AI has a lot of potential for cybersecurity applications, such as predicting attacker behavior, learning from existing cyber incidents, and taking proactive defensive measures to protect critical infrastructures.
Historically, we proposed techniques for detecting advanced cyberattacks in enterprise networks based on creating semantic representations of network logs and endpoint data, using a range of supervised and unsupervised learning methods. We deployed our algorithms in industry and on several university networks, where they detected unknown malicious activity, including Self-Propagating Malware attacks.
At the Institute for Experiential AI, we're actively working to answer some open questions in the Cybersecurity space. For example, we're looking for the best representations of cyber data that model spatial and temporal relationships among various entities in cyberspace and the various types of information we can share across defenders to improve the effectiveness of models trained on a single network.
We want to collaboratively learn global models that preserve the data privacy of individual contributors and achieve better detection capabilities than local models trained by a single enterprise. And we're striving to prevent future advanced cyberattacks by deploying intelligent AI agents to coordinate cyber defenses.