By: Yadiel D. Cordero Badillo
Cybersecurity experts said that Machine Learning and Artificial Intelligence have positively and negatively affected cybersecurity. Although relatively new AI security tools are often used to define “good” as opposed to “bad” by comparing the behavior of entities throughout the environment with those living in similar environments. Artificial intelligence algorithms are used to train data to respond to different situations. Artificial Intelligence is helping Cybersecurity to accelerate its technological progress. Security experts, including CISOs with products purporting to use artificial intelligence to dramatically improve the accuracy and efficiency speed of both threat detection and response. Real-time analytics and data make it possible to build more substantial and sharp business cases. The AI model requires specific cybersecurity defense and protection techniques to protect machine learning and the privacy of machine learning and federal learning. Cybersecurity is one of the most crucial parts of artificial intelligence.
“If you think you know-it-all about cybersecurity, this discipline was probably ill-explained to you.”
― Stephane Nappo ( Global 2018 CISO of the Year)
We can say that AI can swing both ways in terms of offensive or defensive security. Either in favor of the organization(white hat) or in favor of cybercriminals ( black hat), depending on the circumstances. Organizations can beef up their security by using emerging technologies and AI based software. For this reason, organizations are investing more in Artificial intelligence to avoid time wasting and financial losses. Artificial intelligence can identify patterns in the data to enable security systems to learn from past experiences. Machine Learning also allows companies to reduce the response time to incidents with best security practices.
Signature-based techniques can detect more than 90% of threats. Replacing traditional technology with AI can increase the detection rates up to 95%, but one of the problems is the data might explode with false positives. Companies can also use AI to enhance the threat hunting process by integrating behavior analysis. One popular tool is Symantec’s Targeted attack analytics (TAA) tool. The TAA tool was used by Symantec to counter the Dragonfly 2.0 attack last year. How does it work? it unveils suspicious activity in individual endpoints and collates that information to determine whether each action indicate hidden malicious activity. One of the most common attacks as we all know includes injecting/sending or installing malware on your device.
In 2010, the US Defense Advanced Research Projects Agency (DARPA) created their first Cyber Genome Program to uncover the ‘DNA’ of malware and other cyber threats, which led to the creation of algorithm present in the Intercept X. Sophos created Its tool, Intercept X, which uses a deep learning neural network that works similar to a human brain. Before a file executes, the Intercept X is able to extract millions of features from a file, conduct a deep analysis, and determine if a file is benign or malicious in milliseconds. The model is trained on real-world feedback and bi-directional sharing of threat intelligence via an access to millions of samples provided by the data scientists.AI computational and continuous monitoring capabilities provide insights into values that will improve the effectiveness and security of infrastructure and equipment for example. Artificial intelligence is helping to improve our intelligent models for implementing malware classification and intrusion detection, and threat intelligence sensors.
Studies show that the global cost of typical data breach recovery is $3.86.
Only defenses using the latest AI can keep pace with the constantly evolving threat posed by cybercriminals. AI solutions are based on three fundamental rules: learning, reasoning, and augmentation. The AI improves its knowledge to understand cybersecurity threats and cyber risk through AI techniques. In the cybersecurity space, now artificial intelligence is eligible to increase the level of detection, range, and precision of cyber attacks. Most of the companies acknowledge that they will not respond to critical threats without the setup of Artificial Intelligence. This is due to increased end-user devices, the growth of networks and user interfaces, IoT, and 5G transformation.
Decision Tree Phishing Detector
// Importing Librariesimport pandas as pd
import numpy as np
from sklearn import *
from sklearn.linear_model import LogisticRegression
from sklearn.metrics import accuracy_score
warnings.simplefilter('ignore')// importing datasetphishing_dataset = np.genfromtxt('../datasets/phishing_dataset.csv', delimiter=',', dtype=np.int32)
samples = phishing_dataset[:,:-1]
targets = phishing_dataset[:, -1]// importing trained dataset/splitfrom sklearn.model_selection import train_test_split
training_samples, testing_samples, training_targets, testing_targets = train_test_split(
samples, targets, test_size=0.2, random_state=0)//importing Decision Tree functionfrom sklearn import tree
tree_classifier = tree.DecisionTreeClassifier()// running trained samplestree_classifier.fit(training_samples, training_targets)DecisionTreeClassifier(class_weight=None, criterion='gini', max_depth=None,
min_weight_fraction_leaf=0.0, presort=False, random_state=None,
splitter='best')predictions = tree_classifier.predict(testing_samples)accuracy = 100.0 * accuracy_score(testing_targets, predictions)
print ("Decision Tree accuracy: " + str(accuracy))//Phishing Detector AccuracyDecision Tree accuracy: 96.29127091813659// credit to Packt, IBM , Course intro to CyberSec and AI for CS
One of the significant advantages of AI systems is that they collaborate by categorized attacks according to the threat level and thus being able to assign the priority with which each incident should be given attention respectively. In cybersecurity, natural language processing(NLP) allows analysts to respond to messages with which they can secure points, data, and networks with maximum confidence, speed, and great potential. For example, based on a database of both benign and malicious code traits, through a violent algorithm, the AI is involved in trying to determine whether the code analyzed is malicious or not.
Just as diamond cuts diamond, AI cuts AI. By using AI to attack and to prevent on either side, AI systems will learn different and newer patterns and also identify unique deviations to security analysts. This provides organizations to resolve an attack on the way much before it reaches to the core. Given the rate at which AI and machine learning are expanding, the days when AI will redefine the entire cybersecurity ecosystem are not that far.
Abbas, N. N., Ahmed, T., Shah, S. H. U., Omar, M., & Park, H. W. (2019). Investigating the applications of artificial intelligence in cyber security. Scientometrics, 121(2), 1189–1211.
Li, J. H. (2018). Cyber security meets artificial intelligence: a survey. Frontiers of Information Technology & Electronic Engineering, 19(12), 1462–1474.
Yamin, M. M., Ullah, M., Ullah, H., & Katt, B. (2021). Weaponized AI for cyber attacks. Journal of Information Security and Applications, 57, 102722.
Patil, P. (2016). Artificial intelligence in cyber security. International Journal of Research in Computer Applications and Robotics, 4(5), 1–5.
Mosteanu, N. R. (2020). ARTIFICIAL INTELLIGENCE AND CYBER SECURITY–FACE TO FACE WITH CYBER ATTACK–A MALTESE CASE OF RISK MANAGEMENT APPROACH. Ecoforum Journal, 9(2).