AiR, AI-based Detection Model Service
AI assistant service to support quick and accurate
decision-making while detecting cyber security threats
‘AiR’ is an AI detection model service that explains the prediction results and basis of the
Classification · Explainable · Generative AI-based models in natural language.
It is provided in a hybrid form that combines external generative models such as ChatGPT
with Classification and descriptive models based on IGLOO Corporation's own AI capabilities.
-
Needs for AI based
Detection
Model Service -
Can we trust the predictions made by AI
What are the criteria by which AI detects specific security data as abnormal or normal?Why is there no AI service in a more accessible format to
make the AI-based decision-making criteria easier for
security personnel to understand?
-
Key Features
-
‘AiR’ is a ‘hybrid detection model’ service that provides the basis for the AI model’s decision-making on specific security data through the IGLOO detection model, descriptive AI, and generative AI.
Users can evaluate the reliability of AI answers by checking the criteria by which AI model made specific predictions and improve their understanding of AI answers with the given descriptions in natural language.-
1
IGLOO's Classification AI detection model
It is based on a technology that can classify abnormal and normal security-related behavior through AI data learning.
The model, which learns high-quality learning data developed by IGLOO using its own system data, establishes its own decision-making criteria to determine whether there is an attack or not.
-
2
IGLOO's explainable AI model
It is based on a technology that informs what criteria AI uses to detect specific behavior as abnormal or normal.
It describes AI predictions based on algorithms(e.g. SHAP) or existing patterns.
It Identifies the reason why the Classification AI detection model has produced such results on the basis of the importance of attack features that has affected the model’s prediction process.
-
3
Generative AI model
It is based on AI technology that creates new content based on learning about existing content.
It provides descriptions in natural language, determined by ChatGPT based on its own data.
There are plans to link multiple generative AI models and to apply the own generative AI model.
-
-
Advantages
-
Continuous improvement through feedback and prompt engineering
IGLOO Corporation has been enhancing the accuracy of its AI detection model through two-stage feedback and periodic re-learning.
Step 1 : Users judge the accuracy of the predictions made by IGLOO XAI and leave feedback on the results.
Step 2 : IGLOO Corporation's security experts periodically leave feedbacks and check the results.
IGLOO Corporation creates ‘prompts’ optimized for security based on many years of experience in building AI learning data and in operating AI solutions.
- With the prompts, it is possible to increase the accuracy of your answers and to minimize the possibility of incorrect answers.
Online/API format with no installaion and development burden
We provide services in the form of online web pages and application program interfaces (APIs) with no installation and development burden.
-
Expected Effect
-
AiR is a security-specialized AI assistant that integrates IGLOO Corporation’s own AI technologies.
AiR bridges knowledge gaps across security organizations by increasing reliability and understanding of AI-detected attacks, helping to ensure the best action is always implemented quickly.
1Upgrading the security organization's analysis capabilities
By comparing and checking the answers provided by the three AI models, you can increase your organization’s analysis capabilities.
Predictions made by Classification AI detection model
(results produced by the Classification model)Importance of attack characteristics (features) that has influenced the predictions
(results produced by the descriptive model )Results in “natural language” form provided by the generative model.
2Enhancing response efficiency by linking with various security devices
We support integration with our own products and third-party products (SIEM, SOAR, portal, existing data protection products, etc.)
It is possible to improve the playbook creation efficiency and reinforcement effect of SPiDER SOAR.