Seeing AI to AI: Artificial Intelligence and its Impact on Cybersecurity
Have you ever uploaded a photo of you and your friends to Facebook, only to see that Facebook has self-identified your friends in the photo and asked permission to tag them? This identification process utilizes a form of artificial intelligence (AI).
You likely use other forms of AI throughout your day without even realizing it: through Siri’s speech recognition, Google’s search engine, and even through spam filters that clean up your email inbox. These are all forms of what we call narrow AI - technology that is set to perform a specific task - as opposed to general AI - which is meant to solve broader and more complex problems. AI is often utilized in cases of classification and forecasting. Classification involves organizing data and assigning labels through pattern matching, while forecasting makes a prediction for the future based on known data. In recent years, there has been increased interest in enhancing the capabilities of AI, aiming to use the technology to perform a variety of intricate tasks.
In the future, AI will potentially impact every industry in the world. It will be used to drive cars for us, diagnose medical problems, improve customer service relations, recommend financial decisions, and more. AI has already greatly influenced, and will continue to significantly impact, cybersecurity. Benefits of AI to this industry include better management of data and data centers, lower organizational costs and resources, faster threat detection and mitigation, and more reliable authentication of users. Despite these advantages, AI can be exploited for malicious purposes. Threat actors can apply the latest technology to develop new cyber threats and to find new weaknesses. They can utilize AI to achieve cheaper and more efficient means of crafting attacks, detecting vulnerabilities, and carrying out highly-targeted social engineering scams.
We can expect to see a lot more AI integrated into our daily lives in the coming years… but what exactly is AI and how does it work? What are the cybersecurity implications?
What is AI?
AI is actually a broad term that spans several capabilities. At its core, AI aims to replicate human intelligence to solve problems and make decisions. Despite recent innovations, we still have not achieved a true form of AI, and the debate continues on whether we ever will.
Today, AI innovations focus on machine learning (ML), which makes AI’s “intelligence” possible. Typically, humans pre-code a precise set of instructions that allows a machine to accomplish a task, and the machine solely relies upon that code to produce results. No matter how many times you run the code on the same data, you will get the same result. ML functions differently; the same input data may yield a different result as time goes on. In ML, a computer is initially provided with a large set of data and algorithms that allow it to accomplish a task, and train itself to get progressively better at that task as it analyzes more incoming data. The machine is informed when its decision is right or wrong, similar to reinforcement training, and then learns from these corrections. Adjustments are then made within its code to alter its decision-making process to attain greater accuracy.
AI ML itself can be classified into two major types – supervised or unsupervised learning. When a machine is given a data set and told what it can classify the data as, this is supervised learning. If the machine is only given the data set without any possible labels, it is called unsupervised learning. The machine has to come up with the labels itself by determining patterns observed in the data.
Even more complex than ML is deep learning (DL). DL is a subset of machine learning in which algorithms are structured in layers that exchange data with each other in what is called an artificial neural network (ANN). Though subtle, there is a difference between DL and ML in their approach to the learning process. ML breaks a problem down into separate parts, solves each of those parts, and combines the answers together to yield a final result. This process is more closely related to statistics and heavily relies on pattern matching to come up with an answer. DL, on the other hand, will handle the entire problem as a whole, starting at the simplest level possible and working its way up to more complex concepts in a type of hierarchical process. Deep learning is more closely related to true artificial intelligence for this reason. DL requires longer training intervals and a larger data set than ML, and a more powerful processor.
How does AI Work?
Let’s take a closer look at how ANNs work in DL. An ANN contains at least three layers and many “neurons,” or nodes, in each layer that work together to formulate an output.
Take the case of image identification: you have animage of a bird. This image is fed into the ANN’s input layer. The input layer can take on an endless number of inputs that are then represented numerically within the AI system. This layer is the receiving end for the information being fed into the system, containing the current data set that the ANN is going to analyze. This layer can also receive input in other ways: through audio or visual sensors, temperature sensors, pressure sensors, chemical sensors, voltage sensors, etc. In this case, the AI takes in the pixel data of the image.
Once this information is obtained, it is sent into the next layer of the neural network – the hidden layer. This is where AI’s “intelligence” actually happens. There can be any number of hidden layers within this portion, with more layers comes greater accuracy in decision-making. There may be hundreds or even millions of nodes contained within each layer, where each node is an individual processing point that has working connections to many other nodes. On each of these connections, the node assigns a positive or negative “weight.” When data is fed into the node, calculations are performed that produce a new value derived from the input value and the weight. If this new value is below a pre-set threshold, the node will not send its data on further. If it is above the threshold, the node will pass the information forward on all of its connections. These connections, in turn, make decisions on their own and further calculate whether they need to pass on data. This structure forms a dense web of interconnected nodes reminiscent of the human brain and its neurons, hence the term “neural net.” The goal of the hidden layer is to analyze the data, relying on processes like pattern matching, natural language analysis, etc. In our case, it will determine different characteristics about the bird image from visual patterns: the image’s colors, shapes, edges, brightness, etc. The machine analyzes the patterns it finds in the image and begins identifying features, such as whether or not there are feathers, how many legs it has, if there are visible ears, if it has stripes. These patterns are then correlated to the machine’s knowledge of what a bird should look like to determine its answer.
