Artificial Intelligence Against Cyber Crime

It is possible to repel cyber attacks by using artificial intelligence (AI). But AI systems also attack. This has long since been used by criminals for their purposes. Does this mean a soon direct battle of AI defense against AI attack?

Criminals already use bots to optimize their cyber attacks. Photo: Fotolia – Gorodenkoff

Artificial intelligence (AI) makes language assistants possible, helps with care of the elderly or enables highly automated cars to recognize traffic signs and make driving decisions. But the bad guys have also discovered the power of self-learning algorithms: security researchers report that cyber criminals are already applying bots, which coordinate and optimize their attacks via machine learning. In future, machine learning could help internet criminals refine phishing campaigns. Security software provider Avast foresees 2018 as the possible year of AI-based attacks in their “Threat Landscape Report 2018”.

At worst, according to Avast’s analysts, the attackers will start using artificial intelligence to specifically search for weaknesses in systems also based on artificial intelligence. US security researchers have already demonstrated how traffic signs, for example, may be manipulated so the human eye doesn’t become suspicious, but an AI system will identify a stop sign instead of a speed limit – with potentially drastic consequences. If security experts and developers, in turn, increasingly count on AI to meet the described attack scenarios, this arms race could amount to a direct battle of AI versus AI.

Artificial intelligence scanning large data volume for threats

Because the good guys have been arming themselves, too: according to a study of IBM Institute for Business Value, the circulation of intelligent AI security solutions will increase significantly in the next few years.

Today, machine learning is the method of choice, whenever it’s about finding and reliably identifying certain patterns in the future. So security providers are applying AI solutions to collect trends and anomalies in large data volumes – for example in data traffic within the corporate network or incoming emails. That way, spam- and phishing mails may, for example, be identified with the help of AI. Easier realization of such systems have been in use on privately and commercially used computers for a while: the typical spam filters of email programs and platforms have been using self-learning features to recognize unwanted messages for years.

AI systems consider global corporate networks

But modern AI systems are taking it one step further: they are, for example, able to identify hidden channels within corporate networks, via which data is being tapped. The great strength of AI, pattern recognition, enables increased automated recognition of a large range of security problems and anomalies. Though this also means that the AI must be trained to distinguish normal IT glitches from currently happening cyber attacks. Additionally, the self-learning algorithms are able to adapt to companies’ internal information and interpret their analytical findings on the basis of it. And, upon request, AI-based security solutions consider a corporation’s entire global network in such analyses, not just the local data traffic as is the case with traditional security systems. In the important computer forensics, AI systems consequently act increasingly faster and more reliably than comparable solutions without AI.

The artificial intelligence must be trained to distinguish normal IT glitches from currently happening cyber attacks. Photo: Fotolia – sdecoret

AI analysis systems adapt to their users’ business models

In the near future, according to the prognosis of Christian Nern, Head of Security Software DACH at IBM Germany, AI-based security analysis systems shall largely be capable of proactively recognizing and repelling attacks. IBM system “Watson for Cyber Security”, for example, calculates projections about how high the threat of which kind of cyber attack is at any given moment. Such predictions are based on the awareness of where at any given time attacks in which manner and according to which patterns are registered. The specific assignments for the artificial intelligence can thereby be adapted to their respective users’ business models. At the beginning of 2017, for example, Amazon took over Harvest.AI, whose self-learning algorithm is specialized on the detection of intellectual property.

AI systems carry out analyses independently

Some providers like Avast, Cylance or Samsung are also speaking of the “first generation” of AI-based security solutions. According to this definition, the first generation is especially designed to search structured data like incoming emails or to clearly identify threats. The next step forward to the “second generation” would then be an independent execution of more broadly defined analysis tasks such as the search for threats in the entire network traffic or more complex attack scenarios. AI shall therefore not only automate the recognition but also the defense of threats – even if human system supervisors retain the last decision-making authority for the foreseeable future. To this end, specialized AI systems provide them with well-founded decision templates. Security providers call this feature “augmented intelligence”.

But in a few years, so the hope of IBM software security chief Christian Nern, the confrontations between cyber criminals and security officers will be resolved directly between the applied AI systems. In this future, according to Nern, the actual battle between a – hopefully superior – corporate AI versus the AI used by cyber criminals may in some cases no longer even be necessary. “In that case, both AI systems simply look at each other like two angry wolves for a moment, with the inferior animal sensing its weakness and instinctively withdrawing.”