The global and independent platform for the SAP community.
The opinion of the SAP community, IT Security Column, MAG 18-07

Wolf in husky fur? AI and cybersecurity

Attending cybersecurity conferences these days, all vendors seem to agree: "Artificial Intelligence" is the new silver bullet in the fight against malware, hacks, exploits and the measles.
Jörg Schneider-Simon, Bowbridge Software
August 30, 2018
Content:
It Security
avatar
This text has been automatically translated from German to English.

If you take a critical look behind the scenes of the advertising messages, you first notice that the term "Artificial Intelligence" is used very liberally in the marketing departments. "AI-powered" products usually use only one aspect of AI, namely machine learning.

Machine learning, however, is neither particularly new nor innovative in the field of cybersecurity.

For more than 10 years, anti-malware vendors have been using machine learning to analyze vast numbers of new malware variants samples and - now fully automated - generate detection signatures.

Machine learning algorithms have been used in SPAM and phishing detection for 20 years now - although not exclusively.

It is important to understand that all of these application areas are generally not about "deep learning" - i.e., the use of multilayer artificial neural networks. These are still far too memory- and CPU-hungry for use on server or client systems whose main application area is not the neural network.

The machine learning algorithm for cybersecurity does not exist: machine learning is very well suited to operate in a narrowly defined task domain.

Cybersecurity, and even a small slice like endpoint security, covers a wide range of possible attack vectors and methods. There is no "one-size-fits-all solution" from the AI bag of tricks here.

Machine learning algorithms get better and better "by themselves" over time? It is true that machine learning becomes better and better with large amounts of qualified data - in other words, it "learns".

By qualified data is meant that, in addition to the actual data, the algorithm also needs the information whether, for example, these files are infected or harmless, or whether an e-mail is ham or spam.

This means that, as a rule, the algorithms cannot be trained by the customer alone, because very few "normal users" are able, for example, to distinguish a malware-infected file from a clean file - at least as long as the malware (e.g. ransomware) has not become active.

Can AI solutions already replace classic security solutions today? Only the very, very brave - or very reckless - should back this horse.

Deterministic methods such as classic IP filters and/or pattern matching methods are still far superior for the vast majority of application fields, both in terms of performance and accuracy AI solutions. Depending on the area of application, it is also possible and sensible to weigh up the use of deterministic methods in the blacklist or whitelist procedure.

Do Machine Learning and Big (Training) Data necessarily improve the results? The quality of the results of a machine learning-based classifier, especially in the area of deep learning, depends not only on the algorithm, but also - or even more crucially - on the data with which it was trained.

Unfortunately, we users and end users cannot watch the cyber-security machine-learning algorithm make decisions. If we could do so, as scientists at the University of Washington have, we might discover cases like the one of the husky that was mistakenly identified as a wolf.

The reason for this was that most of the images of wolves used to train the system showed wolves in the snow. The visualization of the decision basis of the algorithm consequently showed that the animal on the only played a minor role in the decision. The presence of snow was decisive.

avatar
Jörg Schneider-Simon, Bowbridge Software

Jörg Schneider-Simon is Chief Technical Officer of Bowbridge Software, a provider of cybersecurity solutions for SAP applications.


All articles of the author

Write a comment

The SAP CEO Alternate

Workday Illuminate Is the Next Generation of Workday AI

Workday Signs Agreement to Acquire Evisort

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.