人工智能在網絡安全領域的輔助應用和面臨的挑戰

高偉波 李仲琴

摘? ?要：人工智能工具用于分析數據和預測結果，其對許多行業都是福音，包括網絡安全和國防行業。目前，越來越多的防病毒和網絡威脅情報系統正在尋求將人工智能技術集成到網絡防御響應能力中。過去網絡安全領域的觀點認為威脅主要來自于單獨的黑客入侵行為，而事實上，我們面對的是有著嚴密組織的網絡犯罪集團[1]，勒索軟件就是一個典型的例子。傳統網絡安全領域存在兩個重大缺陷：一是非常依賴規則;二是無法根據現代企業的規模進行擴展。但是，人工智能則可憑借其強大的學習和運算能力，迅速地從百萬次迥異的嫌疑事件中發現異常、風險和未知威脅的信號。文章闡述該如何利用人工智能、機器學習、深度感知等方法，提升應對網絡安全威脅的能力，從而更全面、高效地建設我國的信息安全保障機制，使局部安全服務于國家安全。

關鍵詞：人工智能;網絡安全;深度學習

中圖分類號： TP393.0? ? ? ? ? 文獻標識碼：A

Abstract： Artificial intelligence tools are used to analyze data and predict results. They are good news for many industries， including cybersecurity and defense industries. At present， more and more antivirus and network threat intelligence systems are seeking to integrate artificial intelligence technology into network defense response capabilities. In the past， the point of view in the field of cybersecurity was that the threat mainly came from separate hacking activities. In fact， we are faced with a tightly organized cybercrime group[1]. Ransomware is a typical example. There are two major flaws in the traditional cybersecurity field： one is very dependent on rules; the other is that it cannot be expanded according to the scale of modern enterprises. However， artificial intelligence can quickly find signals of anomalies， risks， and unknown threats from millions of very different suspected events with its powerful learning and computing capabilities. This article explains how to use artificial intelligence， machine learning， depth perception and other methods to improve the ability to respond to cybersecurity threats， so as to build a more comprehensive and efficient information security assurance mechanism in my country， so that local security serves national security.

Key words： artificial intelligence; cybersecurity; deep learning

1 引言

人工智能在進入20世紀后高速發展，尤其是在2010年后，一系列基于大數據、高性能GPU和高速網絡的深度學習方法被研究完善，使得之前被認為需要到21世紀中葉才能實現的人工智能技術，在當前就已經成為現實。

最初，網絡安全和人工智能被認為是兩個獨立的實體。為了提高工作效率，人工智能研究人員開始著手創建機器學習模型，而網絡安全專家則試圖設計出更安全的身份審計系統。隨著時……