IBM supercomputer Watson wide usage: Cybercrime-IBM, supercomputer-IT information

IBM's Watson supercomputer resume very well, it won a variety show jeopardy (Jeopardy), has written a cookbook, and has been involved in medical innovation. What is the next stop of his legendary career? To deal with cyber crime. IBM recently announced that Watson is on the cloud, their cognitive ability to learn, apply to analyze, identify, and wants to prevent threats to the security of the network. But first, it had to learn fast.

Cover the Court

At present, there are a number of computer-enhanced methods to combat cyber-crime, most of which involve identifying exceptions, or when a user logs on at the wrong password too many times, determine whether they pose a threat.

This method of data collection and analysis is feasible. But its effect is not ideal. First, the data is simply too much. IBM's recent report noted that the average 20duowanjian security event data each day, there is no way to read. Like the Massachusetts Institute of technology (MIT) recently AI2 solutions can reduce the number of human researchers to filter events, there is still a problem, the data was only a fraction of the overall situation.

"This is about interpretation, learning, the introduction of non-structured data, research reports, white papers and blog into one," IBM Vice President of corporate security Caleb Barlow says, "those other forms of analysis structure is not perfect, nor easily recognized by the machine, it is difficult to further contextual insight into the potential danger. ”

Watson has a unique advantage at dealing with the same amount of time, but also can distinguish between critical context to decide what kind of threat to its existence. Human security researchers may not know all of the 75,000 strong command of known software vulnerabilities, or read the 60,000 security-related blog article, but Watson.

"The company has related teams, their job is to see all the news sources, and from this message trying to identify risks, and connect it with their infrastructure and computer, and asked whether the risk applies to their system. "Syracuse University (Syracuse University) computer security Professor Dr Kevin Du, said," it takes a lot of manpower. "If all goes well, the human may be passed on to machine learning.

Barlow's early career is emergency medical personnel, he likened to a Watson nurses, might have a head injury victims arrived at the scene. "Drinking too much alcohol and injuries to his head and other often exhibit the same symptoms," Barlow said, "nursing staff must figure out is which. ”

Nursing staff focus on structured data-blood pressure, heart rate, respiration, and so on, but also take into account the non-structured data, such as the oral replies, or patients involved in a kind of accident. In other words, having regard to all the nursing staff is not within the scope of the data and help them sort out exactly what happened. They can use all of the available information, and offering help to the doctor's in the hospital. "This is the work of Watson will do for security operations center. "Barlow said.

Du pointed out that this is not a new idea; has research papers and small studies, discuss the efficiency of unstructured data. But because Watson,IBM to be the first to try large-scale studies. "I think the technology is already there. Due to lack of capacity and investment, no one can actually prove that it is very useful. "Du says. "If the machine is trained, it can replace a lot of manpower. ”

This is not to say that Watson will replace human work; in fact, the industry has obvious talent gap. "Even in the year 2020, the network security job openings to fill about 1.5 million people, we are still in a security crisis," said General Manager Marc van Zadelhoff of IBM Security. Watson should help to alleviate their impact on us.

Learn

Previously, Watson needed to learn how network security work.

It is not, or at least not very well. Although IBM already began selecting Watson security file until it is ready before the real, has a lot to learn, said long. Given the complexity and importance of network security, this feat is not easy.

"This is not an ordinary software work," Barlow said, "it's not like you in a day, the software can be released. You have to train it. ”

IBM comprehensive research libraries help Watson this critical training. But not as just for Watson to see a bunch of articles and research reports that simple. You're going to teach what it all means, then it can teach us all how to interact.

"Think of things to do when looking at the files. It is to understand what these terms mean. What is a campaign? What is the target? What is an event? What is an indication of the event? "Barlow said. "These are security jargon. And it must understand the relationship. Malicious software that an organization, other organizations, and has some instructions. ”

And that does not include abbreviations for all network security world trade.

In order to help researchers in Watson,IBM manually mark a file into the system, is hand-selected documents and source code for the time being. Once Watson started to grasp a certain concept, and proved that it is able to interpret itself, they would in the United States with the help of students from eight universities from all over, to speed up the process. In the first phase of training, Watson will learn up to 15,000 per month security documents, connected to various libraries and news feed, to ensure that it does not lag behind. If any super computer that can do this, Watson also available.

"This is a real breakthrough," said Andras Cser, Forrester Research principal analyst, "Watson probabilistic decision intelligence technology is far more than any other manufacturer. It can rely on a larger data set command; faster processing, machine learning algorithms command. ”

"We taught Watson takes a bit of debate in the works," Barlow said, "We hope that it has brought us to a conclusion, the conclusion should be based on two things: pressing it? You know what would make this feasible? ”

Assuming it wasn't very fast, Watson later this year should be used by enterprise customers. Although it aimed at identifying threats that have taken place, and Barlow believes that there is potential for risk prevention. Some attacks may take several days, weeks or months; ideally, Watson can identify signals of an attack for a long time, and helping people in the middle to turn off attack.

This one is still trying to distinguish between verb and ranking of supercomputers in terms of asking too much, but it is possible.

