AI and Cybersecurity

Crossposted to A Bit of Noise. Download the slides here.


Background

AI

AI became a mainstream topic due to the sudden popularity of ChatGPT, but ChatGPT came from a discipline that has received decades of research.

AI started as a discipline started in the 1950s, around the time the first computer was invented. For thousands of years, humans have tried to make machines that resemble humans, but with the invention of computers and computer science as a discipline, the inventors saw major potential in achieving the “dream” of making machines that can act and think like humans. And that is how AI started. Over the next few decades, a lot of resources were poured into AI to develop these machines with the goal and desire to replicate human intelligence.

With modern AI, the way it works is you feed large amounts of data into an algorithm, which is used to train a model, and once trained, the model and algorithm is able to produce some output based on all the training data.

This technique and modern computing power has allowed us to achieve something called artificial narrow intelligence, which allows the AI to perform one function, and reasonably well. On a higher level, there is something called artificial general intelligence, which allows the AI to perform everything a human can. On an even higher level, there is something called artificial superintelligence, which allows the AI to perform things beyond what a human can. The technology is no where near artificial general intelligence, and even further from artificial superintelligence, but there are definitely humans out who are trying to achieve this.

Even with artificial narrow intelligence, AI provides a number of benefits. It is able to perform tasks faster and more efficiently. It is able to automate tasks, reduce human error,, and eliminate repetitive tasks. It is able to analyze large amounts of data, derive insights and make predictions. And lastly, it is able to generate new output and enable new applications.

AI is now used in many applications, such as computer vision, natural language processing, speech recognition, self-driving, search, and much more.

Cybersecurity

One of the first concepts that cybersecurity professionals learn is the CIA Triad. CIA stands for Confidentiality, Integrity and Availability. Confidentiality means data and/or system can only be accessed by authorized parties. Integrity means data and/or system cannot be modified by unauthorized parties, and if it is modified, then authorized parties are able to detect it. Availability means authorized parties are able to access the data and/or system when they need or want it.

One other concept that is important in cybersecurity is the idea of intent, as the same tools, systems or data can be used differently based on the context, and the intention of the person using it. In cybersecurity investigations, investigators try to determine whether something is legitimate use, misuse or abuse. Abuse in this context means malicious intent, and misuse does not necessarily mean malicious intent, but usage outside of the norm. Sometimes, misuse and abuse are the same or at least look the same.

With the increasing complexity of modern systems, security has also become increasingly complex. There are areas of security to cover the area of each system, including network security, endpoint security, mobile security, cloud security, web security, and many more. The job of a cybersecurity professional has become that much more complex, as we now need expertise or at least some understanding of each area in order to be informed as a cybersecurity professional.

AI + Cybersecurity

The increase in complexity needs better solutions, and AI has definitely helped further the goals of the CIA Triad. But, as with any invention, humans can leverage it for legitimate use, and less legitimate uses. In this section, we are going to take a look at this from both perspectives: defensive, where the technology was invented to fulfill the goals of CIA Triad by protecting data, systems and/or assets, and offensive, where the technology was used for malicious purposes by using it for attacking.

Defensive

Here are some of the ways that AI is being used to fulfill the goals of CIA Triad:

  • Network security: learn and analyze traffic patterns and behaviours

  • Endpoint security: learn and analyze files and processes on the OS for unexpected behaviours and signatures

  • Email security: learn and analyze emails for unexpected content, attachments, URLs, headers

  • Application security: learn and analyze software code for bugs, vulnerabilities

  • Web security: learn and inspect web sites, URLs, files for unexpected behaviour or content

  • Identity and access management: learn and analyze user behaviour

  • Incident response / security operations: learn and analyze logs from many systems, including network, OS, cloud, DNS, and look for unexpected behaviours

  • Incident response + automation: learn and analyze data, respond to questions in natural language, derive insights and make a determination of legitimate use, misuse or abuse, and suggest actions to take to remediate issues (or even take the actions automatically)

Offensive

Here are some of the ways that AI is being misused for malicious purposes:

  • Malware:

    • Train malware against endpoint protection software to see what gets detected or not, then write malware to evade detection

    • Write malware that is “constantly changing”, where AI can generate slightly different code each time so it looks different to security software

    • Poison AI algorithms by training them with malicious data

  • Attacking: use AI-assisted tools to carry out attacks

  • Impersonation: using other people’s likeness, such as voice and face, for the purpose of defamation, political, spreading misinformation, account takeover or other malicious purposes; commonly known as “deepfakes”

  • Email: make phishing emails more realistic

  • Application: learn and analyze software code for bugs and vulnerabilities before they are discovered by the defenders

  • Passwords: analyze password patterns and predict likely passwords

Moral of the Story

Cybersecurity is a constant game of cat and mouse. At the end of the day, there will always be people who want to use inventions for the better, and those who want to cause harm or damage. We need more people to join cybersecurity to fight against the “bad guys”

Future

So what does the future look like?

From a short-term perspective, current world events usually dictate what people spend their time researching and developing on, and in light of the wars going on in the world, we are more than likely to see technology being used for malicious purposes.

From a long-term perspective, a lot of work has been going into advancing several aspects of people’s lives, and I believe this will improve people’s quality of lives.

Short-term

Here are some things I predict in the short-term:

  • Even more realistic and more frequent deepfakes

  • Higher rate of misinformation

  • Higher rate of attacking campaigns

  • Potentially first use of AI in warfare

Long-term - AI

Here are some applications of AI I see benefitting humans in the long-term:

  • Full self-driving

  • Real-time and more accurate translation between languages, which reduces language barrier

  • More efficient agriculture, where farmers can deploy sensors on animals and crop fields, feed sensor readings to AI models, and then use it to optimize its decisions

  • More accurate diagnostics in healthcare

  • More realistic gaming

  • More realistic and less hallucinating chatbots

  • More regulation

Long-term - Cybersecurity

The current issues in cybersecurity is not that we need more tools, but rather to help cybersecurity professionals be more efficient. Here is what I see with respect to cybersecurity in the long-term:

  • Adoption of AI-assisted tools to find weaknesses, gain more insights, gain more accurate insights, and automate repetitive tasks

  • Reduction or even elimination of manual work, which allows humans more time to make decisions, and decisions are more informed due to more time given and better insights

  • Consolidation of tools and/or security vendors

References

Previous
Previous

Weekly Roundup - Oct 15, 2023

Next
Next

Weekly Roundup - Oct 8, 2023