Artificial intelligence and cyber security appear as important concepts in the “digital age” we live in. Increasing digitalization also increases digital security concerns. Cyber attacks on critical infrastructures and identity theft have become a growing social threat. These crimes not only affected millions of people but also began to affect many organizations. According to Cybersecurity Ventures estimates, the cost of cybercrime is around 6 trillion dollars in 2021 (1). Cyber attacks are becoming increasingly sophisticated. As the Internet of Things (IoT) world expands, attackers discover new vulnerabilities. Therefore, artificial intelligence (AI) is becoming one of the frequently talked about topics in the private sector and academia. The cyber world and how to transform cyber security and threats in this context.
The Relationship Between Artificial Intelligence and Cyber Security
Artificial intelligence is a field of computer science that makes machines appear “as if they had natural intelligence.” Moreover, it works entirely with artificial tools, without the need for living organisms. It is the technology of machines that can behave like humans (2). It provides solutions to complex processes by handling many tasks with machine power.
Artificial intelligence is now used effectively in almost every field of science and engineering. It is possible to follow revolutionary developments in every field where artificial intelligence is used, from healthcare to robotics. Moreover, the cyber world is one of the areas where artificial intelligence technology is most frequently used. The ever-increasing risk of cyber-attacks has increased exponentially with recent advances in artificial intelligence. This technology is not far from cybercrimes and has begun to replace conventional, “normal” cyber attacks with “smarter” attacks.
Uses of Artificial Intelligence in Cyber Attacks
According to the analysis of William Dixon and Nicole Eagan, artificial intelligence will also increase the cyber weapon capacity of attackers. In their analysis, Binary calls systems with such capabilities ‘Offensive Artificial Intelligence’. The technology in question acts as a sophisticated and malicious attack code. For example, artificial intelligence can collect information from its environment. It can then change and skillfully compromise low-level systems. All of this makes it likely that a new class of attackers will emerge that will shape cybersecurity. Systems with this capability can manipulate data, etc., rather than stealing it directly. may have purposes (3).
How to Impersonate a Trusted User Identity with Artificial Intelligence?
The necessary infrastructure and knowledge to use artificial intelligence as an attack tool already exists. It is available on the Internet as open open-source artificial intelligence research project. According to Ondrej Kubovič and Juraj, the Emotet Trojan, a malware, can be considered a prototype artificial intelligence attack. Emotet’s working mechanism is generally in a structure that forces users to click on malicious e-mail attachments/links, which we call phishing. By adding a new module to the Trojan horses, Emotet’s developers can now steal the data in the leaked e-mail.
Emotet collects telemetry data from its potential victims and sends it to the attackers’ C&C servers for analysis. Then the module to be included in the final load is selected. It can distinguish real human operators from virtual machines and honeypot environments used by researchers. The most distinctive feature of Emotet is that it can distinguish artificial processes from traps.
A demonstration of how Emotet works
Source: Ondrej Kubovič and Juraj Jánošík: “Machine Learning Era in Cybersecurity”
The compromised victim’s machine transmits unique telemetric data to the attacker’s C&C server. It also obtains a command or binary module. It then uses an AI’s ability to learn and replicate language by analyzing the content of the email header. This means that an AI-based Emotet Trojan can create a stronger phishing email.
The results of artificial intelligence-based attack methods can be quite devastating. It can even reach a level that threatens human life. In addition, attacks that target and damage data integrity lead to a loss of trust in organizations. Moreover, it can cause malfunctions or even collapse in critical systems.
The Role of Artificial Intelligence in Cyber Attacks
The devastating impact of the much-talked-about WannaCry attack in 2017 signaled that a new era would begin in the level of sophistication of cyber attacks. According to experts, the use of artificial intelligence in cyber attacks affects security under three headings.
Impersonation of trusted users:
People’s e-mail and social media communications can be analyzed with malware. In this case, it becomes easier to imitate the person’s behavior and the way they use language. Additionally, messages that appear trustworthy can be produced by taking a person’s speaking style. Since most attacks enter our systems through our inboxes, even the most savvy users are at risk of becoming vulnerable.
