USE OF ARTIFICIAL INTELLIGENCE IN CYBER SECURITY
USES OF ARTIFICIAL INTELLIGENCE
Success in making an Artificial Intelligence would be a huge event in history of the human civilization. However, it can be considered to be last event, unless Humans starts to understand how to prevent its risks.”
— Stephen Hawking, Famous Physicist and Author.[1]
Now-a-days, majority of the anti-malware or antivirus relating programs (which is basically consisting of numerous applications of the algorithms) utilizes the traditional detection techniques to find the vulnerabilities and threats, which might be not fruitful for finding out the new threats. So, Artificial Intelligence and Machine learning comes into the picture in the field of cybersecurity for identifying and managing cyber threats security incidents.
a) VULNERABILITY MANAGEMENT
Since the known vulnerabilities in a System or Network or Databases are difficult to manage, machine learning and AI processes such as User and Event Behavioral Analytics (herein after referred to as “UEBA”) can observe all kinds of behavior of User accounts and servers. Further, it can identify or analyze any abnormal behavior that might gives a hint of a zero-day attack which can be useful to preserve Companies or Organizations before any vulnerabilities are formally reported and patched. UEBA solutions have 3 major functioning as mentioned here below:[1]
· UEBA uses ‘Data Analytics’ which in turn utilizes data as per User’s behavior. Further, Statistical technique has been utilized in order to detect abnormal or unusual behavior and then alert System Administrators.
· UEBA uses ‘Data Integration’ includes that there will be data comparison through numerous sources (like logs, packet sniffed data, etc.) with the already existing Security Systems.
· UEBA uses ‘Data Presentation’ from which UEBA Systems tries to communicate its findings and generate reports. It issues a request to Security Analyst within an Organization to investigate unusual behavior.
· UEBA uses Data Loss Prevention Tools which analyze and report the events that shows any unusual or anomalous behavior compared to known frameworks of sensitive data. Such tools can help the Investigators to find the Security Incidents in a faster manner.
b) NETWORK SECURITY
Organization can utilize AI to develop and update network security by understanding and reporting the network traffic patterns.
· Gmail utilize the technology called ‘machine learning’ for the purpose of blocking millions of spams in a single day.[2] It has developed a system for filtering out emails and spam, managing the email in the form of categories and to avoid any malicious files or documents from Gmail.
· Gmail utilizes AI in addition to rule-based filters which enable to block spam. Further, machine learning analyses new patterns via numerous Algorithms that recommends an email whether such message can be trusted or not.
· Gmail uses ‘TensorFlow Deep Learning Model’ and a ‘Custom Document Analyzer’. TensorFlow is open-source software which is utilized in dataflow programming. Custom Document Analyzer’ is used to filter the attached documents and further identifies attack patterns, if any.[3]
c) IMPROVING THE AUTHENTICATION
The modern biometric authentication technology like face recognition and iris scan, login authentication is relatively secure and easily accessible. AI in biometrics might disable any cybercriminal in order to brute force or hack into the system.
Use of facial recognition by Apple: According to the official statement by Apple Company, the technology of facial recognition is dependent on the direction of the user’s look, and uses “neural networks for matching and anti-spoofing” [4] for unlocking the iPhone through a mere stare. Further, Apple’s iPhone X contains another feature namely ‘adapts to changes’(If the User changes physical appearance, then iPhone can still be unlocked via facial recognition feature).
d) THREAT ANTICIPATION
Threat anticipation enables to anticipate what could hit an Organization and finds out the spefic details of the happening of a breach. Some components of AI like ‘text analytics’ and ‘natural language processing’ enables to find out the relevant data that a threat analyst must observe which saves time. Thus, AI methods enable to categorize such unstructured data in an automotive manner. Lastly, Human threat analysts have a major focus on performing a relevant action to it.
Cognito By Vectra[5]: ‘Cognito by Vectra’ is an AI tool which helps to find and responds to cyber attacks inside the cloud, networks and Internet of Things. It consists of automated threat detection, empowering threat hunters and more functions. It extracts and observes metadata via concerned cloud events and logs for the purpose of detecting real time automated attack, AI-assisted threat hunting and incident investigation.
e) INCIDENT RESPONSE:
AI assists in incident response. Soon as an alert has been confirmed as an ‘incident’, an effective response need four pertinent steps:
· Containing the spread of malware or incident, if any;
· Recovering the Systems that are affected;
· Mitigating the major causes of the incident or attack and;
· Improving the security level for future purposes.
AI models majorly answers the following questions:
· What impact does it bring to the asset?