The hidden layers will eventually feed into the output layer that provides the final result, identifying the image as a bird.
Whether the answer is right or wrong, the AI is able to learn something. If the AI is informed the decision was correct, it will take measures to highlight the key features it used to make the correct decision and will weight them more heavily next time. If it is wrong, the AI may dismiss certain factors used in the last assessment or change the emphasis placed on some functions. To do this, the AI changes the values of its weights based upon the confirmation or rejection. By modifying the weight values (putting more/less importance on certain processing functions), the AI is able to generate more accurate results. This process is known as backpropagation, and it will keep repeating until the AI arrives at a low enough error rate and remains stable.
AI - Pros
One of the direct benefits of AI is the effect it will have on the technology workforce. AI can handle tasks more accurately and faster than a human does, thereby freeing up valuable time that administrators can instead spend on securing and improving their environment rather than on solving mundane tasks. Company funds can alternatively be spent on maintaining AI systems rather than on hiring and training multiple employees to handle those tasks. Additionally, AI is easily scalable, meaning that once it is trained for a task, it is easy to replicate that AI system to accomplish more instances of that task. In the long-run, organizations would see a cut in overall expenditures.
AI’s involvement in data center management is certainly on the rise and is already being implemented within some organizations. AI can monitor and optimize many of the crucial processes necessary in data center upkeep: power consumption, backup power, cooling filters, internal temperatures, bandwidth usage, etc. AI’s continuous monitoring allows for dynamic optimizations in all of these areas and, therefore, has more intricate insight into what values would boost the effectiveness of these areas at every given moment. AI can help reduce hardware maintenance and cost by taking a preventative approach to the center’s operations, alerting staff when certain levels are low or when equipment needs to be fixed before it breaks in a more severe manner. In fact, after implementing AI technology within data centers in 2016, Google reported a 40 percent reduction in cooling costs at their facility and a 15 percent reduction in power consumption. The calculative power that AI possesses gives it greater insight into the intricate relationships between hardware and infrastructure that better enable it to determine what balance of facility settings are best for total optimization. Humans are simply not able to sift through the enormous amount of readings from data centers to come up with this result.
Data Analysis & Protection
The sheer volume of data that modern networks generate can be daunting for some organizations to comb through and manage. Important information can easily get lost in a sea of data – this is where AI can be especially useful. Emerging tools offer AI solutions to identify, classify, and track sensitive data. These types of tools use computer vision and machine learning to analyze data at the pixel and byte levels. Users can categorize their data for easy viewing in visualization applications and identify where in the world their data is stored and which user/device is compliant with data rules, like the EU General Data Protection Regulation (GDPR). These tools can then identify suspicious and irregular data activity and alert administrators. Additionally, they can locate redundant data throughout an organization’s network, possibly saving companies thousands of dollars in storage.
AI significantly aids in the discovery of malicious software, known as malware. Using AI for cybersecurity is proving to be an effective defense against any unknowns – previously undiscovered vulnerabilities and techniques – since it uses a “good-behavior” model rather than relying on particular signatures to identify malware. AI’s good-behavior model is generated from countless data examples that are then used to classify suspicious behavior. The AI system can identify patterns of excessive resource use (CPU, memory, etc.), monitor unusual host connections, unusual transfers of data, untimely or incorrect logins, program invocations, and isolate any traffic deemed unusual. This form of identification is called anomaly detection. Within an Intrusion Detection System (IDS), AI can quickly categorize any network threats into differing levels of severity – critical, high, medium, low – that are easily organized and sent to appropriate staff members to handle. Threats can be classified into types, such as trojans, worms, or ransomware, which give security experts necessary information to handle these threats. AI use in Intrusion Prevention System (IPS) is different. The AI system plays an active role in mitigating the threats it identifies by shutting down processes, blocking IP addresses, dropping packets, and so on. Because threat actors are constantly developing new threats and workarounds, the behavior-modeling process of the AI needs to be a continuous one, otherwise it can rapidly become outdated and obsolete.
Biometrics, the science of establishing someone’s identity, is another field that AI continues to impact, heightening both cyber and physical security within organizations seeking to protect their information. Users often establish weak passwords and use them across multiple platforms for convenience. This allows threat actors to more easily conduct brute force attacks to guess these passwords and, once they have been obtained, access other accounts that use the same username/password combinations. AI biometrics provide a solution to this problem by offering validation for a characteristic that is hard to mimic, that you do not need to remember, and likely does not ever change. AI can be used for authentication by analyzing two types of characteristics to make determinations about a person: physical and behavioral. Physical biometrics include unique and measurable characteristics like fingerprints, the face, the iris of the eye, or DNA. Behavioral characteristics are based on unique behaviors like your voice, the way you walk, or the way you type and interact with a device. Behavioral biometrics are harder to spoof because they are related to many unique, determining factors – physiological, social, your health, and psychological. Rather than a single-access verification, AI can validate these biometrics in an ongoing process to provide continuous authentication, such as in the case of a person using a computer. AI can monitor the patterns of the individual using the device, such as their typing style and error rates, and provide a constant validation of their authenticity. The finance industry is especially interested in this application, and we may see more banking apps and ATMs requiring facial or voice recognition in the near future.
