Today, Artificial Intelligence has touched almost all areas of human activity, and cybersecurity is no exception. A striking example of finding synergies at the intersection of these two areas is the two-year AI Cyber Challenge, launched in 2023, which aims to create next-generation cyber defense systems. Human intelligence is still the only option for establishing security posture, but in the case of growing potential threats, cybersecurity teams are looking for more advanced security tools that will help to analyze vast amounts of data, identify potential risks, notice malicious activity, and provide threat detection. There are many new types of attacks, and Artificial Intelligence (AI) is a great assistant for human teams to enhance cyber security and analyze threat landscape in real time.
What is AI applications in cybersecurity? What are the advantages of AI in cybersecurity? What is the role of AI in cybersecurity? Is AI monitoring vs traditional monitoring a better option?
AI challenges in cybersecurity
If we consider artificial intelligence as a set of technological solutions that allow imitating human cognitive functions, including software that uses machine learning methods, we can conditionally distinguish two key areas of its application in cybersecurity:
– pattern recognition
– anomaly detection.
Probably, one of the very first applied tasks of applying machine learning in cybersecurity was the detection of spam by recognizing patterns and false positives, and anomaly detection was used to detect intrusions in network traffic. Well, and the methods of solving problems on detection and analysis of malware successfully combines pattern recognition and anomaly detection.
Now to the actual applied tasks of application of artificial intelligence should include the fight against fraud (Anti-fraud), management and delimitation of access rights to various resources, especially remote access.
Special attention is paid to vulnerability detection and prioritization, as well as detection and response to information security incidents, including fully automatic response, i.e. without human involvement. Of course, everything starts with the granular participation of artificial intelligence, often in the backend, but gradually it comes to the forefront as a full-fledged frontend component, for example, in the format of a chatbot or “Second Pilot” (Security Copilot).
The range of applications of artificial intelligence in cybersecurity is constantly expanding, and at some point there will be no projects or security teams left that have not adopted artificial intelligence. And considering that the cybersecurity field is experiencing a serious staffing shortage, each of you can already start studying it through the lens of artificial intelligence and participate in solving the challenges that arise.
How Chat GPT helps hackers
But, unfortunately, you should not count on the fact that artificial intelligence is and will be used only for good purposes, i.e. to protect information systems and data. After all, since the end of 2022, the public service Chat GPT has been used by attackers to prepare and conduct cyberattacks. And gradually, targeted maliciously created analogs of the Chat GPT service emerged.
For many attackers, artificial intelligence has become a “bailout wand” in terms of organizing and supporting botnets and obfuscating malware code, but it poses the greatest danger in terms of preparing cyberattacks with elements of social engineering. This is due to the fact that today most of the data available to artificial intelligence for training and analysis relates to human activity and humans as consumers of various services, including their preferences and weaknesses.
It can be stated that artificial intelligence is already being actively used in cybersecurity, and it will continuously expand its application in both defensive (Defensive Cybersecurity) and offensive (Offensive Cybersecurity) operations in a broad sense.
The need to protect the AI itself from attack
It is worth noting one more important point related to the cybersecurity of artificial intelligence itself, i.e. when artificial intelligence itself is the object of defense or attack (depending on which side of the spectrum one looks at).
And how does it differ from the problems of defense of classical (non-intelligent) information systems? The point is that in the case of classical information systems, measures to ensure their cybersecurity are primarily aimed at ensuring the availability of the system itself and data, as well as ensuring the integrity and confidentiality of processed data. But in the case of artificial intelligence systems (services), there are higher-priority defense measures aimed at ensuring fair training and correct decision-making by the artificial intelligence.
Here, attackers can attack the data used for training, attack algorithms and specific ways of their implementation, as well as the entire infrastructure supporting the functioning of artificial intelligence systems (services). It is in this context that one speaks of adversarial (unfair) machine learning (Adversarial Machine Learning).
Approaches to standardizing AI cyber threats
Thus, ensuring cybersecurity of artificial intelligence itself is a separate complex task that is rapidly gaining relevance. And here the shortage of specialists is felt most acutely, because even at the level of approaches to its solution and standards, the first swallows are only just appearing. For example, only in January 2024 in the U.S. standard NIST AI 100-2e2023 “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations” about terminology and classification of attacks was released. And the expected international standard ISO/IEC CD 27090 “Cybersecurity. Artificial Intelligence. Guidance for addressing security cyber threats and failures in artificial intelligence systems” is still under development.
Speaking of standardization, it should be noted that there is practically no legal regulation of artificial intelligence in general, let alone regulation of artificial intelligence in terms of cybersecurity, i.e. we all still have a lot of work to do in this direction. The results of which may both push us into the ranks of advanced countries and, unfortunately, throw us out of the leadership.
Comprehensive approach
It can be seen that even this small publication demonstrates the multifaceted intersection of artificial intelligence and cybersecurity. It is advisable to consider these directions in an integrated manner (see figure). It is the integrated approach that will allow us to make informed decisions on their joint application and on the development of solutions in these areas of science and technology.
Regardless of the depth of integration and interpenetration of artificial intelligence and cybersecurity, there will be no complete replacement of cyber defense specialists. In the very near future, we will need specialists and experts who will develop and maintain both intelligent cyber defense systems and artificial intelligence systems in a secure design, so be sure to explore these promising areas.