How AI Takes Cybersecurity to the Next Level

This article is featured in the new DZone Guide to Security: Defending Your Code. Get your free copy for more insightful articles, industry statistics, and more!

In April 2018, a social media giant had to notify nearly 90 million users that their personal data might have been "improperly shared." It was a colossal security breach.

In October 2017, tens of thousands of harmless cameras were used to produce a massive distributed denial-of-service (DDoS) attack that dramatically decreased websites' function or even took them down by sending them billions of requests. Among the renowned companies involved were Amazon, Netflix, and Twitter."

Cybercrime is the greatest threat to every company in the world." —Ginni Rometty, CEO, IBM

Back in 2016, there was a new malware every 4.6 seconds — in 2017, this evolved to 4.2 seconds. Symantec reports that 1 in the 13 URLs that they analyzed were malicious in 2017, while this number was 1 in 20 in 2016. Cybersecurity Venture predicts that cyber criminality will cost the world $6 trillion annually by 2021, which will make it "more profitable than the global trade of all major illegal drugs combined."

From a global perspective, the IT market that covers every aspect of cybersecurity is estimated to reach $170 billion by 2020 — more than twice the 2015 number.

Companies typically take 100-200 days to detect a data breach. Imagine the extent of the effects in terms of compromising, stealing, spying, and vandalizing that could be operated in that timeframe, causing total damages costs to grow to historic heights. That's why more investment is needed in security tools to help companies understand, anticipate, detect, and fight cyber attacks. All of this culminates to Warren Buffett's claims that cyber attacks are the biggest threat to humanity.

What Are Cyber Threats?

Cybercriminals are leveraging technology components including networks, operating systems, and hardware to operate malevolent code and algorithms for the purposes of breaking into company systems and data — possibly to compromise the business, steal money, hold the company ransom, or threaten the business.

We can group cybercrime into three main categories:

1. Infractions that threaten data integrity, including hacking, breaches of automated data processing systems, unauthorized processing of personal data, and credit card fraud.
2. Infractions using information system contents for malicious purposes like child pornography, incitement to terrorism, and racism.
3. Infractions facilitated by information and communication technologies, e.g. online scams, money laundering, online fraud, and ransoming.

Additionally, the term "cyber attack" covers a variety of other categories, including:

• System infiltration
• Identity or intellectual property theft
• Unauthorized access
• Fraud
• Extortion
• Distributed denial-of-service attacks (DDoS)
• Viruses, phishing, spamming, spyware, trojans, etc.

When cyber criminality appeared at the end of the 90s, it was mainly about violating privacy or confidentiality. Nowadays, cyber pirates make up organizations that might even be supported by some governments. Far from bored teenagers surrendering to the sheer pleasure of cyber vandalism, cybercriminals, hacktivists, and even nation states are now seriously threatening to extort money at the international level.

See, for example, the massive computer attack WannaCry that hit300,000+ computers in 150 countries in May 2017. The purpose of this virus was to take personal data hostage by encrypting data and making the data inaccessible. The victims who didn't have backups faced two choices: pay the ransom in Bitcoins for decryption or lose their data.

Market Analysis and Importance

In their Predictions 2018: Cybersecurity report, Forrester set the stage for the international security situation. They predicted that companies will have to cope with four major trends:

1. Geopolitical tension
2. Ubiquitous connectivity
3. Digital transformation initiatives
4. The continuing shift toward the data economy.

According to them, all these phenomena have given rise to global cybersecurity concerns.

The IDC forecasts that worldwide spending on hardware, software, and services aimed at security will reach $120 billion in 2021 (it was $83.5 billion in 2017).

Exploring security and risk management trends for 2018, Gartner spotlights some dominant tendencies including:

• Awareness: Business leaders are starting to fully recognize the financial risk that cyber threats place on them and are now taking a closer look at their security strategies.
• Regulation: To minimize risks, companies are increasingly complying with regulations. They are embracing security policies not only as a way to protect their assets but also as a business differentiator.
• Cloud: By developing an enterprise cloud strategy, companies are establishing increased guidance strategies that allow for better requirement analysis, more sophisticated architectural planning, and more flexible risk acceptance processes.

The Scope of Cybersecurity

Part of the cybercrime problem is that technological innovations and developments — such as the cloud, IoT, mobile networks, smart objects, autonomous devices, and sensors — are weakening the security of companies that are typically already inadequately protected (even big guys such as Facebook or Sony Pictures, for example) by opening wide access to their data and systems.

Cybercriminals implement social and technical engineering that benefit from both human and IT infrastructure weaknesses to steal sensitive data for commercial espionage and to ransom individuals.

"We cannot escape the immutable fact that humans and machines complement each other."— Peter Firstbrook, Research Vice President, Gartner

Although the list of threats is wide and is rapidly changing, some risks are spectacular according to different perspectives — outstanding technical ingenuity, an impressive amount of victims, wide geographic spread, or dramatic data or money volumes involved.

Let's see two examples.

