Dangers and benefits of AI in cybersecurity

1. Benefits of AI in cyber


It is no longer a question of if the company will be attacked, but when the occurrence will occur.

We are becoming aware of the immense challenge of fighting cyber-attacks. This is where artificial intelligence (AI) comes in and with it, new forms of digital protection. Artificial intelligence has immense potential in the fight against cyber risk because it can analyse large numbers of files at regular intervals to reveal potential risks. Artificial intelligence in cybersecurity is constantly learning and improving security processes. From the data gathered from previous cyber-attacks, it identifies new threats.


In security, AI can identify and prioritize risks, quickly detect malware on a network, adequately propose a solution to incidents and detect intrusions before they occur.

The quality of the diagnosis but also the speed of response following an attack on an organization's information systems. Among all the possible applications, we find an interest in the contribution of AI in the following areas:


- Automated threat detection:


AI can detect network attacks, malware intrusions and other cyber threats to stop the progression of the attack as quickly as possible and thus avoid its propagation in the information systems of an organization before any real damage is caused, including among its partners whether they are customers or suppliers. The AI needs only a few seconds or minutes to analyse the relationships between threats such as malicious files, suspicious IP addresses or internal threats. AI immediately and autonomously (i.e., without human involvement) generates a defensive patch once an attack has been identified. Machine learning algorithms detect situations that are out of a normalized context or system performance anomalies that may indicate a security breach.

Cyber data analysis and machine learning: AI is also used to analyse data in order to build models and thus allow for the early identification of flaws in an organization's cyber risk management. AI assesses the system quickly, multiplying the ability to solve problems. It identifies weak points in the security network.


- Detect anomalies in data flow:


Securing data while working on thousands of pages is an impossible mission for a human. AI systems can detect anomalies in the data flow in information systems allowing to analyse patterns to find similarities or differences on the current actions.

This approach can make it easier to detect anomalous behavior before it becomes malicious activity (e.g., someone trying to access confidential information without proper authorization)

Secure Software Development: The need for more sophisticated tools and technologies is becoming a key issue due to the increasing number of cyber-attacks. AI enables more secure software by providing developers with real-time feedback on whether their code is closed or not.


- Securing authentication:


Depending on the application, it is necessary to have a user login. AI makes the authentication process more secure by using the physical recognition technique. It relies on certain elements to recognize an individual like facial recognition, fingerprint scanning, among other recognition techniques. Then, the AI uses the key pieces of information gathered in real time and detects whether the connection is authentic or not.


- Global security:


As the threats facing enterprise networks are constantly evolving, cybercriminals are changing their approaches and other tactics to infiltrate an organization's security network. The AI deployed on the network will help to counter these attacks in the best possible way, especially if there are different attacks at the same time, such as phishing attacks, ransomware or even denial of service attacks.


After reading all these elements, we can see the interest that the use of Artificial Intelligence can represent in the fight against cyber offenders. Indeed, analysing large volumes of data, identifying polymorphic malware, spotting unusual behavior or drastically reducing response times are all situations that Artificial Intelligence can handle with formidable efficiency. Some commentators are surprised by the irruption of AI in the protection of information systems. However, this is not a new element in the IT environment of organizations. For a few years now, companies' information systems protection procedures have already integrated AI applications in antivirus software, antimalware, firewalls, or even antispam software such as Google, which filters spam in Gmail using Deep Learning technologies.


The cloud is not the solution to fight against cyber-attacks. By using the cloud to back up their data, most companies thought they were protected against cyberattacks.

First, with the Covid 19 crisis (there it is again...), cloud adoption in organizations has accelerated significantly. But as new cloud environments and services are deployed, thousands of identity-based permissions are created - many of which are ignored. This is leading to a de facto increase in the level of cyber threat. Attackers are able to detect hidden, misconfigured, or unused cloud permissions to enhance cloud-based identity processes. Cyber offenders then seek to hijack all the computing power the cloud can offer for their own benefit (e.g., cryptocurrency mining).


Furthermore, there are still too many failures to secure the data contained in the cloud, as revealed by a Palo Alto Networks study that reported how easy it was to access some 2,100 unsecured cloud instances in 2020-2021.

Finally, the Cloud can also be a source of constraints and difficulties when users do not have complete control over the infrastructure and are therefore dependent on the service provider. Moreover, it can be observed that all too often the terms of responsibility sharing are still very opaque, with too many difficulties in intervention, investigation, detection and remediation of problems. We can also mention the location of data abroad, which can have consequences for data protection and sovereignty.


- What developments can we expect thanks to AI?


In its current state of development, AI offers the possibility of analysing the Meta Datas of network flows within adapted infrastructures. This makes it possible to provide robots with solutions that will intervene in an automated way without any human being able to intervene. Thanks to deep learning and machine learning technologies, an Artificial Intelligence can manage three to four times more data than traditional surveillance hard drives, retain a significant volume of data over time and adapt to situations with different sources of information, whether it is written, audio or video data.


This is why AI has become indispensable. To do without it today, you would need several dozen people dedicated to cybersecurity in every company with a level of security knowledge equivalent to a Security Operation Center (SOC). This is simply impossible.


- Conclusion:


Cybersecurity remains a complex issue, but AI can be a powerful tool to help protect against cyberattacks.

