【前沿】如何实现“认知安全”?

认知安全系统最重要的是具备三项能力——理解能力（Understand）、推理能力（Reason）、学习能力（Learn）。...



原文：Cognitive Security = Security That Understands, Reasons and Learns

选自：Forbes



导读

近一个世纪以来，我们通过电脑编程来解决各种复杂的问题，我们可以模拟天气、进行基因测序并与全世界分享实时数据。但是，一个人抑或是一群人的分析能力，都是非常有限的，尤其是涉及到庞大数据的情况下，安全领域便是如此。更何况，传统的系统并不具备分析师那样敏锐的洞察力和强大的分析能力。安全问题已是刻不容缓，“认知安全”已不再是纸上谈兵。

We've programmed computers to help solve complex problems for almost a century. We can now simulate weather, sequence genomes and instantly share data across the world.

But ask a computer to do something humansdo every day — recognize an image, read a book or explain the meaning of a poem— and it's a different story. Traditional systems fall short.

The same is true for security.

我们可以通过编程来识别病毒、恶性软件或安全漏洞，并通过不断调整持续提高精准度。但仅仅这样是不够的，我们还应能够察觉细微变化并对其进行准确分析，从而分辨和消除新威胁。这就需要我们在破坏发生前不断进行监测，使数据的作用发挥到最大化，实现防御目的。

For decades, we've programmed computers to recognize viruses, malware and exploits. We continuously tune them to become more accurate, but it's not enough. Adversaries constantly morph their attacksand find creative ways to breach defenses.

What organizations need is the ability to detect the subtlest change in activity and analyze it with as much context as possible to distinguish and eliminate new threats. It takes constant monitoring and maximum use of data to find attacks and abnormal behavior before damage is done.

然而，全世界每天产生数据的字节数超过了2.5*1018，其中仅有20%是我们可以直接利用的结构化数据，而剩下的80%都是非结构化数据（*即口头的、书写的或视觉的数据，人类可以较容易地理解这些数据，而传统的安全系统却很难理解）。目前，每天会发布成千上万的安全博文，其中包含详细的威胁情报。然而，安全分析师不可能完全了解其中的所有信息，而传统的安全系统也不可能拥有像分析师一样的分析力和洞察力。

However, the world produces more than 2.5 quintillion bytes of data every day, and 80 percent of it is unstructured. This means it's expressed in natural language — spoken, written or visual — that a human can easily understand, but traditional security systems can't.

The reality is that there are thousands of security blogs posted every day with detailed threat intelligence. But it's impossible for a security analyst to know everything that's in them, and traditional security is unable to analyze and apply this insight the way an analyst can.

This is why the most challenging security problems still require people to make sound decisions about what to act on and what's a false alarm. In fact, the best security professionals build their body of knowledge every day through experience, talking with colleagues, attending conferences and staying up-to-date on research.

而当“威胁情报”这一概念对我们来说还相对陌生的时候，IBM已经开始发力，推出了Watson for Cyber Security。基于云计算技术，对这一系统进行训练，使它能够识别安全语言。为了进一步提升系统能力，IBM计划与多个大学共同合作来提升该认知系统中安全数据的储存量。

Today IBM Security announced Watson for Cyber Security, a new cloud-based version ofthe company's cognitive technology trained on the language of security as partof a year-long research project. To further scale the system, IBM plans to collaborate with eight universities to greatly expand the collection ofsecurity data IBM has trained the cognitive system with.



IBM认为，认知安全系统最重要的是具备三项能力——理解能力（Understand）、推理能力（Reason）、学习能力（Learn）。通过对Watson for Cyber Security进行训练，在新的防御系统中加入安全直觉与专业知识模块。这样，系统就能够像专业安全人员一样，分析调查报告、网页文本、威胁情报以及其他与安全相关的结构性与非结构性数据，但速度将得到前所未有的提升。

Cognitive security involves training a new generation of cognitive systems to understand, reason and learn about constantly evolving security threats. We're beginning to build security instincts and expertise into new defenses that analyze research reports, webtext, threat data and other security-relevant structured and unstructured data— just like security professionals do every day — but at a scale like we've never seen.

这样的好处是：认知系统可以自动识别安全威胁，帮助分析人员察觉到最新的攻击并做出最快的反应，并且使分析人员有充足的时间处理其他紧急问题。认知系统本质上是自学习系统，可以使用数据挖掘、机器学习、自然语言处理和人机交互来模仿人脑的工作方式。

The result: analysts will call upon cognitive systems to help augment and even automate their understanding of athreat — making analysts smarter about the latest attacks and freeing upvaluable time to focus on other pressing issues. Cognitive systems are self-learning systems that use data mining, machine learning, and naturallanguage processing and human and computer interaction to mimic the way the human brain works.

基于利用大数据分析的安全智能，认知安全的典型特点在于具备理解能力、推理能力和学习能力的技术。通过对全网的结构化和非结构化数据进行主动搜索和抓取，将文本数据进行预处理，转化为可机读数据；同时，凭借庞大的安全专家团队优势以及机器学习技术，通过提问和回答的方式，让Watson学会“什么是安全”。

Built upon security intelligence, which takes advantage of big data analytics,cognitive security is characterized by technology that is able to understand, reason and learn. A much greater scaleof relevant security data is now accessible with cognitive systems that can process and interpret the 80 percent of today's data that's unstructured.

After ingesting a corpus of knowledge,curated by experts on any given subject, a cognitive security system is trained by being fed a series of question-and-answer pairs. This machine “knowledge” is then enhanced as security professionals interact with the system, providingfeedback on the accuracy of the system's responses.



一个最主要的不同是：这一安全系统可以在短时间内迅速理解和处理新的信息，在这一点上，它远超常人。所以我们现在可以训练该系统每天分析成千上万的调查报告、会议资料、学术论文、新闻报道、博文及各种行业警报，从而使这一认知系统在安全事件发生的同时不断学习和修正对于安全的认识，极大程度上节省安全人员的分析和响应时间，消除当前安全技能的差距问题，提高风险控制水平。

A key difference:a cognitive system comprehends and processes new information at a speed that far surpasses any human. Technical defenses can now be trained toanalyze thousands of research reports, conference materials, academic papers, news articles, blog posts and industry alerts — every day.

As cognitive systems continue to observe events and behaviors — distinguishing the good from the bad — the ability to take advantage of integrated defenses to block new threats gets stronger and stronger. By helping to make security analysts more effective and accelerating the response to emerging threats, cognitive security will help to address the current security skills gap, bringing heightened levels of confidence and risk control.

认知计算通过利用数据、知识、流程以及活动的推进，为高速发展的现代生活带来了巨大的变革。对于企业来说，拥有良好的认知能力会使自身的竞争优势更加明显，并且会有更加广阔的发展空间。

Cognitive computing is driving transformational change by harnessing not just data, but meaning, knowledge, process flows and progression of activity at a lightning-fast speed and scope. For organizations that embrace cognitive capabilities, the competitive advantage will be significant and far-reaching.

请

长按指纹识别图中二维码

    关注 浪潮规划咨询