Why AI acts as a double edged sword for cyber security

A double edged sword is something that seems to be good, but that can have a bad effect.

In the ever changing cyber threat landscape, Security has become something of an arms race. With the rising number of threats everyday, just relying on a human resource would not be enough. Also the lack of cyber security proffessionals just adds the existing problem. Well, one good thing is that AI, in turn promises to be a great solution to this. The market cap of AI powered cyber security solution is also increasing exponentially and is excepted to reach USD 34.81 Billion by 2025.

At present, there are many such tools of AI which would predict, analyze and counter attack the unknown threats.

Some notable uses cases where AI has already proved to be succesful are:-

  • Threat hunting:- AI can increase the detection rate to as high as 95 percent, compared to signature based tools. Also the latter could not detect the unknown threats.

  • Network Security:- AI can enhance network security by learning the patterns of network traffic and recommending both security policies and functional workload grouping. Also, I’m working on such project, which is AI based Network based Intrusion detection system.

  • Automated Malware Defence:- This is by far the most accomplished and ready-to-be-exploit solution. With the rise of Polymorphic malware any traditional antivirus software at present is pretty useless. AI based tools use Heuristic algorithm, which in turn, is a much more powerful weapon. This algorithm helps in detection of unknown Zero day threats and also has a very low false positive rate.

But is AI really a silver bullet for cyber security?

A Cisco survey found that 39% of CISOs say their organizations are reliant on automation for cybersecurity, another 34% say they are reliant on machine learning, and 32% report they are highly reliant on AI. It’s good thing for sure, but heavy reliance on AI can prove to be dangerous. Lets discuss some critical vulnerabilities of AI, in order to understand the risk of situation. Since the AI would be trained o very large datasets, if a hacker or an APT group manages to change the value of those datasets or even poison the dataset by adding malicious data, it could become a huge problem. As the size of datasets are very large enough, detecting those types of attacks are also not possible.

The answer to above question remains quite ambigous and even controversial to some extent because of the

The other side of the Sword

Despite all the advantages of AI in preventing the threats, but what if any hacker somehow weaponizes AI.. In the recent few years, there has been a rise of AI based Cyber attacks. some of those are :-

  • Deep Fakes:- Deepfakes are synthetic media in which a person in an existing image or video is replaced with someone else’s likeness. There are a number of people, who just blindly follow anything shown on the internet and just imagine what would happen if people people across these deepfakes. There’s even a SFW subreddit where u can check those examples.

  • AI powered Ransomware:- What AI offered to the world of cybersecurity is its ability to detect malware as soon as it enters into a system, or in some cases before it enters it. But at the same time some hackers were able to create a advanced version of polymorphic malware which truly becomes a mass weapon of destruction. Since, the malware will be able to change it’s code, detecting it would be almost next to imposiible.

  • Adversial Attacks:- By adding some noise on the signal or Inforamtion, the AI based tool can classify that info into something which it is not. In this article it is shown that how easy it is to fool an AI. There are few cases where by adding few stickers on STOP sign, it would then get classified as a SPEED sign. I think I don’t even have to explain it’s impact on real life situations.

Reasearchers are still working on solving those problems by introducing a new type of program, which I would be discussing in my next blog post.

Until next time