· Who are the attackers behind the incident?
· What is the blast radius of such incident or attack?
Picture №1: AI Technology
FUTURE AND CHALLENGES OF AI FOR CYBERSECURITY
Currently, Organizations works a lot to improve their own network security. To secure this infrastructure, Organizations utilizes multiple lines of defense which starts with a firewall that is able to filter out and manage the network traffic.
Then, the second line of defense is considered to be antivirus software. So, to effectively set up a firewall and its policies and antivirus software it requires a security professional. However, use of AI in cybersecurity will improve the conventional approach.
a) FUTURE OF CYBERSECURITY WITH AI
· INTELLIGENT FIREWALLS: Organizations will be able to analyze and respond to security incidents by utilizing upgraded tools. The next-generation firewalls might have built-in machine learning process that enables to analyze a pattern in data packets and block such packets in the case where it poses as a threat, in automotive manner.
· AUTOMATED SOFTWARE TESTING: For improving cybersecurity, AI can observe bulk of the data, as it can work in 24×7 without any break in comparison with the humans. AI may apply ‘automated software testing’ to figure out any bugs even before they secretly come into the System or Network.
· NATURAL LANGUAGE CAPABILITIES: It can be a prediction that one of the functions of AI namely, ‘natural language capabilities’ will be utilized to figure out the initiation of cyber related incidents and attacks. Such prediction can be effectively utilized via scanning the relevant data from the internet.
· REDEFINING IDENTITY AND ACCESS MANAGEMENT: AI may likely to kill the basic need of setting up complex passwords (with certain numbers or alphabets or characters) in the next decade or so. The identity and access management of a User might be falling to biometric authentication mechanism more.
b) LIMITATIONS AND ISSUES OF USING AI FOR CYBERSECURITY
There are also some limitations that prevent AI from becoming a mainstream security tool:
· SYSTEM PERFORMANCE: AI detection is dependent upon observing a numerous events in the System. Such events may include scanning the complete hard disk and file operations, etc. Such huge monitoring of the Operating System and its procedures can degrade the performance of the System.
· DATA SETS: AI models are well trained with understanding data sets. Security Professionals need to work on such data sets which are having some malware codes. But, many of the Organizations might not have the adequate resources or the time to gather such accurate data sets.
· AI AND HACKERS: Hackers now-a-days are becoming smart enough to improve their malware for making it resistant to AI-dependent security softwares.
CONCLUSION
In conclusion, AI and machine learning can upgrade the security of an Organization. However, it also helps the cybercriminals for penetrating into the Systems without any human intervention. Thus, it can have a substantial effect that can certainly damage the reputation and resources of any Company. As there is ever increasing rise in cyber threats, the use of AI in the cybersecurity is a necessity, and security organizations are working precisely on that. However, no matter the need of AI in cybersecurity is increasing, it is also pertinent to understand its limitations in order to optimally utilize it. Lastly, it can be stated that vulnerable or an under-developed software/tool is considered to be worst as compared to a less-effective but completely developed software/tool.
REFERENCES
[1] Petters, J.,“What is UEBA? Complete Guide to User and Entity Behavior Analytics”, (2020), Varonis (Retrieved 30 March 2021, from https://www.varonis.com/blog/user-entity-behavior-analytics-ueba/)
[2] Google using machine learning to filter spam on Gmail — Times of India. (2021). Retrieved 30 March 2021, from https://timesofindia.indiatimes.com/gadgets-news/google-using-machine-learning-to-filter-spam-on-gmail/articleshow/67880845.cms
[3] Winder, D. (2021). Google Confirms New AI Tool Scans 300 Billion Gmail Attachments Every Week. Retrieved 30 March 2021, from https://www.forbes.com/sites/daveywinder/2020/02/28/google-confirms-new-ai-tool-scans-300-billion-gmail-attachments-every-week/?sh=320c84823edd
[4] “Apple’s White Paper on Face ID Security” (2017) (Retrieved 10 January 2021, from https://www.apple.com/ca/business-docs/FaceID_Security_Guide.pdf)
[5] Network Threat Detection & Response Platform, (2021). Vectra AI (Retrieved 30 March 2021, from https://www.vectra.ai/products/cognito-platform)
[6] Is the Future of Cyber Security in the Hands of Artificial Intelligence (AI)? — 1. (2020) (Retrieved 25 March 2021, from https://towardsdatascience.com/is-the-future-of-cyber-security-in-the-hands-of-artificial-intelligence-ai-1-2b4bd8384329)