1. RANSOMWARE:
   The principle of ransoming, as the name suggests, is to proceed to extortion. Pirates use encryption methods to block critical data or to lock or compromise entire IT systems in order to extort money. Without going into the technicalities of it, the pirates get into targeted systems via email links, social network messages, and malicious software such as worms or trojans.
   There are loads of means to protect yourself from threats of this kind, including backing up data on a regular basis, configuring firewalls properly, providing collaborators with training programs, leveraging up-to-date cybersecurity technologies, or conducting recurring intrusion tests and vulnerability assessments.
2. DDOS:
   A DDoS attack is a type of denial-of-service attack where a compromised network of systems is used to target a single system, application, or network so that it can be made unavailable to the intended user. The principle is pretty simple. A web server is overwhelmed with illegitimate requests from a single system, causing the server to crash or slow down. As a result, legitimate requests are not processed by the web server, which prevents authorized users from accessing a website or computer.
   They can be basically divided into three categories:
   1. Volume-based attacks: Flooding the bandwidth of a targeted site.
   2. Protocol attacks: Exploiting server resources or intermediate communications equipment (e.g. load balancers and firewalls).
   3. Application layer attacks: Overexerting specific functions in order to disable them.

To evaluate the business impact (from the victim's perspective) of a DDoS attack, we should take into consideration that up to 50% of these attacks last less than 24 hours. With an estimated cost of $40,000/hour, an ordinary attack would cost about $500,000. And let's keep in mind that costs are not just a matter of money directly stated; attacks might also cost the company organization, reliability, and reputation.

The Weaponization of AI

Unfortunately, it is feared that even though security firms are using machine learning, neural networks, advanced analytics, and AI technologies to prevent, anticipate, and fight cyber attacks, there is a real danger that hackers will also use these technologies to engage in the AI-driven arms race.

In February, the University of Oxford and University of Cambridge team voiced their concerns that cyber pirates could use AI tools to take control of autonomous vehicles and turn them into weapons.

"In cybersecurity, AI can automatically identify potentially malicious software behavior, attack vectors, and related anomalies in real-time, allowing a continuously adaptive defense mechanism to identify and shut down intrusions faster and easier than ever before."— Chris Ganje, CEO, Amplyfi

AI Takes Cybersecurity to the Next Level

Just like predictive analytics, cybersecurity will derive the maximum possible benefit from artificial intelligence. Companies can't afford to rely only on their manpower and human knowledge to resist the growing flood of cyber attacks. Companies are needing to spend more time on security, and staying up-to-date with the evolving technologies and methods is becoming difficult.

The risk, then, is that cyber pirates will increasingly compromise companies and individuals. AI can help save time, increase production efficiency, and improve processes to fight against cyber attacks.

A Ponemon Institute study found that human supervision will remain a requirement, though they did establish some key findings demonstrating the value of AI. AI could:

• Help cut costs
• Minimize data breaches
• Improve productivity
• Provide deeper security
• Support identification and authentication technologies
• Help identify application security vulnerabilities
• Save investigation and detection time

Especially with respect to reliability and time gains, AI brings genuine added value in domains such as:

• Organizing cyber strategy approaches
• Capturing actionable intelligence
• Investigating and detecting application vulnerabilities
• Investigating actionable intelligence
• Cleaning and fixing damaged/infected networks, applications, and devices

Security companies are leveraging the value that machine learning could bring to security tools for various industries. For example, MLhelps break down the complexity of automating complex processes for detecting attacks and reacting to breaches. The challenge now is to deliver tangible results in processes including detection, analysis, and anticipation of attacks — to be highly reactive or responsive or, even better, proactive. While traditional computing requires some knowledge of the attack characteristics, machine learning implements technological resources that can discover, adapt, learn, and improve themselves to identify and counter attacks.

Automation, machine learning, and AI are empowering the combination of human and technical methods engaged in cyber defense. Harnessing the real potential of artificial intelligence implies that the methodologies and tools with which we address security challenges must be reassessed.

Cybercriminals are mainly taking advantage of software, network, and infrastructure weaknesses. AI-based security tools should be able to search out and fix these flaws and vulnerabilities. Also, they should be designed to defend against incoming attacks when a breach is opened in a targeted system.

MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) and the machine learning startup PatternEx are working on the predictive perspective of cyber defense. They have developed AI2, an artificial intelligence platform aiming to predict cyberattacks far better than current systems by incorporating input from human experts in a continuous stream. They designed Active ContextualModeling, a continuous loop of feedback between the human analyst and AI system. It has a recall rate of over 85%. This unique combination of machine learning modeling and human expertise enrichment is 10x more efficient than learning-only solutions.

Conclusion

According to Symantec, up to 980 million people across 20 countries were affected by cybercrime in 2017. Victims of cybercrime lost a total of $172 billion. Cyber criminality is very lucrative. Nicole Eagan, CEO of cybersecurity firm Darktrace, points out that although we are in the early stages of hackers using AI themselves as offensive tools, that day will eventually come.

But thankfully, today, the biggest companies in the cyber defense field are always right there at the forefront when it comes to efficiency, technology, and innovation.

This article is featured in the new DZone Guide to Security: Defending Your Code. Get your free copy for more insightful articles, industry statistics, and more!