Technologies are at the origin of most of the major innovations made in cyber defence in the last few years and they allow to establish interesting bridges in the human-machine collaboration, thus widening our knowledge, which makes cybersecurity progress in companies. At the same time, they have allowed cyber attackers to develop new forms of intelligent and automated attacks.


As always in these situations, the attackers are one step ahead of the defenders. The techniques used by hackers are becoming increasingly sophisticated. It is becoming urgent for defenders to take initiatives to improve environments, tools, processes, application domains to regain the advantage.  The AI war is probably just beginning.


2. Risks linked to the progress of AI?


Ex: VALL-E is an artificial intelligence that can synthesize your voice and even reproduce its emotions.  A team of researchers from Microsoft has launched VALL-E, a new artificial intelligence (AI) capable of synthesizing your voice. This model is not yet available to the general public but is already raising questions about the ethics and danger of the project.


But AI has also increased cyber-attacks in both senses of the word. On the one hand, the number of attacks on AI techniques and algorithms has increased, and on the other hand, these cyber-attacks have themselves increased in the sense that they are much more sophisticated.


These AI "doped" attacks according to Avast's CEO started to appear as early as 2019 and have since been massively adopted by hackers because the technologies are accessible and available. Moreover, these cyberattacks are not limited to simple viruses, but also incorporate social engineering and phishing schemes.


- How can cybercriminals use AI?


Data poisoning is probably the most well-known and simplest attack on AI algorithms. In particular, cyber attackers can manipulate the datasets used to train the AI; make small changes to the parameters; develop carefully crafted scenarios to avoid raising suspicion while gradually steering the AI in the desired direction.  


If cybercriminals do not have access to data, they can also resort to evasion. This technique involves playing with the application's input data to obtain a different decision than would normally be expected. An attacker can, for example, change the data points of a face to fool a facial recognition application.


- System and network attacks


Cyber attackers can also use artificial intelligence technologies to create intelligent malware. These are capable of autonomously propagating across a network or system until they reach the target defined by the hackers.

In 2021, cybersecurity researchers also proved that it is possible to embed malicious code in an artificial intelligence neural network. The team of specialists embedded 36.9 MB of malware in a 178 MB model for the artificial intelligence AlexNet (an image detection AI). This attack led to a loss of accuracy of 1% and the intrusion was not detected by antivirus systems.


AI also allows hackers to automatically generate false information (or "deepfakes"). These can then lend credibility to phishing attempts and other social engineering methods with, for example, fake videos are almost undetectable. They allow attackers to impersonate a person in order to request access to secure data, for example, personalized and automated messages.


Machine learning allows AI to learn about users' daily activities and thus consider unusual behavior as anomalies. Then, AI systems can be set up to immediately lock out suspicious user accounts or instantly alert system administrators.


- Integrating AI into antivirus software


AI-enhanced antivirus software is able to identify anomalies on a network or system by detecting programs that exhibit unusual behavior. These "AI-enhanced antiviruses" also leverage machine learning tactics to understand how "legitimate" programs interact with IT.


Once a malicious program is introduced to a network, the antivirus can immediately neutralize it by preventing it from accessing resources and data. These antivirus programs no longer rely solely on a signature database but can detect new threats by themselves.


- Automated analysis tools


Automated analysis of network or system data allows for continuous monitoring with rapid detection of intrusion attempts.

This continuous analysis is a major reason for the use of AI in enterprise cybersecurity.

In fact, according to the Capgemini Research Institute, 69% of companies believe that AI is vital for security, as the increasing number of cyberattacks renders traditional cybersecurity methods ineffective. Security expert teams are overwhelmed by the volume of threats, and the shortage of cybersecurity profiles is increasing companies' vulnerability.


- Intelligent phishing detection tools


Email is the preferred method of communication for cybercriminals to send phishing. A study by Symantec indicates that 54.6% of emails received are spam and may contain malicious attachments or links.


AI emails also known as anti-phishing emails use machine learning and anomaly detection techniques to identify suspicious activity across all sender features. They can also better analyse attachments, links, message bodies, etc.


Artificial intelligence is not a danger as such, but a double-edged sword that can be used both as a security solution and as a means to increase cyber-attacks. The difference again is likely to be at the human level. Faced with cybercriminals who organize themselves into sprawling networks like "Emotet", companies are struggling to find cybersecurity experts to deal with them. Information allows to improve phishing mails; personal data: AI can be used to create or generate false evidence and then send automated threatening and blackmail messages; fake articles: hackers can use machine learning to make the AI write propaganda articles based on the content and data they provide.

However, while AI is full of resources and features that can be exploited by cybercriminals, these same tools can be used by cybersecurity experts.


General conclusion: AI for cybersecurity in the future?


Artificial intelligence has immense potential in cybersecurity. Indeed, if properly harnessed, AI systems can automatically prevent threats, protect sensitive data and identify new types of malwares. Here are some major applications of AI in cybersecurity. Ex: User behavior modelling: companies are using AI to monitor and model system user behavior. Their objective is to monitor the interactions between IT and its users and to immediately detect takeover attacks or possible information theft by malicious employees…


If you prefer to listen to this content, please check the latest episode  of the FEBIS Podcast.



Source: Sandrine Richard

Write a comment

Comments: 0