Automation of Cyberattack Countermeasures Using AI and Machine Learning

Saurav Rana
Oct 19, 2020 · 8 min read


As we are getting more and more dependent on technology, we also expose ourselves to all kinds of online threats.It has now become necessary to adopt countermeasures against cyber-attacks that are becoming more sophisticated as the years pass. Since the first confirmed attack in 2002, targeted attacks have inflicted significant damage in a number of countries around the world. In 2013, a new threat arose with the proliferation of ransomware. Attack methods have become more varied and are now specifically individualized according to targets, while the sophistication of incubation and evidence removal continues to evolve.

To combat these attacks, artificial intelligence (AI) technology is now being utilized for automatic detection of the existence and behavior of malware and is becoming better able to perform this task as it evolves.AI technology that uses machine learning is able to detect malware even subspecies and unknown ones more effectively than conventional methods based on signatures and rules and is now expected to play an important role in protecting against unpredictable and ever more varied attack.

Why AI and Machine Learning

Cyber-attacks are becoming increasingly varied.Here an picture showing the Evolution of cyberattacks according to McAfee.

In 2018 alone, there were 10.5 billion malware attacks. That’s too much volume for humans to handle. Fortunately, machine learning is picking up some slack.

A subset of artificial intelligence, machine learning uses algorithms born of previous datasets and statistical analysis to make assumptions about a computer’s behavior. The computer can then adjust its actions and even perform functions for which it hasn’t been explicitly programmed.

And it’s been a boon to cybersecurity.

There is also another factor to consider. It is unavoidable that the hackers will also use AI technology. To counteract this, AI technology specifically tailored for protection will be necessary.

Everything from detection of vulnerability and commencement of attacks to patch application to prevent attacks much faster than would have been possible conventionally. To cope with attacks at speeds so high they exceed human capability, similarly high-speed countermeasures are required.

AI-driven solutions can learn what normal behavior looks like in order to detect anomalous behavior. For instance, many employees typically access a specific kind of data or only log on at certain times. If an employee’s account starts to show activity outside of these normal parameters, an AI/ML-based solution can detect these anomalies and can inspect or quarantine the affected device or user account until it is determined to be safe or mitigating action can be taken.

If the device is infected with malware or is otherwise acting maliciously, that AI-based tool can also issue automated responses. Making these tactical tasks the responsibility of AI-driven solutions frees security teams to work on more strategic problems, develop threat intelligence or focus on more difficult tasks such as detecting unknown threats.

How will it help

In a business world where customers’ privacy and data protection are vital, such organisations are prone to cyberattacks than any other.Companies need to sharpen the focus on a strong cybersecurity culture and adopt a risk-based approach to security.

Investing in cybersecurity helps companies better address major cybersecurity issues like the impact of a cyberattack, huge financial loss, business disruption, or brand reputation damage.

With its ability to sort through millions of files and identify potentially hazardous ones, machine learning is increasingly being used to uncover threats and automatically squash them before they can wreak havoc.

Software from Microsoft reportedly did just that in early 2018. According to the company, cybercrooks used trojan malware in an attempt “to install malicious cryptocurrency miners on hundreds of thousands of computers.”

The attack was stopped Microsoft’s Windows Defender, a software that employs multiple layers of machine learning to identify and block perceived threats. The crypto-miners were shut down almost as soon as they started digging. There are other examples of Microsoft’s software catching these attacks early.

Source : Microsoft

The use of AI in cybersecurity proves to be essential for organizations that want to better secure their digital assets and stay ahead of threats.With the help of AI, businesses worldwide can better scale their responses to the increasing number of threats and “see” them in advance.


As cyber threats escalate in frequency and sophistication, data protection is a real challenge for companies around the world. Malicious hackers stay abreast of technology changes and take advantage of the potential of automated cyberattacks.

Recovering from security breaches can take a lot of time and money, so companies have started to invest in AI to better detect and automatically block cyber attacks.

  • Better detection of cyberattacks: AI includes two subsets, deep learning, and machine learning algorithms, which use behavioral analysis to better detect anomalies. With the help of these technologies, companies can respond faster to online threats and prevent them from happening in the first place.Depending on the AI system used, it can detect suspicious activity and quickly find errors within your system or network infrastructure.
  • Accurate prediction: AI can also be used to predict security breaches or cyber threats. Based on its algorithms, it can search through the amount of data and make predictions based on how the system is trained.A good example is the biometric authentication solution, which uses artificial intelligence to identify and authenticate people based on unique biological characteristics. The integration of AI technology in biometric systems plays a key role in enhancing methods like facial or iris recognition with a higher level of accuracy.
  • Faster response: AI proves its efficiency in helping organizations to respond faster to the next generation of cyberattacks or combating malware. AI-driven technology can help companies to automate countermeasures to prevent being the victim of a cyberattack and fight against online threats.

