The evolution of the use of artificial intelligence in several fields has allowed us to consider AI as a double-edged sword. AI is considered one of a cybercriminal's best allies, and at the same time one of the best solutions for cybersecurity specialists.
Some testimonials can confirm the above:
Since 2020, the number of cyber attacks in France has quadrupled. This increase in the number of cyber attacks is explained not only by the lack of awareness with regards to cybersecurity, but that AI has made certain attacks more sophisticated and frequent in number.
AI-doped attacks first appeared in 2019 and have since been massively exploited by hackers.
Before discovering the benefits of using AI for cybersecurity, we should ask ourselves whether we really know how cybercriminals currently use AI.
AI is used by cybercriminals primarily for automating assault tasks and imitating human behaviour so as to sidetrack security systems. If you want simple and diverse examples of this, all you need is to take a look at social media where AI is used to create fake accounts, automatically publish fake news, as well as reply to certain users. These activities give AI a human aspect which is difficult to identify.
Cybercriminals can harness AI to create intelligent malware that can automatically spread across networks or systems without being detected. To prove its feasibility, a team of researchers succeeded in embedding malicious code into a neural network used for image detection. In addition, they managed to adapt the integration of this code to minimize the loss of efficiency (this prevented developers using this neural network from investigating the source of the loss of efficiency).
These researchers managed to squeeze 36MB of malicious code into a 178MB template while limiting the drop in accuracy to 1% and ensuring that anti-virus systems did not detect the malicious code.
Another type of attack that automatically generates false identities saw the first light of day in 2021; known under the name "Deepfake", it is responsible for generating fake videos. These nearly undetectable fake videos allow cybercriminals to request access to secure information, conduct false communication in place of an executive, or damage the reputations of celebrities.
However, while AI has been heavily used by cybercriminals in recent years, AI is also seen as a weapon that can be used by cybersecurity experts. This phenomenon is known as "the AI war" by some cybersecurity specialists.
Statistics show that more than 4,000 ransomware or viruses appear around the world each and every day, and around 80% of these threats are used just once. Faced with the increasing complexity of attacks, the number of which continues to increase yearly, companies, as well as governments, are beginning to make use of new AI-based tools.
In recent years, there have been rumours that AI is going to replace cybersecurity specialists. These rumours are far from true. AI cannot replace humans, but it provides them with relevant information with faster detection capabilities. As such, AI is never going to be a substitute for human expertise.
what are the services offered by big data and AI?
To combat the vast number of threats, cybersecurity specialists are increasingly using AI to analyze large volumes of data, identify malware and detect unusual behaviour. This requires analyzing a large chunk of data.
The different algorithms used by AI require a large volume of data on potential attacks in order to improve threat prediction systems. Therefore, data collection and analysis are essential steps in increasing the accuracy and ensuring the efficiency of smart solutions.
When it comes to cybersecurity, Big Data signifies a wealth of information that can be wasted if not used properly. Thanks to this large mass of data, AI can, for example, identify viruses that are not yet known in anti-virus databases or create clusters of data that have nothing in common visibly, but which may provide a clue to the threat. This data is considered disparate from a human perspective, but AI is able to tie it all together to shed light on the presence of a threat.
On the other hand, AI which uses Big Data can provide relief to humans unable to process such a large volume of data.
To meet the demands of the cybersecurity sector, AI mimics human reasoning and takes an approach similar to that of humans. On the other hand, a cybersecurity specialist does not look for an attack, but generally looks for an unusual occurrence. A human specialist relies on experience, on what has previously been seen; this is what comprises their knowledge base. AI uses exactly the same approach.
Through machine learning, AI can teach itself what is usual behaviour and classify that as "normal behaviour". On the other hand, any other behaviour (not recognized) is thus considered "suspicious behaviour" and requires further investigation by humans.
The strength of AI is the ability to collect data, analyze large amounts of data and detect potential threats in a short period of time. Therefore, AI is a robust tool that works 24/7, able to analyze data in real time in order to identify any vulnerabilities and emerging threats.
establishing regulations or utilizing RPA: is it enough?
Regulations put in place by cybersecurity specialists are extensively used by companies and organizations targeted by many attacks. Unfortunately, this solution is not enough because the Security Operation Center (SOC) can get overwhelmed by "false positives", which present an additional problem for experts. In this context, AI can be of service to experts by providing a better level of analysis and, therefore, saving a considerable amount of time.
SOCs can use Robotic Process Automation (RPA) to automate alert sorting by comparing data against other malware databases. However, RPA has its own limitations and remains insufficient for determining the severity of incidents, as well as differentiating false alerts from real attacks. This is due to the functionality of RPA which does not learn from experience the same way AI can; the latter is able to effectively carry out this sorting through the use of machine learning.
some examples of AI use.
- Identifying network threats: AI enables network security software to enhance 24/7 monitoring of inbound and outbound traffic and improve identification of suspicious behaviour.
- E-mail monitoring: AI can be used to strengthen email monitoring. By using Natural Language Processing (NLP), an anomaly detection system can automatically identify whether the sender, recipient, body of the email or attachments present any threats.
- Anti-spam: Machine learning allows smarter filters to automatically detect spam. Take, for example, Google, which uses machine learning for Gmail's spam filter.
- Bot detection: AI helps identify unusual behaviour. These Deep Learning-based models make it possible to detect bots and distinguish them from accounts managed by humans.
At Ausy, experts in AI, Big Data and Cybersecurity work hand-in-hand to meet these challenges.