Cybersecurity can be made agile with zero-shot AI

Modern security information and event management and intrusion detection systems leverage ML to correlate network features, identify patterns in data and highlight anomalies corresponding to attacks. Security researchers spend many hours understanding these attacks and trying to classify them into known kinds like port sweep, password guess, teardrop, etc. However, due to the constantly changing attack landscape and the emergence of advanced persistent threats (APTs), hackers are continuously finding new ways to attack systems. A static list of classification of attacks will not be able to adapt to new and novel tactics adopted by adversaries. Also, due to the constant flow of alarms generated by multiple sources in the network, it becomes difficult to distinguish and prioritize particular types of attacks--the classic alarm flooding problem.