Artificial intelligence (AI) is a powerful security weapon in two ways, according to Chris Volinsky, the assistant vice president of big data research for AT&T Labs. AI acts predictively by analyzing historical data to understand the subtle changes that presage an attack. It also acts reactively by quickly detecting traffic increases and patterns that suggest a denial of service attack has started.
Volinsky, in Part II of a conversation with Telco Transformation, suggests that AI can change the dynamic between the good people and the bad because of the massive amount of data to which AT&T -- and, by extension, other network operators -- have access to. In Part I, Volinsky spoke about the power of combining SDN with AI. (See AT&T's Volinsky Talks About the Power of AI.)
Telco Transformation: How does AT&T use AI for security?
Chris Volinsky: You can think of it as similar to some of our other projects. We want to go from reactive to proactive. A lot of security right now is waiting to see when something goes wrong, and then swooping in to identify it and fix it as quickly as possible. It's often fixed in a one-off way, such that we identify this particular virus or phishing attack, and we implement rules to stop attacks or viruses that are just like that one. So it's kind of rules-based and reactive.
Where I think machine learning and AI are going to take it, or are taking it now, is to think of it more predictively. We could identify a big virus attack, or exfiltration attack, in one of our enterprise customers. In addition to going and shutting that down, what we can do is look at all of the data that we had, let's say, for a month before we detected the attack… all of the data, all the variables and all the attributes, and then say, "Is there anything that happened in that month that looks like it was leading towards this attack?"
You may find a trigger. Maybe the bad guys were sending some test messages before they did the denial-of-service attack. You can identify patterns and how these breaches happen. We don't know what they're doing, but let's let the data tell us, let's look across a few of these examples that we have, see if there are common patterns that we can determine. If we can, then we can use that modeling to implement early warning systems that will identify things before they happen, and be more predictive.
Another example is just using the advanced analytic techniques to detect things quicker. Anomalies in volumetric analysis, or in connectivity analysis, show that an anomaly has happened. We can just get to those things as quickly as possible after they happen.
We try and approach this from both sides, from the predictive side, as well as the reactive side.
TT: Clearly, a big telecom provider will have AI platforms and tools to which hackers don't have access. Does AI change the dynamic between the bad guys and the good guys?
CV: I would put it a different way. I would say, I don't know that the tools are more accessible to us than to the bad guys. But what is more accessible to us is the data on the network. We have visibility into data -- at least on the networks that we run -- which allows us to see across many, many different attacks, in many, many different locations, of many, many different types and to use that information to help model what the next attack is going to be like.
TT: That makes sense. But you also would have access to better platforms, too. I don't think crackers are going to replicate the platform that AT&T has. Would there be an advantage there as well?
CV: Yes, but… when the hacking is done by a state-run organization with access to large amounts of cash and equipment, I wouldn't necessarily say that they can't replicate the scale of the computational power that we have.
TT: Without commenting on AT&T in particular, which I know you can't do, do you feel in general that AI is going to cost jobs?
CV: Is automation made possible by AI going to cause a widespread displacement of the workforce? My answer is a pretty emphatic no. My view is that this is just the latest chapter in a long path that we've been taking as a society towards automating tasks. In our business, in telecom, we used to have thousands of people connecting phone calls with wires on a switchboard. Those people all got displaced by automation, but the industry, and the economy, and the jobs still continued to grow, because the automation is creating new technology, new fields emerge out of that. I'm proud of what our leadership has done here in terms of retraining people.
— Carl Weinschenk, Contributing Writer,Telco Transformation