It can feel like we are losing the battle against cybercrime. The very systems that we are building to make our world ever-more connected are becoming part of our downfall. As well as connecting the virtual dots of organizational operations and processes, this digitization is creating expanded touchpoints for cybercriminals to hack. The extended lifecycle and reach of data along with the nature of modern computing is creating innovative platforms while at the same time opening up new channels of abuse and exposure. In the world of cybercrime, this innovation is also creating a blossoming community of hackers; these cybercriminals using malicious means such as manipulation and exploitation of our own human behavior. But all is not lost. Just as the cybercriminals seem to be winning the war, a new weapon comes the way of the good guys. Artificial intelligence (AI) and its subset machine learning (ML), and the ML subset deep learning (DL) are offering us ways to fight back against the increasingly complex cyber-attack matrix.
A Brief Introduction: What Are AI, ML and DL?
Artificial Intelligence is defined by John McCarthy in his paper of 2007 on the subject as “the science and engineering of making intelligent machines, especially intelligent computer programs.” Machine Learning is a subset of AI. It uses algorithms to determine patterns and trends from data sets and it can improve accuracy over time. There are two types of ML: supervised and unsupervised. The former is trained on both input and output data to predict patterns, whereas the latter finds hidden patterns in the input data. Deep Learning is a subset of machine learning. It is used to detect patterns in unstructured data such as images. DL learns by being trained using very large datasets; for example, driverless cars are trained using large amounts of images and videos. You can read more on the learning technologies on the Artificial Intelligence Wiki.
AI for Cybersecurity Good
Cybersecurity threats are coming at us from all angles and it is hard to detect them. The state of play in the cybersecurity arena is fractured. The methodologies used by the cybercriminal are constantly changing, covering multiple attack vectors or morphing from one threat to another. It is simply hard to keep up. The solutions that an enterprise utilizes to prevent a cyberattack are often point solutions. If the “point” or the attack vector changes, the solution falls short. This has been borne out by the antivirus tools that were so popular up to the early 00s. But definition-based detection is useless when 77% of cyber-attacks are using fileless techniques. This impasse has paved the way for smarter cybersecurity tools and solutions. Here are some examples of the application of AI, ML and DL to cybersecurity issues:
Threat Detection
The onslaught of security threats means that any automation methods that can be applied to the problem are welcome. The amount of data generated across an extended network can often be onerous for human operators to assess quickly; it can be a little like looking for a needle in a haystack. Machine learning can use these data to look for patterns of behavior and spot unusual patterns or changes. Some ML-based cybersecurity solutions can even spot illusive emerging threats. They can also be used to detect insider threats, as well as advanced threats. This is because machine learning can be used to identify items such as phishing emails, as well as errant behaviors which indicate a malicious actor. The hope is that ML will be able to work alongside security analysts to give them a more proactive tool to deal with security issues.
Fraud Analytics
The 2017 Global Fraud Index presented the staggering figure of $57.8 Billion of losses through eCommerce “card not present” fraud. Ensuring that a transaction is not fraudulent needs real-time solutions, as any delay in a transaction could result in a real customer being lost. Machine learning is increasingly being used in the payment industry to solve the issue of card fraud. Big data from previous transactions is driving ML solutions; the algorithm is trained using these initial data sets, but it is also continuously updated, self-learning as new data is created. Fraud analytics tools, based on machine learning, are augmenting fraud analysts rather than replacing them and helping the industry to work out new strategies of action.
Identity Verification
Identity theft in the U.S. saw a 37% increase from the previous year during the first half of 2017. One way to reduce the problem is to issue verified identities that are tightly-bound to a person using robust authentication. Identity verification often requires complex and multi-faceted checks during registration of an account. Various companies are working to reduce the pain of verification by using machine learning to improve the verification process for a user. The techniques used in identity verification often apply a mix of AI/ML technologies such as fraud detection and facial recognition, augmenting them with technologies such as OCR to reduce the friction of verification while ensuring optimization of match rates.
AI for Cybersecurity: The Downside
With every yin, there must be a yang, and the good side of AI/ML in cybersecurity has its opposite in the application of the technologies by cybercriminals. There is now real concern that cybercriminals are exploiting AI and ML to move the cybercrime game in their favor:
Automation of Spearphishing
Blackhat has presented research which shows how machine learning can be used to make spearphishing easier and more successful. For example, the 2016 Honey-Phish project was trained on posts from the subreddit /r/personalfinance and was capable of engaging in long conversations in order to lure its marks in. Fortunately, Honey-Phish was on the side of the angels, with its ultimate purpose being to scam scammers. However, it illustrates just how much potential this kind of tech has: in its short time of operation, Honey-Phish snared two separate marks.
CAPTCHA Uncaptured
In another paper by Blackhat, they used deep learning mechanics to circumvent reCaptcha. Captcha services are so widely used that at least one service charges money to solve Captchas, but the Blackhat solution was free, offline and required no human interaction. They stated: “our completely offline captcha-breaking system is comparable to a professional solving service in both accuracy and attack duration, with the added benefit of not incurring any cost on the attacker.”
Evasive Malware
A demonstration of malware that was able to evade detection was shown at Defcon 2017 by Endgame. Cybersecurity professionals are now predicting that machine learning will be used to augment malware on the fly, creating malware that can adapt to changing conditions and be even more difficult to detect.
Human/Machine: A Perfect Pairing
Artificial intelligence and the subsets of machine learning and deep learning give us hope that we can deal with the ever-complex cybersecurity landscape. However, research is showing that human beings still need to be part of the process and work alongside these technologies. Systems like MIT’s AI2 are able to detect 85% of cybersecurity attacks but only when working alongside their human counterparts. This machine-human combo can become a killer force, both for good and bad in cybersecurity. If machine and humans work together in harmony for the good of cybersecurity, we can prepare for the likely use of the technology by cybercriminals.
Sources
2017 Cybercrime Report, Cybersecurity Ventures What Is Artificial Intelligence?, John McCarthy Artificial Intelligence Wiki, Skymind The Hype-Free Guide to Fileless Attacks, Barkly Global Fraud Index, PYMNTS System predicts 85 percent of cyber-attacks using input from human experts, MIT News Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter, Blackhat I’m not a human: Breaking the Google reCAPTCHA, Blackhat
