Data-driven cybersecurity
The availability of a large amount of data facilitates the spreading of a data-driven culture in which data are used and analyzed to support decision-making. This is also true for the cybersecurity environment in which the increasing number of threats appearing over time and related public data caused a “paradigm shift in understanding and defending against the evolving cyber attacks, from primarily reactive detection toward proactive prediction”.
Conventional data analysis approaches cannot address the complexity of the new threats and the velocity with which they are generated and spread throughout the Internet: more flexible and efficient mechanisms are needed. Artificial Intelligence (AI) systems based on Machine Learning (ML) tools and exploiting the power provided by big data architectures seem promising solutions to detect and mitigate many of the novel cybersecurity attacks. They can analyze large volumes of data, identify anomalies and suspicious behavior and investigate threats by correlating many data points. Techniques such as regression, classification, and clustering are already used to identify network threats, detect software vulnerabilities, monitor email, and design advanced antivirus applications.