Modeling how biological viruses infect and spread across environments, this type of deep learning may improve how cybersecurity solutions work.

With the COVID-19 pandemic deeply etched in our minds, most of us have probably become well-acquainted with terms such as R₀   (pronounced R nought, the number of people that an infected person can spread the virus to), epidemiology (the study of how a disease spreads in populations over time), Host and super spreader.

Notwithstanding the fact that the SARS-CoV-2 coronavirus has confounded most epidemiologists, virologists, vaccinologists and healthcare experts repeatedly, the study of how a virus infects hosts, gets distributed to other people in an environment, and how it can be contained, is critical to the quick management of an outbreak. Now, imagine this same principle being applied to the outbreak of a digital virus: that is what BT (formerly British Telecom) has done in researching AI-based cybersecurity. Using the spread of viruses in human populations as a model to inform AI algorithms, the firm’s researchers are testing their prototype Eagle-i platform featuring the capability called “Inflame”.

Tackling infection and inflammation

Using the disciplines of epidemiology, the solution has been developed to understand how computer viruses and cyberattacks spread across enterprise networks, and how to prevent them from happening.

To develop the technology, security researchers at the BT Labs in Suffolk, UK, built models of enterprise networks to test numerous scenarios based on different R rates of cyber-infection. This testing enabled the research team to understand how a digital virus can penetrate and compromise (i.e., inflame) other networks or parts of the network. In doing do, the AI can then be informed by ‘deep reinforcement learning’ to develop the optimal automated responses needed to contain and prevent the spread of viruses.

These responses are also underpinned by ‘attack lifecycle’ modeling, which assesses real-time security alerts against established patterns to understand the current stage of an ongoing cyberattack. This insight is used to predict the next stages of an attack and rapidly identify the best response to prevent it from progressing any further.

Said the firm’s Chief Technology Officer, Howard Watson: “Enterprises now need to look to new cybersecurity solutions that can understand the risk and consequence of an attack, and quickly respond before it’s too late. Epidemiological testing has played a vital role in curbing the spread of infection during the pandemic, and ‘Inflame’ uses the same principles to understand how current and future digital viruses spread through networks. Inflame will play a key role in how BT’s Eagle-i platform automatically predicts and identifies cyber-attacks before they impact, protecting customers’ operations and reputation.”

The firm recently bought into Safe Security and partnered McAfee, Palo Alto Networks and Fortinet to develop what it considers a market opportunity in cybersecurity.