The Role of AI in Cybersecurity: Applications, Advantages, and Challenges by : Sree Mughi Chandrasekar

Introduction:

One domain that’s ever changing in today’s world is Artificial Intelligence, with new advancements being made everyday! AI has applications in almost every field, including everyday applications, healthcare, industries and businesses, education, automobiles and many more. And recently, with the increase in sophisticated cybercrimes, AI has also found its way into cybersecurity.

In this article, we will be discussing the usage of AI in Cybersecurity as the title suggests, a few applications – their successes and failures in specific domains, positives and negatives of using such a sensitive mechanism in cybersecurity.

The Basics:

Artificial Intelligence and Machine Learning

We would have heard the word Artificial Intelligence everywhere, we would have watched movies where self-thinking robots take over the entire world! The brain of such robots could be called AI. You might have heard about chess games with AI opponents, a famous example would be of Deep Blue, IBM’s supercomputer that defeated Kasparov, a chess grandmaster in 1997. Today, we have ChatGPT by OpenAI which is an AI that can answer almost any question you have in mind irrespective of its field, but it does fall short at certain tasks. A recent development in the AI world would be that some forms of AI can now understand human emotions. Such great advancements in such a short period of time.

Now, let’s get to the explanation, Artificial Intelligence can imitate human intelligence and gives machines the ability to think. The three main cognitive skills that they can perform are Learning, Reasoning, and Self-correction. AI also encompasses computer vision and natural language processing. AI can be classified into three types:

ANI (Artificial Narrow Intelligence): These AI can perform specific tasks, like text-to-image generator AIs, image recognition AIs, chess AIs, etc.
AGI (Artificial General Intelligence): These AIs are hypothetical systems that have complete knowledge with the ability to perform any humanly possible intellectual task.
ASI (Artificial Super Intelligence): These hypothetical AI systems are better than any human to ever exist, they should be able to outshine the human intelligence.

So, there’s a long way to go before robots takeover the world!

Now, let’s move on to Machine Learning, which is a subset of AI, includes algorithms that make the systems automatically learn from experience without any specific programming. These algorithms and statistical models help infer patterns from abundant usable data, and the systems then learn to identify such patterns. This process of identifying complex patterns from vast data using several layers of artificial neural networks (these imitate the structure and function of human neural network) is called Deep Learning, which is a subset of Machine Learning. Hence, data are very important for an AI. The original dataset is divided into training data, which is used to train the AI model to recognise patterns and hence, to learn and adapt; and test data, which is used to test the AI model for its accuracy.

AI models are said to be following a black box mechanism, meaning, only the input we provide and the output we get is transparent to us, but the decision process and factors are opaque. But, efforts are being made to make this process more interpretable, techniques called explainable AI (XAI) aim to increase the transparency of the decision-making process the AI undergoes.

Cybercrimes and Cybersecurity:

Now that we know the basics of AI and ML, let’s get to know about cybersecurity and cybercrimes. There have been countless instances I’ve wanted to upload a picture in a social media platform but decided against it because I’ve heard of multiple cybercrime cases where criminals steal identities or demand ransomware threatening to edit or deepfake our pictures. There have been many cases where such uploading of edited pictures of girls has led to their suicide. These are just one kind of cybercrime, there are many more. These cause financial losses, reputation harm, data breach, system failures and sometimes even death.

Well, in definition, cybercrime would be any kind of criminal activity carried out through computers or the Internet. Most cybercrimes are committed for monetary purposes, but sometimes, it’s for personal or political reasons. Such criminals who commit cybercrimes, in general, are referred to as Threat Actors. There are different kinds of Threat Actors as shown in the picture. One thing to note is that since hackers (people who have deep understanding of computer systems and use their skill to overcome issues) can have varied motivations, they don’t always have malicious intent. There are white hat hackers (ethical hackers) who don’t have malicious intent but rather work with government or agencies to find and fix security issues while there are black-hat hackers who do have malicious intent. So, not all hackers are threat actors. These are just a few threat actor types, many more exist in today’s world like hacktivists, cyberstalkers, scammers and so on.

Cybercrimes take place because of the exploitation of security vulnerabilities found in networks by threat actors, these could be caused by weak authentication, passwords or security measures.

Now, let’s take a look into a few of the common cybercrimes that are committed:

Phishing and Scam: Tricking users by sending fake messages and e-mails to get sensitive information.
Identity Theft: Using personal data of a person to commit crime.
Ransomware attacks: Encrypting someone’s personal data using a malware and demanding ransom to let them access it.
Hacking Computers: Unauthorised accessing of computers or computer networks to alter or steal data or shut down systems.

Others include cyber-bullying (spreading hate in the Internet platforms), cyberstalking, software piracy, social media frauds, etc.

Now, enough crime-talk, let’s look into cybersecurity.

Cybersecurity is the process of defending computers and other internet connected devices from malicious digital attacks by threat actors, using various technologies and techniques. This practice helps protect from all the different cybercrimes there are. When faced with an attack, today’s professionals choose to defend all the assets first rather than striking back. In today’s world where a lot of common tasks have been digitalised, like online transactions, working-from-home methods, provide the perfect environment for threat actors.

