Blogs

As the most disruptive and transformative technology at present, artificial intelligence is constantly infiltrating all aspects of social life. At the artificial intelligence sub-forum of the 7th internet Conference (ISC 2019) just past, Zhou Hongyi, chairman and CEO of 360 Group, expressed his views on the use of artificial intelligence in the field of security.

Zhou Hongyi pointed out that in network security offensive and defensive drills, the attacker is called the blue team, and the defender is called the red team. The level of the blue team often determines the quality of the attack and defense drill. “A high-level blue team can help us find a lot of problems. If a low-level blue team comes in and says no problem after attacking for a long time, we haven’t found any loopholes in your system. It may give us an illusion. Can the robot record a lot of attacking experience, so that the robot can at least complete normal level attacks to avoid the problem of low-level blue teams, which is a direction we are focusing on now.” Zhou Hongyi Speaking of.

In the era of cyber warfare, the difficulty of attacking is much lower than that of defending. A system may have a hundred weaknesses. For example, when your attack target is a website, scan it several times to see if some ports are open or not, and see if there are common vulnerabilities, and then you can make a normal level of artificial intelligence. The intelligent attacking blue team can then test the attack against the system. Zhou Hongyi believes that this is a feasible application of artificial intelligence in the attacker, but the application in defense is still relatively difficult. For example, the network security brain made by 360 today collects the behavioral big data of many network security programs through various probes. In the vast sea of ​​data, artificial intelligence can help us find some associations or suspicious clues. But at this stage, whether these doubts are a real attack or not, it still needs to be judged by high-level security experts.

“When we study the combination of artificial intelligence and security, the definition can be broader. I think in the future, human-machine collaboration, including multi-person collaboration, and machines will play a certain auxiliary role in the middle, which is also considered artificial intelligence. As long as the attack and defense continue The essence of network security is always the confrontation between people. Artificial intelligence should assist network security companies and better help us to do a good job in the confrontation between people and people.” Zhou Hongyi concluded.