Do you trust/believe in "Next Gen - Ai" products?

  • Total voters
    23
D

Deleted member 178

Many vendors are fudging terms when trying to sell their artificial intelligence security systems. Here's what you need to know when you buy.


At any recent security conference lately, you probably have heard hundreds of vendors repeating the words "We have the best artificial intelligence (AI) and machine learning." If you happened to be in one of those conversations and asked "What does that mean?," you probably got a blank stare. Many security consumers are frustrated when marketing pitches don't clearly articulate what AI does in a product to help protect an environment better.

There are several dilemmas facing security companies that keep them from being more up-front about how they use AI and machine learning. For some, the concepts are a marketing statement only, and what they call AI and machine learning is actually pattern matching. Also, machine learning relies on a tremendous volume of data to be effective, and there are very few vendors that possess enough of it to be successful in its implementation.

To avoid a wasted investment in this technology, it's essential to understand the basics of what AI and machine learning provide in security tools. My goal is for you to be equipped to ask the right questions when a vendor proclaims "We have the best AI!"
 

Winter Soldier

Level 25
When we use the expression "machine learning", we are talking about a subset of artificial intelligence where the software analyses the data, recognizes the features and "learn" from their examination. The machine can thus establish links between data and make predictions without being explicitly programmed to carry out these activities.
The machine learning then allows you to build in inductive way, a model based on some samples thus being able to take "decisions".
I think to robotics (my job) when I speak of machine learning, but some of these machine learning systems can also be used to fight malware, to detect intrusion in a network, etc.

In the business environment, when an AV vendor talk about machine learning on its products, it performs a predictive analysis, referring to the mechanisms that, by examining current and known facts, make predictions about future or unknown events.

Since these algorithms are based on the presumption of an event, and not on mathematical certainty, it is clear that the response is directed towards a probabilistic calculation, often close to the reality but not necessarily a concrete fact.
 

_CyberGhosT_

Level 53
Verified
Trusted
Content Creator
This is a very hard one, I don't believe in the totality of software vendors that are now on the AI band wagon
touting "the next best ****"
there are a few that are taking this seriously, and I am not here to start a debate so I am "not" going to name names but
the Stamp "AI" is being applied too liberally to too many right now, when the dust settles it will be far easier to see the clear picture. For now just read the stories and use that proverbial "grain of salt" approach.
 

jamescv7

Level 61
Verified
Trusted
The products nowadays are 'enhanced Ai' but not fully, since it will create danger for consumers about errors provided by machine learning.

Remember that AI are still create by humans and will never defeat the purpose where users should still analyze the interactive pop-ups.

----------------

If Ai is already been enforced then suppose expect the detection rate are nearly at 99% but it isn't.
 

Amelith Nargothrond

Level 12
Verified
To me , "next gen" products are more Pattern Matching than real Machine Learning.
AI means products dynamically build, match, edit (update), delete etc. the detection algorithms by themselves, based on what they learn, further correlating the info with other info they already "know", and then taking actions based on these. The "building of AI intelligence" process is based on other patterns, because it's done by coding. Therefore, the entire AI thing is still based on patterns.

It's really difficult to code cognitive human brain functions, if at all possible, which AI should've mean. On a small scale & extremely targeted applications, it might be possible.

But the level of data an AI should store (and then maintain, filter, categorize, clean up etc.) to truly get to be called "cognitive digital functions" is immense. So no, I think AI is still just a fancy marketing name (or even a scam) for a little bit more advanced algorithms, purely based on patterns.

So I agree 100% with @Umbra :)
 
Last edited:

