How AI is shaping the cybersecurity arms race
(THE CONVERSATION) The average business receives 10,000 alerts every day from the various software tools they use to monitor for intruders, malware, and other threats. Cybersecurity personnel often find themselves overwhelmed with data that they must sort through to manage their cyber defenses.
The stakes are high. Cyberattacks are on the rise, affecting thousands of organizations and millions of people in the United States alone.
These challenges underscore the need to find better ways to stem the tide of cyber breaches. Artificial intelligence is particularly well suited to finding patterns in huge amounts of data. As a researcher who studies AI and cybersecurity, I find that AI is becoming an indispensable tool in the cybersecurity toolkit.
AI enhances cybersecurity in two main ways. First, AI can help automate many tasks that a human analyst would often handle manually. These include automatic detection of workstations, servers, code repositories, and other unknown hardware and software on a network. It can also determine the best way to allocate security defenses. These are data-intensive tasks, and AI has the potential to sift through terabytes of data much more efficiently than a human ever could.
Second, AI can help detect patterns in large amounts of data that human analysts cannot see. For example, AI could detect the main language patterns of hackers posting emerging threats on the dark web and alert analysts.
Specifically, AI-based scans can help discern the jargon and code words that hackers are developing to refer to their new tools, techniques, and procedures. An example uses the name Mirai to mean botnet. Hackers developed the term to hide the topic of the botnet from law enforcement and cyber threat intelligence professionals.
AI has already had some initial successes in the field of cybersecurity. Increasingly, companies such as FireEye, Microsoft and Google are developing innovative AI approaches to detect malware, thwart phishing campaigns and monitor the spread of misinformation. A notable success is Microsoft’s Cyber Signals program which uses AI to analyze 24 trillion security signals, 40 nation-state groups and 140 hacker groups to produce cyber threat intelligence for security executives. C level.
Federal funding agencies such as the Department of Defense and the National Science Foundation recognize the potential of AI for cybersecurity and have invested tens of millions of dollars to develop advanced AI tools to extract information from data generated from the dark web and open source software platforms. such as GitHub, a global software development code repository where hackers can also share code.
Disadvantages of AI
Despite the significant benefits of AI for cybersecurity, cybersecurity professionals have questions and concerns about the role of AI. Companies might consider replacing their human analysts with AI systems, but might be concerned about the trust they can place in automated systems. It is also unclear if and how the well-documented AI issues of bias, fairness, transparency, and ethics will emerge in AI-based cybersecurity systems.
Moreover, AI is useful not only for cybersecurity professionals trying to turn the tide against cyberattacks, but also for malicious hackers. Attackers use methods such as reinforcement learning and generative adversarial networks, which generate new content or software based on limited examples, to produce new types of cyber attacks that can evade cyber defenses.
Researchers and cybersecurity professionals are still learning all the ways malicious hackers use AI.
The road ahead
Going forward, there is significant growth room for AI in cybersecurity. In particular, the predictions that AI systems make based on the patterns they identify will help analysts respond to emerging threats. AI is an intriguing tool that could help stem the tide of cyberattacks and, with careful cultivation, could become an indispensable tool for the next generation of cybersecurity professionals.
However, the current pace of AI innovation indicates that fully automated cyber battles between AI attackers and defenders are likely years away.