Chapter 5. AI and ML on the Security Front: A Focus on Web Applications
AI and ML techniques and solutions, combined with automation, are now being used in security for threat detection and remediation. In the case of inbound web application requests, AI and ML techniques are exceptionally useful when it comes to observing, quantifying, and classifying inbound requests based on the degree of maliciousness.
Finding Anomalies
In most cases, ML solutions can develop an understanding of existing vulnerabilities because they are capable of being taught how to recognize potential attacks that could exploit these vulnerabilities. Increasingly advanced applications of AI and ML are not interested in identifying and defending against familiar threats; this is something traditional security systems can often achieve. Instead, AI and ML systems are being deployed to find and classify anomalies. In the case of protecting web applications, AI and ML systems are being used to determine whether an inbound request “appears” to be legitimate traffic or whether it is malicious in nature.
ML techniques eliminate the need to have human analysts spend time on what is already understood, or what are often repeatable and mundane tasks. The machine can handle known and well-documented threats while also homing in on the anomalies and threat indicators that have not been seen before. As a point of reference, suppose that a website receives 1,000,000 requests per day, and only 100 of those requests are ...
Get Security with AI and Machine Learning now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.