AI and Cybersecurity: Friend or Foe?

Photo: Visual Generation / iStockPhoto

Imagine the damage an intelligent virus could inflict. It would arrive at the network perimeter. Or worse, it would penetrate your firewalls via a phishing attack. It would take stock of the system’s defenses, make real-time intelligent decisions, and start attacking. For example, it could conceivably turn its virus characteristics on and off when necessary to evade antivirus software. It would be almost like letting an unescorted human cybercriminal inside your datacenter.

Fortunately, truly intelligent malware, computers, and robots exist only in science fiction. See this article for an explanation of why we will almost certainly not see intelligent malware or intelligent computers of any type in our lifetimes. So, we do not have to worry about viruses that can think and reason like people.

AI as a Friend

Where conventional software falls short is in identifying newly released malware whose signatures are not yet available. Here, AI becomes a friend. Machine learning can be used to analyze network traffic patterns using port mirroring or netflow to determine what constitutes “normal” traffic. These network detection and response systems can then raise alerts when suspicious traffic is observed. They can be used to raise alerts for both north-south traffic (traffic coming in from the internet) and east-west traffic (behind the firewall).

Machine learning can also be used in other ways to identify security issues. For example, log data can be analyzed to determine normal patterns and raise alerts when anomalies are detecting. Similarly, machine learning can be used to analyze patterns of user behavior and flag suspicious behavior.

AI as a Foe

  • Machine learning can be used to generate new strains of malware that are harder to detect. However, once their signatures make it into the security databases, they will be detectable by conventional anti-malware software.
  • An attacker could acquire commercially available threat detection systems and use AI to learn the types of traffic that will bypass the system defenses.
  • An attacker could use machine learning to monitor the behavior of the target network and create malware that resemble “normal” traffic.

AI can also be used to generate emails for spear phishing attacks and audio deepfakes can be used to send those same targeted individuals voice messages that sound like someone they know.

AI Applications Broaden the Attack Surface

AI software can be analyzed to create adversarial examples that cause the software to respond incorrectly. For example, researchers showed that small alterations to lane markers that would not fool humans caused a self-driving car to drive in the wrong lane. Baidu researchers published a set of tools that can be used by other researchers to fool virtually any deep learning system. Their goal, of course, was not to encourage attackers, but rather to help researchers create defense mechanisms in their deep learning systems.

Also, because machine learning systems are trained on large datasets, the behavior of these systems can be altered by changing the training data. This happened to Microsoft when it released its Tay chatbot which learned to be a racist from user interactions.

Conclusion: Friend or Foe?

Cybersecurity has always been a cat-and-mouse game. AI adds to the toolkits of both the attackers and defenders but does not give either a winning advantage.

Please enter any comments below and visit AI Perspectives where you can find a free online AI 101 textbook with 15 chapters, 400 pages, 3000 references, and no advanced mathematics.

Author of “Evil Robots, Killer Computers, and Other Myths: The Truth About AI and the Future of Humanity” published Feb 9, 2021 by Fast Company Press.