A study from the Capgemini Research Institute finds that 69% of companies surveyed acknowledge they can’t respond to cyber threats without using Artificial Intelligence.

  • Save time and money: Every year, ransomware attacks and breaches cost companies millions of dollars to recover and get their business on track.The average time of identifying a security breach by companies is about 196 days, and a lot of things can happen during that period of time. Using an AI solution can help companies save time and money, and improving data protection. It does that through the automation process and constant learning on how to better safeguard network infrastructures in the modern world.

Check out these companies that use machine learning to bolster their cybersecurity systems and keep malware at bay.


The massive French insurance and financial services company AXA IT relies on the cybersecurity firm Darktrace to deal with online threats. And Darktrace relies in part on machine learning to drive its cybersecurity products.

The company’s Enterprise Immune System automatically learns how normal network users behave so it can spot potentially dangerous anomalies. Other software then contains in-progress threats.

We’re not being attacked by human beings anymore,” Yorck Reuber, CTO of AXA IT North Europe, told Darktrace. “Computers are attacking us, software is attacking us. The only way forward is using artificial intelligence.”


Microsoft uses its own cybersecurity platform, Windows Defender Advanced Threat Protection (ATP), for preventative protection, breach detection, automated investigation and response. Windows Defender ATP IS built into Windows 10 devices, automatically updates and employs cloud AI and multiple levels of machine learning algorithms to spot threats.


Chronicle is a cybersecurity company that sprang from Google’s parent company Alphabet. Its first product, Backstory, has been described as “designed for a world where companies generate massive amounts of security telemetry and struggle to hire enough trained analysts to make sense of it.” Backstory analyzes large amounts of security data (such as internal network activity, known bad domains and suspected malware) and uses machine learning to condense it into more easily digestible insights.


Splunk software has a variety of applications, including IT operations, analytics and cybersecurity. It’s designed to identify a client’s current digital weak points, automate breach investigations and respond to malware attacks. Products like Splunk Enterprise Security and Splunk User Behavior Analytics use machine learning to detect threats so they can be quickly eliminated.


Sqrrl’s founders are ex-National Security Agency employees who came together to create a cybersecurity company after crafting the open-source database software Accumulo. Sqrrl has designed a cyber-threat hunting platform that searches through networks to find code that can evade security measures in place. The product uses machine learning to turn data points into a behavior map, which acts as a visual representation of a computer network and shows where threats could be coming in. In January 2018, Amazon acquired Sqrrl for its Amazon Web Services cloud business.

Final Views

AI is changing the game for companies that have already implemented in their technology solutions packed with great benefits.This trend is confirmed by a survey from Gartner that questioned more than 3,000 CIOs and IT leaders about the most disruptive technologies of the moment.

They concluded that “AI is by far the most mentioned technology and takes the spot as the top game-changer technology”. According to the survey, “37 percent responded that they already deployed AI technology or that deployment was in short-term planning”.

Simply put, AI is helping organizations automate the part of their workflow to boost the effectiveness of their cybersecurity programs.

The data backs up this trend: 53% of surveyed companies are using machine learning for cybersecurity purposes, according to the 2019 Cloud Threat Report from Oracle and KPMG.

Sharing his thoughts on the future of cybersecurity, Joshua Davis, Director of Channels at Circadence states that:

The future of cybersecurity is going to include humans working alongside automated assistants, where AI/ML assist in operations. Imagine a day where there is Alexa/Cortana/Google At Home-type tools providing cyber intelligence support going forward.

“AI is going to become more prevalent in security. It’s maturing,” CrowdStrike Founder and CEO George Kurtz said in late 2018.

AI is a feature, not a company. It’s going to play a role in solving a specific problem. But not every problem can be solved with AI.”

“It’s going to be a tool in the toolkit.”

Thanks for reading.

The Startup

Get smarter at building your thing. Join The Startup’s +789K followers.

Sign up for Top 10 Stories

By The Startup

Get smarter at building your thing. Subscribe to receive The Startup's top 10 most read stories — delivered straight into your inbox, once a week. Take a look.

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +789K followers.

Saurav Rana

Written by

When you want to know how things really work, study them when they’re coming apart.

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +789K followers.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store