Emmanuellws

Level 3
Interesting discussion here, for me, no matter what people call it, AI or ML alone can't protect a computer or server from being hacked or breached or infected. It should be an additional feature to a Traditional AV. I have been using Kaspersky and failed to see the strength in its System Watcher module. From my perspective, Viruses/Malware uses signatures, like a real world virus outbreak, someone has to be infected, only CDC or any scientist can study about the virus, dna it(signature), find the sources then label it with a name. This is what Traditional AV is doing. Then you have a vaccine, also what traditional AV is doing. You have all those prevention going on in the traditinal AV. Real world viruses mutated, so does computer viruses/malware. But computer viruses supposed to be predictable compare to a real world mother nature living organism viruses. In the event of a real world virus outbreak, CDC had to separate the unknown, healthy and infected then contain it, treat the infected. This is an ML/AI should be doing - record and split all the healthy programs, badprograms(malware/viruses) and ready to screen the unknown programs. Imagine ML this way, anywhere a person enters/exits, you have to be screened for any infectious disease - a humongous extra large database of personal info of all human being in this earth with their health status. Of course, if this is in the real world, it would be chaotic separating people and their love ones when you just have a normal flu or running nose, hehehe. But in the digital world, this can be done programatically with the use of Big Data. Enter the Big Data Whitelisting Approach. I dont care what and how the AI or ML achieve this, all I know is they are using MD5 or SHA256 fingerprint, there's no such bullshit thing as Maths approach to predict(Cylance self proclaimed). But, I still need a doctor to monitor me everyday from daily and existing disease or sickness and treat me if i got infected, therefor, I still need Traditional Antivirus protection.

Edit: here's my own view on what AI/ML formula is all about: Automatic Sandbox Screening(Result) = Classification of Program + MD5/SHA256 hash fingerprint = Big Data Whitelisting Approach

If you add this into the mix with an Antivirus formula then I shall call this as Next Gen AV. So, AI/ML alone is stupid without Antivirus. In the real world you have CDC, but if you don't have doctors and nurses and hospitals is stupid isn't it.
 
Last edited:

XhenEd

Level 27
Verified
Trusted
Content Creator
Note that AI can be weak or strong. Strong AI is what is referred to as true AI because it is already conscious. This does not exist (yet). Weak AI, on the other hand, only excels on a limited field. This does exist already. Examples of weak AI are some chess programs and some cybersecurity programs.

The rough model of the current AI is this: Artificial Intelligence > Machine Learning > Deep Learning. Artificial Intelligence is the umbrella term. Within AI are some subsets, like if-then rules, machine learning, etc.. What excels more because of its closeness to what AI should be is Machine Learning. This is why it is given more attention. Within Machine Learning are also some subsets. And what Is being developed currently within the field of Machine Learning is Deep Learning (or Artificial Neural Networks). Deep Learning, currently, is considered to be the most difficult to deal with because it is patterned to how the human mind works (though partially). Given this, deep learning is currently the closest to what is considered AI.

From what I read (I lost the link), to achieve strong AI, it is not enough to use machine learning and deep learning. All subsets (and subsets of the subsets, etc.) must be developed to achieve what is considered a conscious program.

Back to the topic of cybersecurity, I don't doubt that some are already using ML and Deep Learning. As far as I know, Bitdefender and DeepArmor are using deep learning. I'm sure there are others. The issue for me, however, is how they have implemented them. Maybe their implementation is substandard or basic. They might market their software as using ML (or Deep Learning), but maybe their ML ( or DL) system is very basic.

I believe there is AI (weak), but the issue is whether the cybersecurity companies are using it properly or just for marketing.
 

Amelith Nargothrond

Level 12
Verified
Although I am very familiar with the whole AI terminology, as I love the subject, I can't agree with some of them (but this is just me). It's either AI or not.
We, the humans, had to name somehow the steps we are making in this direction, hence the fancy weak or strong adjective defining/describing/classifying these steps we developed towards the real AI, and then combine the terms. Basically, exactly what you said @XhenEd .

But at the end of the day, it's not AI, it's just an abuse of terminology, to attract customers, thus I think they are misleading :)
 

XhenEd

Level 27
Verified
Trusted
Content Creator
Although I am very familiar with the whole AI terminology, as I love the subject, I can't agree with some of them (but this is just me). It's either AI or not.
We, the humans, had to name somehow the steps we are making in this direction, hence the fancy weak or strong adjective defining/describing/classifying these steps we developed towards the real AI, and then combine the terms. Basically, exactly what you said @XhenEd .

But at the end of the day, it's not AI, it's just an abuse of terminology, to attract customers, thus I think they are misleading :)
Yeah, in the end, it's a battle of how AI is defined.

I acknowledge that the main reason for the use of the term "AI" is for marketing. It's a futuristic term that current people, potential customers, aspire and look up to. :D
 

Amelith Nargothrond

Level 12
Verified
Yeah, in the end, it's a battle of how AI is defined.

