's blog on an emerging remediation strategy.

It is hoped that the use of Watson to detect cyber-threats will ease the skills gap present in the security industry.

“Even if the industry was able to fill the estimated 1.5 million open cyber security jobs by 2020, we'd still have a skills crisis in security,” said Marc van Zadelhoff, general manager at IBM Security.

“The volume and velocity of data in security is one of our greatest challenges in dealing with cybercrime. By leveraging Watson's ability to bring context to staggering amounts of unstructured data, impossible for people alone to process, we will bring new insights, recommendations, and knowledge to security professionals, bringing greater speed and precision to the most advanced cyber-security analysts, and providing novice analysts with on-the-job training."

IBM intends to begin beta production deployments that take advantage of IBM Watson for Cyber Security later this year.

Graham Fletcher, associate partner at Citihub Consulting told SCMagazineUK.com that the application of machine learning and cognitive computing to problems that have been traditionally only been solved by humans is an “exciting development”.

“I am sure that, over time, the technology will continue to improve and be capable of solving problems of higher and higher complexity. Cyber-security is an interesting area to apply machine learning to as it is a good example of where human minds have rapidly adapted to changes in technology and various cyber challenges on both sides of the divide,” he said.

“As hackers become more sophisticated, those protecting their networks also elevate their game and then in turn the bad guys evolve again and so on.”

But Fletcher questions whether a  Watson style machine will be more effective than highly trained cyber-security professionals and whether this will result in job losses.

“I think in general the answer is no. As this technology develops, humans will still be needed to look out for the next level of attack. Also to catch a hacker, sometimes you have to think like one, so a machine might not always be able to match the creativity and guile of a human.

“On the other hand, it is also worth remembering that most sophisticated attacks now are coming from well organised and well-funded sovereign states and/or organised crime so if the good guys can use machine learning – so can the bad guys!”

Michael Hack, senior vice president of EMEA operations at Ipswitch, told SC that in the future, mitigating such attacks will be dependent on this kind of AI, with the ability to detect an offence early and run the necessary countermeasures.

“These self-learning solutions will utilise current knowledge to assume infinite attack scenarios and constantly evolve their detection and response capabilities.”