AI Decision Models in Cyber Security

by | Jan 19, 2021 | AI in Automated Pen Test

RidgeBot, from Ridge Security, combines AI technology with the latest ethical hacking techniques to deliver and automate penetration testing. When it comes to which attack path to choose and what payload systems to call upon during a pen-test task, RidgeBot offers multiple AI decision models. For beginners and for initial tests, we recommend “Intelligent Decision.” As IT teams become more familiar with the decision models as well as targets in their test environment, they can fine tune the testing with different models.

Decision ModelAttributes
Intelligent Decision  This decision support system makes extensive use of RidgeBot’s AI techniques and behaves similarly to a human consultant by gathering and analyzing evidence, and identifying, diagnosing, and remediating risks. This model is selected by default. Based on real time data collected from the targets, RidgeBot will automatically make an intelligent decision and choose the appropriate AI model for the task.  
Negative Binomial (NB)   An NB Model is very effective and typically used for predicting count-based data. Count based data contains events that occur at a certain rate; for example, how many Soft Serve Cones McDonalds sells hourly, or how many pings a server host gets by the hour. The rate of occurrence may change over time or from observation to observation. With this in mind, the NB model is suitable for attacks toward a single target (for example: a single IP, or a single domain name), where there is no interaction from other targets.  

Performance: The NB model is fast, with a limited scope of reasoning.  
Markov Decision Process (MDP)   MDP provides a framework for situations where outcomes are in part, random and, in part controlled by a decision maker. The MDP Model is suitable for a scenario with a large volume of targets and data.  

Performance: Its scope of reasoning is more comprehensive, but with it comes a lot of resource consumption.    
Expert Model  Expert systems in decision models emulate the decision-making ability of a human expert and are designed to solve complex problems through access to a knowledge base. In this model, decisions are made based on RidgeBot’s Expert Knowledge function.  

Performance: This decision model works very well for known attack scenarios but is not ideal for unknown scenarios.  
NB + Expert Model  The system will first apply the Expert Model first for known scenarios, then call on the NB model to pre-process unknown scenarios.  

Performance: This option is idea for single-target attacks.  
MDP+ Expert ModelThe system will first apply the Expert Model for known scenarios, then call on the MDP model to pre-process unknown scenarios.  

Performance: This option is ideal for multi-targets attacks.