Cybersecurity includes securing various components of a digital infrastructure such as mobile devices, network and more to create an efficient and cybersecure environment. The various subdomains of cybersecurity include:

Application security protects the softwares and services of a company using various defensive methods.
Cloud security is the protection of cloud software systems of cloud service providing companies.
Identity management and data security is the process of authorizing and authenticating trustworthy individuals to the information systems and protecting data using powerful information storage mechanisms.
Mobile security protects mobile devices from various digital threats and safeguards personal data.
Network security is the protection of network and infrastructure of the company from various threats within or outside the company.
Disaster recovery and business continuity planning subdomain helps businesses recover their critical systems and keep them running during and after any kind of natural disasters.
User education is the process of promoting cybersecurity awareness to business staffs through classes and programs.

Hence, cybersecurity is very crucial in protecting us in today’s world full of digital crimes. A few ways to protect ourselves would be ensuring to use strong passwords, do not reuse the passwords, enable two-step verification methods (multi-layer security), only use trusted websites, and have a good antivirus application protecting your device.

Using AI and ML in cybersecurity:

Using AI and Machine Learning techniques have been a game-changer in the field of cybersecurity. You would have heard about the scam detection AI, here, Machine Learning is utilized to find patterns from the e-mails that are marked as spams by the users. Specific words such as “Free” or “Prize” or specific locations from where 70% emails marked as spams are sent, are observed as a pattern by the AI. Moving forward, the AI will now be able to automatically mark emails with such words as a potential scam, considering that while the overall scam rate of emails is around 5%, emails with such characteristics are scams 70% of the time. Well, this AI using ML has made spam detection in cybersecurity more efficient.

Traditionally, to detect threats, cybersecurity used signature-based detection systems where known threat signatures were available in a database and incoming traffic was compared to them to find threats, rule based detection systems where if incoming traffic did not behave based on the acceptable rules, it will be considered a threat or manual analysis where professionals manually compare incoming traffic to known threats to find out patterns. But all of these techniques sometimes led to false trigger because of similar characteristics to threat or were weak to new or unknown threats.

As we had already discussed, AIs are quick at recognising patterns, can respond in real time and learn and adapt, which is the exact addition needed to our already available cybersecurity mechanisms and techniques. Using machine learning, these models can be trained with vast amounts of data from historical times to the latest attacks to recognise complex patterns (which will require way more manpower if done by humans. Moreover, humans may not be able to recognise every threat.) and they can hence, respond to known and unknown attacks in real time by alerting the professional or taking automated decisions as an emergency retreat. And with their ability to continuously learn and adapt, they can be trained on new data, thus evolving in step with threats. This addition of using AI models with machine learning mechanisms in cybersecurity help secure our data and systems better than ever!

AI models could be trained with labelled data where the data is classified according to its characteristics and provides a clear idea to compare with and unlabelled data are the ones that are not classified because of insufficient information or for training purposes like to analyse them for complex patterns, or creating initial labels.

AI models follow primarily two data analysis techniques to identify patterns and anomalies. Static analysis focuses on analysation of the characteristics of the data like size, code, and structure, while dynamic analysis focuses on the behaviour of the data like when it gets called or executed.

Machine learning, in detail, could be used for the following tasks:

Data Classification: This is the process of labelling all the data points using predefined rules. This helps categorise between the various cyberattacks and build a profile for them.
Data Clustering: The data points that cannot be classified are clustered together based on their shared traits, by analysing them, we might get to know about new cyberattack techniques or vulnerabilities.
Recommended courses of action: Based on logical relationships, not intelligent, between previously made decisions and observed patterns, the model suggests recommended actions.
Possibility synthesis: It synthesises new possibilities for attacks and vulnerabilities in the system from previous data and outliers.
Predictive forecasting: It predicts possible outcomes by analysing given datasets. They are generally used for building threat models, and outlining fraud prevention.

A few examples where such machine learning algorithms could be used are:

Data classification could be used to differentiate between user data, which according to most of the countries, should be available to delete when requested and anonymous data.
By identifying outliers from user behavior profiles, we could create predictive models. Knowing the possible outcomes, we can generate recommended actions. Similarly, threats could be avoided by building system behaviour profiles too.

One thing to note would be, ML algorithms only provide solutions based on logical relationships, and they take a decision even if it’s not right, they do not decide like a true AI. While, AI might get its output through not only pattern recognition, but also evaluates multiple factors, applies reasoning, and takes independent actions based on predefined rules. Hence, AIs can create art or music as they apply knowledge in various situations, but ML algorithms do not go beyond their trained data.

