AI is Improving Your Network Security Capabilities

04/07/2018 15:01:27

With the continuous development of Cloud Computing, Big Data, Internet of Things and other industries, the boundaries of internal and external networks are getting blurred. More and more devices such as cameras and smart home appliances are connected to the Internet, which means the chances of potential attacks and global threats are growing. Facing new challenges, we need to deal with the increasingly difficult battles in new ways.

Artificial Intelligence Brings New Possibilities to Enhancing Network Security
Driven by interests, the “dark” industry has been expanding, and attacking means are emerging one after another. During the defense process, we often need to face types of malware that are previously unknown. Artificial Intelligence, by virtue of its powerful self-learning and memory abilities, and the ability of data analysis and operation, can quickly search and screen tens of millions of events, and quickly find anomalies, risks and future threats. It is AI's natural advantage in the field of defense that makes "AI + Network Security" become popular. Especially in detecting unknown threats, preventing malware and executing files, what used to be passive defense has now become active prevention. This will greatly enhance the ability of network security and improve the efficiency of protection.
The following is the thermal curve of Artificial Intelligence and Network Security given by Cbinsights. It can be seen that AI has gradually become a popular word in the field of Network Security since 2012. Especially since 2016, Artificial Intelligence, represented by machine learning, has become the most heated topic in this field. Gartner also said that by 2020, the share of AI in the field of Network Security will grow from 10% now to 40%.

How Can AI be Effectively Applied in Network Security?
Looking at the global market, we can see that some Network Security vendors such as Vectra and Darktrace have been promoting that their own security capabilities are based on AI. So, does it mean that AI can solve all Network Security problems? In fact, there are certain differences in the environment between security vendors. Part of vendors tend to be "small with specific focus", while other vendors tend to be "large and all-inclusive". The interfaces of many vendors' security products are generally open source. Therefore, even if they only focus on a few functions, they can link up with other vendors' products, and users can gain the overall security capability. But this is not the case in market such as Asia. Security vendors there need to provide a complete set of Network Security solutions for enterprises. With the power of one vendor, it is not realistic to use AI in every aspect of the entire Network Security solution.

Therefore, Sangfor believes that theory and practice need to be integrated, in order for AI to be applied in the field of Network Security. This concept should take precedence over specific AI algorithm. For example, we can use SVM, logistic regression, decision tree, LSTM and so on for traffic detection, there are too many algorithms. But the algorithm itself is not the most important thing. It is more important to transform from traditional, rule-based problem-solving ways of thinking, to AI based problem-solving ways of think. Through long-term practice, Sangfor concludes that AI practice in Network Security requires considerations in the following 3 aspects:

1) Artificial Intelligence should be fused with other algorithms

Traditional, rule-based methods are still very effective in some scenarios, and AI algorithms are not applicable to all scenarios. Under such circumstances, rule-based, characteristic-based and statistics-based methods should be complementary to AI. In some scenarios use AI, in some scenarios use other methods, and use combined methods in the rest   scenarios. Only in this way can we make practical security products.

2) Artificial Intelligence needs to be able to continuously evolve

The traditional rule-based, characteristic-based and statistics-based methos is "dead". When a rule is written, if it could be matched, then it could be detected. If it didn’t match, it would be redesigned. And AI is data dependent. Data is rice, AI algorithm is a pot, offensive and defensive experts are the cook. With no rice and no cook, there wouldn’t be a meal. Artificial intelligence algorithms need continuous training for continuous detection of new threats. This relies on constantly adding new data, and attack and defense experts constantly tuning algorithms and models. And the ability to keep evolving is the soul of AI in the field of Network Security.

3) AI should work in collaboration with people to achieve human-machine intelligence.
In fact, this point has been reflected in the previous point. In practice, attack and defense experts, data scientists and security service experts should cooperate with AI. Attack and defense experts identify security problems; for example, putting forward new ideas to solve the problem according to the latest malicious behavior. Data scientists model problems, such as feature engineering and model building. Security service experts filter the results of AI identification and provide feedback. Only in this way can AI be truly applied.
Based on the above ideas, Sangfor has achieved exciting results in the field of AI. For example, deep learning is used for botnet detection. Two classification results achieved 99.7% of F value, 25 classification achieved 90.3% of F value, it’s in leading position in the industry. In the detection of black chain, the combination of rules and Natural Language Processing has achieved good results: during 7 months with the selected 112 users, a total number of 132,626 black chains were detected. The highest monthly number were 50,786, the lowest monthly number was 6,214, reaching 18,946 items on average. AI has also been applied to many other cases, such as Http detection, DNS detection, Webshell detection and scanning tool detection.

AI technology will also be introduced into Sangfor NGAF products to greatly improve and help customers deal with new types of attacks and unknown threats and reduce the risk of business security.

In the future, Sangfor will achieve more possibilities in the field of Network Security through AI, and protect the network for more users.

Our Social Networks

Global Service Center: