AI and Cybersecurity

We are facing a new world shaped with unprecedented changes leading by disruptive technologies. Two major concepts among them Artificial Intelligence and Cybersecurity, are like two sides of a coin. While the first of them requires big data to exist, the other one strives to protect it. There is a codependent relationship between them which have not yet fully explored. Since cybersecurity has so far focused on guarding legacy systems and data, this article explores how AI leverages its efficiency and effectiveness.

Source: Vectorstock

What is Cyber Security

Cyber security is the more focused area of information security which comprises three main areas: Confidentiality, Integrity, Availability. In broader terms, 

Confidentiality mostly concerns privacy of personel, sensitive and secret data. 

Integrity assures accuracy and precision of the files, databases and source codes. 

Availability provides systems operating actively and applications and data are ready to use when needed.

To ensure these three areas are met systems are hardened in line with standards and best practices. Moreover, information technology controls are employed around critical assets and datas such as Network, Identity, Access and Authorization, and Change Management Controls.  These controls should function as Preventative and Detective so any attempt or security incident should be responded.

What is the aim of cybersecurity?

Attackers aim to exploit deficiencies on IT controls and system vulnerabilities. The aim of cybersecurity is preventing attacks against the critical data and assets, rendering information systems more resilient and detecting if any breach occur and taking correcting action in a timely manner. Common cybersecurity attacks are Distributed Denial of Service (DDos), Bruteforce, Phishing attacks.

In order to provide protection against them there are four main problems to overcome: 

Scale of the network activity and data resources such as web server logs, application logs, network packages, IoT sensor data, workstations, API calls, etc. are increasing in an immense level. They have complex interrelationships among themselves in which this can’t be monitored manually or by rule-based firewall and Intrusion Detection System (IDS) solutions. 

In terms of stopping leakage of confidential data, understanding Context of emails and documents  is very important and traditional text-matching Data Loss Prevention (DLP) solutions can’t assess Context. 

Precision and accuracy are very hard to achieve. Traditional vulnerability (VMS) and security incident analysis (SIEM) solutions produce many false positives and false negatives, web firewall/proxy URL blocklists are updated manually and leave open for the phishing attacks.

Detecting any security incident in Speed is essential. If they are not addressed on time, security breach and data leakage may be already happened even if it was detected.

Source: Vectorstock

How Artificial Intelligence can protect your organization’s critical assets?

As rule based algorithms become insufficient to manage and to derive meaningful conclusions from enormous data, deep learning and machine learning is coming to our rescue. Deep learning makes realtime detection and forecasting. Intelligent agents can identify patterns and abnormalities in user logins and analyze thousands lines of code and identify the weaknesses that software engineers have written. Moreover, when the original data for testing don’t want to be shared, synthetic data can be generated by Markov chains, Boltzmann machines, GANs algorithms. AI also offers solutions to above mentioned problems:

Scale

To solve Scale problem and finding incidents, an IDS tool that leverages artificial intelligence should be employed. By using network event logs capturing the details of packets that coming in and out. Instead of searching for rules and patterns, a predictor model should determine necessary features such as when each packet was captured, the source and destination IP address, and port number of the packet, etc. Then, deployed model identify an unusual activity and determines if a new event is indeed an intrusion, or business as usual. For the purpose of intrusion detection, it is sufficient to have network event logs capturing the details of packets that are either coming into or going out of the network of interest. Clustering algorithms which discover the new patterns in data such as DBSCAN, Bayesian Gaussian (anomaly detection) can be used for this purpose.

Context

Context problem can be overcome by using intelligent DLP’s which work with context matching  approach along with the traditional ones. For intelligent DLP, deep learning model should be trained in two different datasets one with words and phrases that must be protected and the other with doesn’t need protection. Also, the model should be fed with semantic relationships of the language using word embedding technique. The AI-based DLP assigns a sensitivity level to a document and decides whether it will be allowed or blocked.

Accuracy and Precision

AI can help solving Precision and accuracy problem by realtime discovery instead of relying on manual lists and databases. For example, instead of manually maintained URL block lists to reduce the likelihood of phishing attacks, a model can be deployed. Model may use some features determines the genuineness of a website.

Speed

In order to respond to Speed problem, predictability models can be deployed and proactive actions can be taken. AI models are capable of find patterns across many dimensions which are beyond the ability of human being and rule-based approaches. AI based IDS may spot malware for which a signature doesn’t even exist yet. They can make actionable recommendations and autonomously taking corrective action. 

Security is Everyone’s Responsibility

It is wise to remember that deep learning and machine learning has inherent limitations. AI application/model is itself susceptible to attacks such as interfering the training attributes (features), the data used for training and the algorithm itself. While exploring the possibilities for increasing the efficiency and effectiveness of cybersecurity by solving common problems, we should always keep the possibility of new problems in mind.

Related Posts

Leave a Reply