AI and the Future of Cybersecurity

September 10, 2018 – Today I feature a guest posting from Roy Rasmussen. This is the eighth time Roy has written for 21stcentech.com. In previous postings, he has covered voice control systems, medical manufacturing, robotics, 3D printing, drones, and many other pertinent subjects. Roy is the co-author of Publishing for Publicity. When I receive a guest posting by editor hat goes on and I review each submission for content accuracy, citation sourcing, and readability. So if your game like Roy, and have the gift for writing about advances in science in technology in the 21st century, I’d be happy to welcome your contribution.

Artificial Intelligence (AI) is making its way into almost every aspect of our digital world including cybersecurity. With both cybercriminals and security professionals increasingly employing it, organizations are relying more and more on AI tools to deal with data vulnerabilities.

In a recent survey done by Cisco, the networking Internet giant, it noted that automated security tools are now being used by 39% of Chief Information Security Officers (CISO). In the same survey, CISOs reported that 34% used machine learning, while 32% stated they were relying heavily on AI in addressing data security, to detect malware intrusions by cyber thieves using encryption to defeat traditional security tools.

Here is a look at three ways both the CISOs and cybercriminals are using AI in a growing cybersecurity war.

Improving Cyberattack Efficiency

While cybersecurity experts are optimistic about the potential of AI to provide protection, they are equally concerned that criminals can exploit AI for malicious purposes. CISOs state that cybercriminals already possess the capability to penetrate corporate defenses.

For example, security firm ZeroFOX recently demonstrated that AI bots are better than their human counterparts at getting users to click on phishing links. In a recent experiment, in two hours an AI bot composed malicious tweets six times faster than human test subjects, with conversion rates of 33.6% compared to 24.5% for manual attackers. After two days of machine learning, the AI attacker saw its conversion rates rise to as high as 66%. This is a frightening statistic and shows that AIm composing automated phishing messages as demonstrated here, can make cyberattacks quite efficient. In addition, it can automatically mine online data for identity theft, monitor intercepted emails and social media messages for sensitive information, and customize phishing messages to target individual users. It can also automatically scan systems for vulnerabilities, as well as optimize malware effectiveness.

Automating Attack Pattern Identification

Fortunately, security experts are also developing ways to use AI to thwart cyber attacks. Here are two examples, one from Alphabet and the second from IBM.

Alphabet, Google’s parent, recently announced the launch of Chronicle, a security service that uses machine learning to improve malware threat detection. Chronicle has VirusTotal, a tool that analyzes a sample file from a user against a database compiled from dozens of antivirus engines and blacklisting services in order to identify threats. It also uses machine learning to distinguish genuine malware from false positives, a perennial challenge for security software.

IBM is going one step beyond Alphabet in lending its Watson machine learning platform to malware threat detection. The Watson Cyber Security project is partnering with eight major universities to pool an enormous library of security information, spanning 20 years of research, eight million attacks, and 100,000 documented vulnerabilities, along with information published in 10,000 research papers a year and 60,000 security blogs. By using Watson’s capability to sort through all of this information, IBM aims to not only identify attack patterns but distill best defense methods to apply, all from the collective knowledge of these many expert sources.

Scanning the Dark Web for Identity Theft Threats

AI is also improving cybersecurity by making it easier to track identity theft on the Dark Web, the part of the Internet that is invisible to standard search engines. Cyber thieves use the Dark Web to trade stolen social security numbers, credit card accounts, bank accounts, and other sensitive information. And because the activity is not indexed by standard search engines, it easily goes under the radar.

AI is being used to tackle the Dark Web by automatically tracking suspicious activity. Identity theft protection services can then use this revealed information to provide customers with an early warning system that their data has potentially been compromised. Security provider Recorded Future is even using AI to find out when criminals are discussing planned attacks on the Dark Web so that preemptive steps can be taken.

AI is being used as well by the cybercriminals themselves where it provides them with an attack toolkit to do automated phishing of emails, data mining, and system vulnerability scanning. Fortunately, security professionals have AI countermeasures to automatically identify attack patterns and detect suspicious activity coming from the Dark Web.

The future likely is an escalating digital AI arms race between CISOs trying to stay one step ahead of the cybercriminals. Let’s hope the former are more successful than the latter.