- 04 June | MGP Strategy Series | GS Paper 4 (Ethics) with AIR 7 A.R. Rajah Mohaideen Click Here to register for the session →
- 04 June | GS Advance Program begins from 4th June 2026 | First 2 classes open to all Click Here to register for the event →
- 05 June | MGP Strategy Series | GS Paper 3 Strategy Session with AIR 406 Mannat Luthra Click Here to register for the session
- 06 June | Open Orientation on Essay Guidance Program (EGP 2026) Click Here to register →
- 07 June | Open Orientation for Current Affairs for Mains 2026 Click Here to register →
- 07 June | Sociology Optional Strategy Session with AIR 10 Ujjwal Priyank Click Here to register →
Contents
Synopsis: Zero shot AI model can help to develop a robust and adaptive cybersecurity defence against new attacks.
What makes AI a reliable tool in cybersecurity?
The ability to learn from large volumes of data and find patterns of abnormal behaviour makes AI and particularly machine learning (ML) attractive in cybersecurity.
ML algorithms can be used to find anomalies in different parts of the enterprise like application logs, network flows, user activities and authentication logs.
As enterprises adopt models like zero-trust, augmenting these with ML algorithms to monitor user behaviour patterns becomes critical.
How Zero shot AI is better than traditional systems?
Traditional supervised approach: The traditional approach to applying ML is supervised, where data points are used to train models to make predictions. While this is useful, these models can only learn from previously known attacks. So, a human would need to annotate the network flow for the attack data and feed it to build the model.
Unsupervised approach: The other approach becoming popular is unsupervised, where models learn to observe “normal” behaviour and flag any anomalies. This approach can highlight unknown attack patterns but only provide anomaly information to the security analyst.
One approach to tackle this is an upcoming research area in AI/ML called Explainable AI (XAI). Here, the models are either redesigned or enhanced to provide an explanation along with the prediction. So, when the model predicts an anomaly, it will also mention which feature values made it make that decision.
For example, let’s take an ML model that monitors network traffic in an office network. Say, it flags a data transmission above 100MB happening from a network computer to a Google drive account as an anomaly.
If we show the security operation centre analyst additional parameters that made us flag this as anomaly, like size of data files and destination domain, this information can save the analyst valuable time in classifying this as a data exfiltration attack.
The system can further take feedback from the analyst and start auto-labelling new such attacks as data exfiltration.
What are its advantages?
Zero-shot learning can save hours of valuable time spent by analysts in searching.
Potential enough to detect new and novel tactics adopted by hackers.
XAI and zero-shot learning can be applied to different areas of a cybersecurity ecosystem.
Source: This post is based on the article “Cybersecurity can be made agile with zero-shot AI” published in Livemint on 14th Sep 2021.
Terms to know:
