BLOG

Resources for Educators
& Professionals

 

Teaching The Power of AI in Network Defense: Leveraging New Capabilities

by  Gene Lloyd     Mar 18, 2024
man_looking_servers

Artificial Intelligence (AI) is becoming widely available throughout the world and has brought with it many new capabilities we did not have even just a few years ago.

Some are afraid that AI is going to take over the world, and others are diving in headfirst to see how effective it can be at solving problems, creating content, managing operations, analyzing data, or a slew of other potential applications.

Any time a new technology is created, we should look for methods to leverage its capabilities in a way that makes our jobs easier. Perhaps the greatest value of this computing capability within cybersecurity is the ability to analyze large amounts of data in a short period. That analysis is the focus of this article.

Analyzing Network Data: Revealing Malicious Activity

Analyzing network data is the bread and butter of cyber security. This is the task that reveals activity on the network and determines if any of it is malicious. This is the methodology used to determine how a worm is propagating, to collect evidence of cybercrimes, to find the insider sending proprietary information off the network, and to discover exactly what is happening behind the scenes.

It is often said that “the truth is in the packets” because this is where we see what is really happening. The problem, of course, is that the larger a network becomes, the more difficult it is to accurately analyze every packet. This forces analysts to focus their time on commonly attacked services or well-known attack vectors instead of trying to analyze every connection.

This is where AI comes into play. A properly trained AI engine can sort through hundreds of thousands of lines of packet data in a few seconds and point out any anomalies that could be a cause for concern. A human would take weeks to accomplish the same task and would be hard-pressed to have the same level of efficiency.

AI could also be used to analyze past data, if it was stored, to find long-term anomalous activity. I once investigated a hacking incident where the perpetrators had consistent access to a victim system for over 30 days. This breach went unnoticed because there was too much data for a few analysts to effectively review allowing the hackers to stay hidden. The use of AI, had it been available at the time, could have potentially caught this activity much sooner.

woman in server room

Education and AI in Network Defense: Working Smarter, Not Harder

In the education arena, students need to be trained in the latest capabilities available. Especially when working in cybersecurity. Students should be taught how to leverage this groundbreaking capability into a standard network defense operation.

The adage, “work smarter not harder” is very applicable here. For example, we often ignore standard web traffic when analyzing network packets because there is just too much data to sort through. But AI could sort through it very quickly.

A good hacker knows how to hide their data among many innocuous packets. This is one way they can gain access or collect information without being noticed. They know the difficulty in sorting through all the everyday packets that make up surfing the web for the news, latest sports scores, and other interests. AI is the tool that can turn the tables.

The current and consistent method of packet analysis is to look for specific strings of information within the data instead of reviewing every packet. We look for specific Linux commands that should not be coming across the wire, attempts at creating backdoors on specific ports, sneaky ways to trick databases into providing access, and many other commonly known attack vectors. But in this process, we end up ignoring 90 percent or more of the traffic coming across the network.

We should certainly continue educating students on these capabilities, but we should also research how to incorporate AI into the process and provide students with the knowledge of how to leverage AI in a way that greatly reduces the hacker’s success rate.

The Game-Changing Potential of AI in Network Defense

There are three big pieces AI can bring to the table today:

  1. Advanced threat detection can help identify threats that signature-based capabilities tend to miss. AI can accomplish this by learning from traffic patterns and user behaviors to the point that it may even be able to recognize the hard-to-catch zero-day attacks.
  2. The ability to recognize the difference between normal benign activity and real threats can reduce the number of false positives that waste time and cause unnecessary network disruptions.
  3. AI can make a network defense team much more cost-effective because a few analysts will be able to accomplish much more than a larger team.


It would be wise for any professor teaching cybersecurity to dive into learning more about AI capabilities and develop lessons on these topics. Companies hiring new graduates will be ecstatic to have new employees armed with knowledge of the latest technologies that can be used in the fight against hackers. Popular tools like ChatGPT already have the ability to analyze uploaded capture files and report suspicious packets. This would be a good place to start. Some intrusion detection systems are also starting to include AI capabilities to lessen the load on human analysts. This too can be an effective strategy.

The ultimate goal of cybersecurity is to keep the bad actors out of the network. Past methods have been mostly effective, but the limited human resources on any particular network have given hackers the edge. Network defenders have to be correct 100 percent of the time to keep attackers at bay while a hacker only has to get lucky once.

AI can help tilt the scales in the other direction giving the defenders the edge for the first time in computing history. The key lynchpin in this is for educators to make this a reality by training their students on how to put these tools to work. Within the realm of cybersecurity, the only ones who should fear AI are the hackers.

Network Security, Firewalls, and VPNs, Third Edition

Network Security, Firewalls, and VPNs, Third Edition provides a unique, in-depth look at the major business challenges and threats that are introduced when an organization’s network is connected to the public Internet.

Request Your Review Copy

Related Content:

About the Author:

Dr. Gene Lloyd is an adjunct professor at Liberty University. He teaches computer science and cyber security programs for undergraduate and graduate students with a focus on applied cryptography, digital forensics, ethics, legal issues and policies, web security, ethical hacking, security operations, risk management, network security, access control systems, and advanced topics in computer security.

