Home M3AAWG Blog Balancing AI and Human Contributions for Cybersecurity Analysis
Posted by the M3AAWG Content Manager

By April Lorenzen

The Messaging, Malware, Mobile Anti-Abuse Working Group (M3AAWG) invited April Lorenzen, an Expert Advisor for M3AAWG, to provide a brief overview of her presentation, How AI Enabled Rapid Comparison of Cohorts Within 60,000 Domains in a Hijacked Netblock, that she delivered at M3AAWG's 60th General Meeting in San Francisco, California, this past February. 

Lorenzen’s work highlights the utility of Artificial Intelligence (AI) in cybersecurity data analysis. AI, particularly Large Language Models (LLMs), can efficiently navigate vast datasets and identify potential threats. However, Lorenzen stresses the significance of considering AI as a supplementary tool rather than a complete solution on its own. 

Cybersecurity data analysis often involves navigating through vast datasets to identify potential threats. The application of Artificial Intelligence (AI), especially Large Language Models (LLMs), provides an efficient tool for managing this complexity. However, it's crucial to approach AI as an augmentative tool rather than a standalone solution.

The Utility of AI in Cybersecurity
AI, with its capability to process and analyze extensive data, offers significant advantages in cybersecurity. It can identify patterns and anomalies within datasets, providing insights that might not be immediately apparent. Yet, it's essential to recognize that AI's effectiveness is contingent upon the quality of data and the framing of analytical questions by human experts.

Case Study: Domain Analysis within a Hijacked Netblock
A project that involved analyzing 400,000 domains and discovering nearly 60,000 in a related group within a hijacked netblock. The analysis serves as a practical illustration of AI's utility, as AI tools were instrumental in dissecting this large dataset, facilitating a rapid understanding of the scope and characteristics of domains active in the hijacked IP address space.

Methodology and Insights
The analysis leveraged AI to automate the categorization and examination of domain data, revealing patterns in domain registrations and DNS configurations. These insights are invaluable for understanding cybersecurity threats but underscore the importance of human expertise in guiding the analysis and interpreting results.

AI: A Tool, Not a Replacement
The case study reaffirms AI's role as a powerful tool in the cybersecurity toolkit, capable of enhancing efficiency and uncovering hidden insights. However, it's critical to maintain a balanced perspective, recognizing AI's limitations and the indispensable role of human oversight in ensuring accurate, relevant outcomes.


AI's integration into cybersecurity analysis represents a significant advancement, offering a means to handle large-scale data with greater efficiency. It's a valuable tool, but its application should be guided by careful consideration and human expertise to ensure its responsible and effective use.

Lorenzen is an internet security researcher specializing in the preemptive discovery of miscreant and crimeware resources in the domain name system. In her work as Chief Data Scientist at Zetalytics, she oversees one of the world's most geographically diverse passive DNS systems. She has operated IoC (Indicators of Compromise) security feeds continuously since 2004 and is the primary architect of the free open source data visualization tool "Mal4s.”

Lorenzen is also active in the white hat community as a M3AAWG Expert Advisor and as a Senior Research Fellow for the Anti-Phishing Working Group (APWG). She received the Global Impact award from the Department of Homeland Security S&T Cyber Security Division in 2016 and currently serves as the Principal Investigator for a critical infrastructure supply chain cybersecurity notification research project. She also has been appointed to serve on the Cyber Rhode Island Advisory Committee by the state’s Congressional representative. In 2006, April received an award for Outstanding Support in the Ongoing Battle Against Cyber Crime from the National Cyber Forensics Training Alliance (NCFTA). She is a frequent trainer and speaker at international ISP, law enforcement and security industry conferences.

For those curious to try out the statistical tools developed collaboratively with AI, the frequency distribution analysis and sample data is free online. Request access at domain-pivot.org.

The views expressed in DM3Z are those of the individual authors and do not necessarily reflect M3AAWG policy.