How AI changed cyber security

Artificial intelligence has enabled new ways to attack systems, but also to defend them.

Sign Up

Get the New Statesman's Morning Call email.

Cyber attacks are predicted to cost the world $10.5trn each year by 2025. It’s a trend that has accelerated during the Covid-19 pandemic. At the height of the crisis, Kaspersky reported soaring remote desktop protocol attacks on home workers, while IT security company Barracuda Networks found that Covid-related email scams leapt by as much as 667 per cent.

Read more: Prospering from a pandemic: How cyber criminals and nation-state actors are exploiting Covid-19

“Artificial Intelligence is playing an increasingly significant role in cyber security,” says Kevin Curran, a researcher at Ulster University. According to a study last year by Capgemini, a consulting and services group, 61 per cent of firms say they cannot detect breach attempts without using AI tools.

AI has a range of applications in cyber security, including network security, fraud detection, malware detection, and user or machine behavioural analysis. Its most popular application is in network security, where “the huge dimensionality and heterogeneous nature of network data” as well as the “dynamic nature of threats”, make it extremely useful, Curran says. “AI can use statistics, artificial intelligence, and pattern recognition to discover previously unknown, valid patterns and relationships in large data sets, which are useful for finding attacks.”

AI and machine learning systems can scan an organisation’s information systems to preemptively discover vulnerabilities. These AI networkmonitoring tools can detect and fix more irregularities than humanly possible by processing all of an organisation’s relevant data to create a picture of the “baseline” threat level. Any significant deviation from this baseline will result in the model flagging the activity as suspicious.

As such, AI can be important for reducing “zero-day” attacks – where hackers take advantage of vulnerabilities in the software before developers can fix it. Curran says this market is “flourishing”.

But AI can also be wielded by malicious actors for large-scale attacks. Malware is increasingly automated by cyber criminals. Conventional cyber security systems flag malware attacks by identifying malicious code, but because attackers often tweak the code, it is difficult for traditional security software to spot it. AI systems can check the code against a vast database, and so they are much more adept at designating it as potentially malicious, even when the malware is incorporated into benign code.

Read more: How AI could kill off democracy

“Building static defense systems for discovered attacks is not enough to protect users,” says Curran. “More sophisticated AI techniques are now needed to discover the embedded and lurking cyber intrusions and cyber intrusion techniques”. But security professionals are quick to caution against AI evangelism. Humans will still be integral to security for the foreseeable future – necessary to fine tune AI models and see if they are working correctly. If not, organisations can be lulled into a false sense of security. And this could lead to far more devastating attacks.

This article originally appeared in a Spotlight report on cyber security. You can download the full edition here.

Laurie Clarke is a reporter at New Statesman Tech.

Free trial CSS