Some applications of AI in cybersecurity are:

Malware Detection: With the training and analysis methods mentioned, they will be able to identify known and unknown malware variants.
Phishing and Scam Detection: As said earlier, when a user marks e-mails as scam, it observes and identifies patterns common to them to take automated decisions from next time onwards.
Security Log Analysis: Based on pattern and anomaly detection across vast security log data, security breeches could be neutralised quickly, and insider attacks can also be stopped before hand if an anomalous user behaviour is observed in real-time.
Network Security: Here, the AI model can identify unauthorised end devices on the network, unusual traffic using anomaly detection after being trained with vast data on how the network should actually be. It can also monitor the activities being performed on the end devices.
Endpoint Security: This AI model can scan files for malware, analyse and detect unusual endpoint device behaviour, and block unauthorised access protecting personal data. Hence, detecting potential threat in real-time.

Other applications would include password protection, bot identification, threat intelligence, incident response, vulnerability management, notifying customers and authorities in case of a sudden pattern change in the customer’s credit statements.

Advantages of using AI in Cybersecurity:

Increased Efficiency: With AIs quick pattern recognition and other mechanisms, it is way easier to automate routine tasks, analyze large volumes of security data to detect potential risks and anomalies, and scanning systems for vulnerabilities and recommending needed security patches. AIs also assist in streamlining incident response processes by providing the severity and effects of the incident through analyzation of data and alerting the professionals. By including AIs with the current manpower, security analysts will be able to focus on critical cases leaving routine work and finding complex relationships to the AIs.
Increased Accuracy: With AI’s ability to recognise complex patterns from vast cyber threat data, AI can accurately find known and unknown variants of cyber threat in real time. Its ability to continuously learn from the recent attacks and adapt keeps it one step ahead of the threat actors.
Reducing Costs: By automating routine tasks and patch management, organisations can cut down on manual intervention, hence reducing their work. Its accuracy in threat detection and immediate incident response reduces the financial losses too. AI systems can also reduce cost by knowing about emerging cyber attacks from global threat intelligence forums and others.
Secured Authentication: AI systems can provide security layers like fingerprint recognition to prevent possible security breeches into a network.
Real Time Threat Detection and Response: AI systems achieve this through their machine learning algorithms which help them analyse and recognize threats and anomalies and respond in real time. They can also be used to take immediate actions like isolating infected systems.
Improved Scalability: AI systems are trained using vast sets of data, this aspect is very important in threat detection.
Protection against bots: Bots could be used to increase the traffic at a website, thus giving an unsatisfactory experience to real customers. Bots could also be used to steal data and spread viruses. AI systems will be able to recognise them by their patterns and provide security against them.

One thing to note would be that even if AIs can detect threats efficiently in real time, human analyst supervision is needed to understand the threat and make informed decisions.

Challenges of using AI in Cybersecurity:

Bias: AI systems, as we know are trained on vast amounts of data, it’s very necessary that these sets of data are bias and discrimination free. Since AI systems are self learning, they may take any pattern as a deciding factor even if it is biased, and a biased factor results in biased decisions. Gender bias is very common. Let’s say most of the scam messages to a specific number are by males, the next time a message is sent by a male, the AI might automatically mark it as a spam. So, it is very important that the data provided for training be diverse and the process is always monitored.
Attacks: Threat actors have started using AI technologies to commit these cyber attacks:

AI integrated Phishing attacks: Cybercriminals are using Natural Language Processing and ML algorithms in AI to generate very convincing e-mails which are hard to recognise as scams.
Advanced Evasion Techniques: AI integrated malware systems are able to change their behaviour making it hard for even AI detection systems to recognise.
Automated Attack Tools: Using AI technologies, cybercriminals are automating activities such as finding vulnerabilities.
Adversarial Attacks: Adversaries can make minor alterations in the inputs to fool an AI system into making incorrect decisions.

Transparency in AI: We only give the input and get the output, the processes that the AI undertook to arrive at this decision is unknown, and hence AI models are called black boxes. The process behind the decisions that AIs make are sophisticated and complex for human understanding. Lack of interpretability of AI models causes trust and accountability issues. By trying to increase the transparency of the decision-making process, we could mitigate this challenge.
Data Privacy and Security: AI developers should prioritize data privacy and security by implementing rigorous data handling practices, employing privacy-preserving techniques, conducting thorough risk assessments, and continuously monitoring and updating their AI models to ensure they align with privacy and ethical standards.

These challenges could be mitigated to an extent by following ethical guidelines and regulations when building an AI system, and allowing critical decision-making processes to be done by human analysts. Regular supervision of AI-powered tasks, and collaboration with various industries to spread knowledge along with the advantages of using AI-powered systems should be helpful.

Conclusion:

To conclude, using AI in cybersecurity has led to many advantages that changes the scope of cyber security. Automation of tasks, Accurate threat and anomaly detection, cost reduction through AI’s machine learning algorithms and other mechanism prove fruitful despite challenges like bias and threat actors using AI-enhanced tools for sophisticated cyberattacks.

In the future, we might be having more refined threat detection models, advanced predictive analytics, and proactive responses to emerging threats made possible by effective collaboration between various industries and the amazing duo of human analysts and AI systems. We can stay hopeful that such exciting ways to enhance cybersecurity using AI and ML are days away.