Stay Connected

Categories

Clear

Search Blogs

Featured Posts

Teaching The Power of AI in Network Defense: Leveraging New Capabilities

by  Gene Lloyd     Mar 18, 2024
man_looking_servers

Artificial Intelligence (AI) is becoming widely available throughout the world and has brought with it many new capabilities we did not have even just a few years ago.

Some are afraid that AI is going to take over the world, and others are diving in headfirst to see how effective it can be at solving problems, creating content, managing operations, analyzing data, or a slew of other potential applications.

Any time a new technology is created, we should look for methods to leverage its capabilities in a way that makes our jobs easier. Perhaps the greatest value of this computing capability within cybersecurity is the ability to analyze large amounts of data in a short period. That analysis is the focus of this article.

Analyzing Network Data: Revealing Malicious Activity

Analyzing network data is the bread and butter of cyber security. This is the task that reveals activity on the network and determines if any of it is malicious. This is the methodology used to determine how a worm is propagating, to collect evidence of cybercrimes, to find the insider sending proprietary information off the network, and to discover exactly what is happening behind the scenes.

It is often said that “the truth is in the packets” because this is where we see what is really happening. The problem, of course, is that the larger a network becomes, the more difficult it is to accurately analyze every packet. This forces analysts to focus their time on commonly attacked services or well-known attack vectors instead of trying to analyze every connection.

This is where AI comes into play. A properly trained AI engine can sort through hundreds of thousands of lines of packet data in a few seconds and point out any anomalies that could be a cause for concern. A human would take weeks to accomplish the same task and would be hard-pressed to have the same level of efficiency.

AI could also be used to analyze past data, if it was stored, to find long-term anomalous activity. I once investigated a hacking incident where the perpetrators had consistent access to a victim system for over 30 days. This breach went unnoticed because there was too much data for a few analysts to effectively review allowing the hackers to stay hidden. The use of AI, had it been available at the time, could have potentially caught this activity much sooner.

woman in server room

Education and AI in Network Defense: Working Smarter, Not Harder

In the education arena, students need to be trained in the latest capabilities available. Especially when working in cybersecurity. Students should be taught how to leverage this groundbreaking capability into a standard network defense operation.

The adage, “work smarter not harder” is very applicable here. For example, we often ignore standard web traffic when analyzing network packets because there is just too much data to sort through. But AI could sort through it very quickly.

A good hacker knows how to hide their data among many innocuous packets. This is one way they can gain access or collect information without being noticed. They know the difficulty in sorting through all the everyday packets that make up surfing the web for the news, latest sports scores, and other interests. AI is the tool that can turn the tables.

The current and consistent method of packet analysis is to look for specific strings of information within the data instead of reviewing every packet. We look for specific Linux commands that should not be coming across the wire, attempts at creating backdoors on specific ports, sneaky ways to trick databases into providing access, and many other commonly known attack vectors. But in this process, we end up ignoring 90 percent or more of the traffic coming across the network.

We should certainly continue educating students on these capabilities, but we should also research how to incorporate AI into the process and provide students with the knowledge of how to leverage AI in a way that greatly reduces the hacker’s success rate.

The Game-Changing Potential of AI in Network Defense

There are three big pieces AI can bring to the table today:

  1. Advanced threat detection can help identify threats that signature-based capabilities tend to miss. AI can accomplish this by learning from traffic patterns and user behaviors to the point that it may even be able to recognize the hard-to-catch zero-day attacks.
  2. The ability to recognize the difference between normal benign activity and real threats can reduce the number of false positives that waste time and cause unnecessary network disruptions.
  3. AI can make a network defense team much more cost-effective because a few analysts will be able to accomplish much more than a larger team.


It would be wise for any professor teaching cybersecurity to dive into learning more about AI capabilities and develop lessons on these topics. Companies hiring new graduates will be ecstatic to have new employees armed with knowledge of the latest technologies that can be used in the fight against hackers. Popular tools like ChatGPT already have the ability to analyze uploaded capture files and report suspicious packets. This would be a good place to start. Some intrusion detection systems are also starting to include AI capabilities to lessen the load on human analysts. This too can be an effective strategy.

The ultimate goal of cybersecurity is to keep the bad actors out of the network. Past methods have been mostly effective, but the limited human resources on any particular network have given hackers the edge. Network defenders have to be correct 100 percent of the time to keep attackers at bay while a hacker only has to get lucky once.

AI can help tilt the scales in the other direction giving the defenders the edge for the first time in computing history. The key lynchpin in this is for educators to make this a reality by training their students on how to put these tools to work. Within the realm of cybersecurity, the only ones who should fear AI are the hackers.

Network Security, Firewalls, and VPNs, Third Edition

Network Security, Firewalls, and VPNs, Third Edition provides a unique, in-depth look at the major business challenges and threats that are introduced when an organization’s network is connected to the public Internet.

Request Your Review Copy

Related Content:

About the Author:

Dr. Gene Lloyd is an adjunct professor at Liberty University. He teaches computer science and cyber security programs for undergraduate and graduate students with a focus on applied cryptography, digital forensics, ethics, legal issues and policies, web security, ethical hacking, security operations, risk management, network security, access control systems, and advanced topics in computer security.

Tags

Clear