For a long time, information security has been a war between men but recently it has become a battle between man and machine. The development of artificial intelligence is slowly moving this fight into a new environment: machine versus machine, carefully directed by scientists or hackers. If you were picturing action filled AI vs AI battles, that’s only in Hollywood movies for now, but things can change in a matter of years due to Moore’s Law.
Cyber security threats
A study from 2016 uncovered that information theft is the primary concern of companies. Yet, over half of them (58%) don’t have the necessary systems in place to detect a sophisticated attack, which is explained by the fact that 42% don’t have a threat detection program and 18% have no information security strategy at all.
These numbers look alarming when thinking about the types of attacks being developed. Autonomous malware is constructed using machine learning, and it can infiltrate a system, collect and broadcast data about that system and remain undetected for days. This type of computer threat is called adaptive malware. It is dangerous because it can be trained to act like a soldier: recognize premises, lock on target and wait for the best moment to strike. It becomes even more dangerous when it is not platform-dependent, and it can switch between devices connected to a joint account, like a Google or Apple master account.
As John Barnett highlights, the increasingly large number of interconnected devices created a microenvironment that gathers enough sensitive data about a household or a user to constitute a time-ticking bomb. Just imagine if even your fitness band could be an entry gate into your personal life or a company’s POS could represent a weak point in the network.
The most dangerous threat of handing over security to AI systems is the magnitude of damage that may happen during a breach. While current solutions focus on preventing attacks or patching the harm, in the event of an AI hacking another AI system, the loss would be in a different magnitude class. The explanation resides in the fact that machine learning systems use data to learn. Hacking through such a system gives malware the opportunity to either reverse engineer the path of the original system or even access data.
AI Solutions for Cyber Security
Automation and false positives
Although informatics systems are prone to failure and attacks, they are a necessary help to overwhelmed security engineers. There is a growing shortage of cyber security specialists, and the mix of high-value actions and routine tasks should be divided between man and machine. Computers are expected to automatically perform daily tasks like analyzing network traffic, granting access based on some set of rules and detecting abnormalities, while the cyber security specialists can work on designing algorithms and studying emerging threats.
Removing false positives is also one of the main tasks that require human assistance and one of the reasons why AI is not ready to take over security completely.
Cyber threats have become more and more complex. Just gathering data about attacks like data breaches, malware types, and phishing activity and creating signatures is no longer enough. The new approach is to monitor a wide number of factors and identify patterns of what constitutes normal and abnormal activity, without looking for specific traces of a particular malicious activity, but for spikes or silent moments.
Some companies even pair this with other AI-powered tools including natural language processing to speed up this process. Staying a step ahead of hackers will be increasingly difficult, as predictive analysis can be tricked with randomization.
Learning from nature is effective not only in engineering but in cyber security as well. The body’s immune system is one of the best defensive lines in the living world. AI could be trained to behave like the white cells and antibodies, neutralizing threats that are not according to the known patterns without shutting down the whole system. This approach could be the cure to the adaptive malware previously discussed. The system learns from past experiences and becomes stronger, just like an organism that has been exposed to the diseases, and overcomes it.
Cybersecurity powered by AI is just the natural step in protecting vulnerable data. The race between those aiming to create safe systems and attackers is crossing into new territory, but machines are far away from taking the lead. Currently, both parties are restructuring their data and integrating systems. There are numerous corrective actions necessary from humans. This is a process, composed of multiple layers, not a one-time action. The defining factor remains the education of the humans involved, first as users then as protectors.