AI - Cons
Lower Cost and Resources
Just as AI decreases costs for security professionals, it also lowers the cost for bad actors. A single threat actor can carry out countless, effective attacks by utilizing AI to automate malicious processes. As a result, the amount of effort needed to carry out a malicious task is highly diminished. Because AI will be doing most of the hard work, the skill level needed to carry out these attacks is similarly reduced.
AI’s ability to quickly capture and analyze data makes it the perfect accomplice in spear-phishing attacks. AI is able to generate highly-targeted links, emails, websites, or social media posts that individuals are more likely to click on. Natural language processing (NLP) is the AI’s mechanism for understanding and interpreting the human language it sees, and for generating its own, custom messages. For example, a user’s Twitter posts could be collected to find personal information or key topics that the user is interested in, and the AI program can then craft an email mentioning that information. In fact, AI has been proven to be far more successful than humans at duping victims. Using AI, a threat actor has a higher rate of success and can reach more potential victims in a shorter amount of time.
Another dual-natured feature of AI is its ability to generate believable, false images, audio, and video. There are beneficial, practical applications for AI, such as video game content creation or movie special effects; however, artificially-generated media can easily be used to dupe unsuspecting victims. AI can be used to create new human faces by relying on countless, pre-selected facial images. These generated faces look entirely real to humans, and some can even fool other AI programs whose sole duty is to detect phony faces. AI can manipulate video as well, swapping a person’s face onto another person’s body, with realistic movements and facial expressions. In fact, there is even a Twitter account solely dedicated to putting a realistic smile onto celebrities’ faces. Manipulated images and videos can be used to fuel false media stories and either lift up or take down an individual or group.
By providing an extended voice sample, AI can create an artificial voice that sounds like the person being sampled, able to express words that were not even in the initial sample. This technology is still not perfect; however, it has gotten and will continue to get progressively better. This can be used in voice-based phishing scams known as vishing, and other scams carried out via phone calls. For example, AI chatbots claiming to be customer support have been used to trick victims into divulging personal and financial information. Additionally, by combining this technology with AI video modifications, one could create believable footage of a politician giving a phony speech. In this age of disinformation campaigns, AI could potentially spread massive amounts of fake media, driving political polarization further and harming public trust. Malicious actors could use sensationalism and fake media to aid in social engineering scams.
Another AI application that could benefit threat actors is neural fuzzing. Fuzzing is the process of testing large amounts of random input data within software to determine its vulnerabilities. Neural fuzzing utilizes AI to test these random inputs in greater quantities and speed. When combined with the power of a neural net, a threat actor would be able to quickly gather information about a target system or software and learn its weaknesses. Microsoft developed a method to apply this approach to improve their software as well, showing that neural fuzzing also has a constructive side, resulting in more secure code that is harder to exploit.
Using AI against Itself
Bad actors can use AI’s machine learning process against itself. False or misleading information can be introduced to the AI, known as data poisoning. This causes the AI to learn incorrectly and, as a result, make mistakes. This has also been called the “data diet vulnerability,” since the AI will only be as capable/smart as the data it feeds upon to make decisions. Microsoft learned this lesson back in 2016 when it created an AI chat-bot on Twitter named Tay.ai. Tay.ai drew upon data that was given to it by its staff, but also from data available in public tweets. As it engaged with Twitter users, it likewise learned from their conversations and tailored its responses to better reflect a human counterpart. Multiple users chose to engage in racist rants with the bot, eventually prompting it to start sharing racist tweets itself. The bot was quickly suspended, and the tweets were deleted. If a similar incident occurred against an AI responsible for more critical tasks, like intrusion detection, the results could be devastating.
Furthermore, AI can be used to carry out massive denial-of-service (DoS) attacks by mimicking human behavior. This technology can replicate human clicking patterns and website navigation to make traffic look more legitimate and fool intrusion detection systems.
AI’s involvement in our lives will continue to grow as more technology is integrated into the things we use every day. There are several experts who are wary of its impending effects, but there are even more praising its innovations. For cybersecurity, the primary benefits center around quicker analysis and mitigation of threats, while concerns focus on the ability for less skilled hackers to deploy more sophisticated cyber and technology-based attacks.
- Impact on the workforce: taking care of mundane tasks and freeing up time for more important responsibilities while lowering expenses;
- Better regulation within data center activities;
- More intimate data analysis and management;
- Smarter threat detection; and
- Higher levels of authentication, continuous authentication.
- Lowers the cost and resources threat actors need to run successful operations;
- Highly-targeted social engineering scams;
- Generation of false images, video, audio;
- Neural fuzzing makes vulnerability detection simpler and faster; and
- AI relies upon its data set, which can be poisoned.
MarTech Today - How Machine Learning Works, As Explained By Google