"Taught Watson and teach my children is the fascinating difference between," Barlow said, "Watson will never forget. ”

IBM超级计算机Watson用途广：可打击网络犯罪 - IBM,超级计算机 - IT资讯

IBM的Watson超级计算机的简历十分出色，它赢得了综艺节目危险边缘（Jeopardy），写了一本食谱，并涉足了革新医疗。而其传奇生涯的下一站是什么？应对网络犯罪。近日IBM宣布，Watson正在把其认知学习的能力用在云上，应用到分析、识别、并希望能阻止网络安全的威胁。但首先，它不得不快速学习。

防守

目前已经有大量计算机增强的方法打击网络犯罪，其中大部分涉及识别异常，或当用户登录密码错误太多次时，确定其是否构成某种威胁。

收集和分析数据的这种方法是可行的。然而它的效果并不理想。首先，数据简直是太多了。IBM最近的报告指出，组织平均每天要看20多万件安全事件数据，根本没有办法看完。虽然像麻省理工学院（MIT）最近的AI2解决方案可以减少人类研究人员筛选事件的数量，还是有一个问题，这些数据只是大局的一小部分。

“这是有关解释、学习、引进非结构化数据、把博客、白皮书和研究报告等带入其中，”IBM公司安全副总裁Caleb Barlow说，“那些其他形式的分析结构并不完善，也不能轻易被机器识别，很难进一步补充上下文洞察潜在的危险。”

而Watson在处理同样的信息量时有得天独厚的优势，而且还能分辨出关键的上下文决定其存在什么样的威胁。人类安全研究人员可能不知道所有75000条已知的软件漏洞的坚定命令，或者从头到尾阅读了6万篇安全相关的博客文章，但Watson会。

“公司有相关的团队，他们的工作是看遍所有的新闻源，并从该消息试图找出风险，然后把它与他们的基础设施和电脑实际连接起来，并询问风险是否适用于他们的系统。”Syracuse University（雪城大学）计算机安全教授Kevin Du博士说，“这需要花费大量的人力。”如果一切顺利，这些人力可能会转嫁到机器学习上。

Barlow早期的职业生涯是急诊医学人员，他把Watson比喻为一个护理人员，赶到可能有头部受伤的受害者现场。“喝太多酒的人和头部受伤人员其他经常出现相同的症状，”Barlow说，“护理人员必须找出到底是哪个。”

护理人员着眼于结构化数据——血压、心脏率、呼吸等等，但也考虑到非结构化数据，如口头答复，或者病人卷入了什么样的事故。换句话说，护理人员考虑了所有不在数据范围内的东西，有助于他们理清到底发生了什么。他们能够通过利用所有可用信息，并在医院给医生的诊断提供帮助。“这就是Watson将为安全运营中心所做的工作。”Barlow说。

Du指出，这并不是一个新的想法；此前已经有研究论文和小规模的研究，讨论非结构化数据采集的效率。但是因为Watson，IBM才能做到第一个尝试大规模的研究。“我认为技术是早已存在的。由于缺乏计算能力和投资，没有人能实际上证明，这是非常有用的。”Du说。“如果这个机器训练有素，它可以代替很多人力。”

这不是说Watson必将取代人类的工作；事实上，在行业内具有显著的人才缺口。“即使到2020年，行业能够填补大概150万人的网络安全工作空缺，我们仍然会陷入安全危机，”IBM安全的总经理Marc van Zadelhoff说。Watson应该帮助减轻其对我们的影响。

学习

当然在此之前，Watson需要学习网络安全是如何工作的。

它尚未，或至少不很好。虽然IBM已经开始安排Watson学习安全文件，直到它准备好实战之前，要学的东西还很多，可以说长路漫漫。鉴于网络安全的复杂性和重要性，这壮举实属不易。

“这不是一个普通的软件工作，”Barlow说，“这不像你工作一天，软件就能发布了。你要训练它。”

IBM全面的研究图书馆有助于Watson这个关键的训练。但并不像只是给Watson看一堆文章和研究报告那么简单。你要教它这些都意味着什么，然后它就可以教自己这些都是如何互相作用的。

“想想它在看文件的时候要做的事情。它要了解这些术语是什么意思。什么是战役？什么是攻击目标？什么是事件？什么是事件的指示？“Barlow说。“这些是安全的行话。而且它必须理解其中的关系。一个组织的恶意软件，针对其他组织，具有一定的指示。”

而这些，还不包括所有网络安全世界交易的缩略语。

为了帮助Watson，IBM的研究人员手动标注了进入它系统的文件，暂时是手工选取文档和源代码。一旦Watson开始掌握一定的概念，并证明了它能够诠释自身，他们就会在美国各地的八所大学学生的帮助下，加快这个过程。在培训的第一阶段，Watson每月将学习高达1.5万份安全文件，连接到各个图书馆和新闻提要，以确保它不会落后。如果任何超级计算机能做到这一点，Watson也可以。

“这是一个真正的突破，”Forrester Research的首席分析师Andras Cser说，“Watson的概率决策人工智能技术远远超过了其他任何厂商。它可以依靠更大规模的数据集命令；使用更快幅度的处理、机器学习算法的命令。”

“我们教Watson在工作中要有点辩论性，”Barlow说，“我们希望它给我们带来一个结论，该结论需基于两点：这紧迫吗？你了解到什么能使这个可行？”

假设它加快速度，今年晚些时候Watson应该会被企业客户有效利用。虽然它旨在确定已经发生的威胁，Barlow认为，其还有预防危险的潜力。一些网络攻击可能需要数天，数周或数月；理想情况下，Watson能够识别长时间攻击的信号，并在中途帮助人们关闭攻击。

这对一台仍然在试图区分动词和名次的超级计算机而言要求太高了，但还是可能的。

“教Watson和教我的孩子之间令人着迷的差异是，”Barlow说，“Watson永远不会忘记。”