I acknowledge that the main reason for the use of the term "AI" is for marketing. It's a futuristic term that current people, potential customers, aspire and look up to. :D
Exactly. Clearly we are still far away from the definition of AI, which is "human-like thinking" inside a machine. Human thinking is the very root of AI (by definition), but it so complex, we had to split it into many subsets.

We don't have (yet) the storage capacity and "medium" to even dream of this, technically. Not to mention the processing power needed to handle the data. We are not even at basic instinct levels of animals, as those are extremely complex as well, but maybe closer to them as to AI.

But manufacturers are defining and associating terms to their liking, hence the abuse of terminology.
 

Emmanuellws

Level 3
Example what real AI supposed to be :
Hmmm...I receive a new email.
Ok, someone from Amazon sent me with the title "Please review your order package from Amazon"
Let me login to my Amazon account, weird I never ordered anything.
Ok, back to my email, The content looks legit with my order number and my name. there's an excel file attached to it.
Oh well, Let's take a look at the attachment.
Let's scan it with my most powerful and has the largest updated database in the world Antivirus.....hmmm....................It is Clean!
Opening now.....wait...it is asking me to enable editing when all I want to do is just looking at its content...
ok, sorry, can't continue.
Let me upload to a sandbox first, execute it......ok....there are some interesting stuff happening here....
Oh...wait...in encrypts all the files in the sandbox and shows some messages. It is a zero-day ransomware!
ok, deleting email now and flag it as Malware. Done.


This is exactly what an AI should do like what an "IT Savvy Security aware kind of person" would do. This is total prevention.
 

XhenEd

Level 27
Verified
Trusted
Content Creator
I just read that Kaspersky utilizes deep learning too (of course, in their headquarters) aside from the general machine learning, but the article refers to the business side of Kaspersky. So, I'm not sure whether the technology is also used for the home versions.

Kaspersky doesn't believe that AI exists now (Eugene denies the existence of AI). So, for the company, machine learning and deep learning have to be taken as is, without connecting them to the concept of AI. :)
 

jamescv7

Level 61
Verified
Trusted
So far the sources possible for the Ai are through DNA, pattern matching, and data gathering information.

However the problem since all files and scripts have unique information; which will take a lot of time and research to formulate an accurate detection.

For sure those AI/machine learning are still relying on usual components to compare the detection; honestly Ai term is a catchy term to use for marketing tactics as many users are not aware on the overall functionalities.
 

Emmanuellws

Level 3
This ML technology currently are meant for smb and large Enterprise but not for personal or home users. There are no AI yet, more to machine learning, based on description it's more to automatic sandboxing and automatic classification, if referring to PAD360's method, but still, they integrated the AV into it as well as the behavioral blocking features. That's why I agree there are no AI yet can achieve this, and ML alone won't be a good choice and won't replace traditional AV that easily. Home users are the AI at home hehehe
 

XhenEd

Level 27
Verified
Trusted
Content Creator
This ML technology currently are meant for smb and large Enterprise but not for personal or home users. There are no AI yet, more to machine learning, based on description it's more to automatic sandboxing and automatic classification, if referring to PAD360's method, but still, they integrated the AV into it as well as the behavioral blocking features. That's why I agree there are no AI yet can achieve this, and ML alone won't be a good choice and won't replace traditional AV that easily. Home users are the AI at home hehehe
Machine learning, considered AI or not, in the field of cybersecurity, is really about classification of files (i.e. classifying new (or even old) files as malware or not, based on the learned data). Given this, ML isn't limited to the enterprise. In fact, most, if not all, AVs for home users employ ML to help classify (and judge) the files. Personally analyzing the files one by one is now impossible.

Like you, many would agree that the mere use of ML isn't enough. This is the reason why AVs don't just use ML to combat malware, but they use it as a complementary to help combat malware.
 

Emmanuellws

Level 3
So, at home we are the actual ML, AI for all the AV companies.
In the End, the ultimate goal for ML is actually increasing accuracy in detecting especially zero-day malware while at the same time aiming to reduce false positive rate.
 
Last edited:
  • Like
Reactions: XhenEd