IBM's artificially intelligent Watson computer set to tackle cyber crime
Image credit: IBM
IBM has taught its artificially intelligent computer Watson to scour through cyber-security incident reports written in natural language in a bid to help companies and cyber-security researcher better detect and ward off breaches.
Watson is known for its ability to answer questions posed in natural language and has ingested over a million cyber-security reports over the past year to learn how to distinguish false positives from actual attacks.
IBM has now made Watson’s powerful brain available to companies and cyber-security operation centres, where employees have to sift through hundreds of thousands of report pages every day looking for any indication of a planned attack.
The project, called Watson for Cyber Security, comes with an app called IBM QRadar Advisor with Watson, which enables cyber-security professionals to consult Watson’s vast cyber-security knowledge. The app draws information from multiple resources including cyber-security blogs, websites and research papers, thus considerably speeding up the time required to find relevant clues.
IBM is also introducing a Watson-powered chatbot that can advise customers of its global X-Force Command Center on cyber-security issues.
As part of a new research project, code-named Havyn, IBM will attempt to develop a voice-powered security assistant leveraging Watson’s conversation technology to respond to verbal commands and natural language requests from security analysts. Havyn will provide real-time information about newly detected threats as well as past incidents and provide guidance on steps required to restore the security of affected networks.
“Today's sophisticated cyber-security threats attack on multiple fronts to conceal their activities and our security analysts face the difficult task of pinpointing these attacks amongst a massive sea of security-related data,” explained Sean Valcamp, Chief Information Security Officer at Avnet, one of the first companies testing the technology.
“Watson makes concealment efforts more difficult by quickly analysing multiple streams of data and comparing them with the latest security attack intelligence to provide a more complete picture of the threat. Watson also generates reports on these threats in a matter of minutes, which greatly speeds the time between detecting a potential event and my security team's ability to respond accordingly.”
IBM believes cognitive technologies are necessary for cyber-security professionals to keep pace with the attackers and protect their customers against the growing number of cyber attacks.
Some experts estimate the number of cyber-security incidents will double over the next five years.
Currently, cyber-security teams have to analyse over 200,000 events per day, amounting to 20,000 man-hours per year, most of which are spent on false positives.
Earlier today it was announced that the UK government is under a constant cyber siege, with attackers attempting to steal the most valuable secrets.
According to Ciaran Martin, the chief of GCHQ's National Cyber Security Centre, there have been 188 high-level attacks on the UK government over the past three months including some that could have potentially threatened national security.
“In the case of government departments, [it is] getting into the system to extract information on UK government policy on anything from energy to diplomacy to information on a particular sector,” Martin told the Sunday Times.
State-sponsored agents, most frequently associated with Russia and China, are believed to be responsible for many of the attacks.
“Over the last two years there has been a step change in Russian aggression in cyber-space,” Martin added.
“Part of that step change has been a series of attacks on political institutions, political parties, parliamentary organisations and that's all very well evidenced by our international partners and widely accepted.”
Among these, according to US intelligence services, is an attempt by the Kremlin to interfere with the presidential election during a breach of Democratic National Committee computers.
According to Chancellor Philip Hammond, a former defence and foreign secretary, the NCSC had blocked 34,550 ‘potential attacks’ on government departments and members of the public in the last six months - a rate of around 200 hacks a day.
The latest response from the UK Government against cyber attacks is a scheme that will see teenagers being trained in cyber-security in order to boost Britain’s defences against online attacks.
This initiative will form part of the Government’s efforts to guard against a future skills shortage amid mounting concern over the damage hackers or terrorists could inflict on the country’s economy and infrastructure.