Background blending:
Malware can survive in the systems it enters for a long time without being noticed. They move slowly and carefully to avoid traditional security checks on systems. They usually target specific people and organizations. Artificial intelligence-based malware looks for dominant communication channels for its movement in the system. Additionally, after learning the most secure ports and protocols they target, they investigate the data sets they can access. At this point, they also can determine which ones are valuable.
More effective results with faster attacks:
The most advanced attacks today are carried out through social engineering. These social engineering attacks require detailed research on the targeted individuals or organizations. According to experts, it is possible to develop an artificial intelligence-based social engineer. The only way to eliminate and combat AI-based attacks is artificial intelligence itself.
Apart from its misuse, artificial intelligence has many benefits in the field of security. Malware and cyber attacks can be difficult to detect with traditional cyber security procedures. Thinktech states that the use of artificial intelligence is a very effective solution in data security (4). Developments in the world of identity and access management show that passwords can be changed with a smart artificial intelligence-based system (5). Experts talk about the benefits of using robots to counter attacks, especially those carried out by artificial intelligence. As a result, artificial intelligence-based solutions can produce new response techniques based on machine learning by referencing old attack data.
Artificial Intelligence Investments in Cyber Security
Conflicts in cyberspace are expected to increase rapidly on an international scale. In addition to attacks on critical infrastructure and public services, attacks on the functioning of state and financial bodies are also predicted. Additionally, scenarios involving damage to traditional social institutions such as banks, the press, and the law are highlighted. Artificial intelligence can be used effectively to prevent such cyber crimes. On the other hand, it is not right to see artificial intelligence as a miraculous solution. According to the Forcepoint report, companies are planning investments in artificial intelligence and machine learning for security (6). ESET research reveals that this is perceived as a ‘magic wand’ for decision-makers in the IT industry. According to the same research, this idea shows the vulnerability of organizations against cybercrime (7).
Annotation:
[*] Ondrej Kubovič, Juraj Jánošík, “The Era of Machine Learning in Cybersecurity: A step towards a safer world or the beginning of chaos?” https://cdn1.esetstatic.com/ESET/TR/Documents/ML_WP_MWC_TR.pdf
Resources:
- Cybersecurity Ventures (2019), “Cybercrime Damages $6 Trillion By 2021”, https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
- Shift Delete, “Yapay Zekâ Nedir”, https://shiftdelete.net/yapay-zekâ-nedir-62428
- William Dixon, Nicole Eagan(2019), “3 ways AI will change the nature of cyberattacks”https://www.weforum.org/agenda/2019/06/ai-is-powering-a-new-generation-of-cyberattack-its-also-our-best-defence/
- STM Thinktech, “Siber Güvenlik Yapay Zekâ ve Makine Öğrenmesi ile Yeniden Şekilleniyor”, https://thinktech.stm.com.tr/uploads/raporlar/pdf/2072018103629915_stm_siber_guvenlik_icin_yapay_zeka.pdf
- Sam Bocetta, “Is AI fundamental to the future of cybersecurity?”, https://www.csoonline.com/article/3402018/is-ai-fundamental-to-the-future-of-cybersecurity.html
- XTr Haber Merkezi, “En yeni siber güvenlik tehdidi yapay zekâ olabilir mi?”, https://www.xtrlarge.com/2018/11/14/siber-guvenlik-tehdit-yapay-zeka/
- Enterprise Next, “HOMEGENELESET Araştırması: Yapay zekâ (AI) Siber Güvenlikte Sihirli Değnek mi? ESET Araştırması: Yapay zekâ (AI) Siber Güvenlikte Sihirli Değnek mi?”https://epnext.com/eset/eset-arastirmasi-yapay-zeka-ai-siber-guvenlikte-sihirli-degnek-mi/
- Bhatele, K. R., Shrivastava, H., & Kumari, N. (2019). The Role of Artificial Intelligence in Cyber Security. In Countering Cyber Attacks and Preserving the Integrity and Availability of Critical Systems (pp. 170-192). IGI Global
- Geluvaraj, B., Satwik, P. M., & Kumar, T. A. (2019). The Future of Cybersecurity: Major Role of Artificial Intelligence, Machine Learning, and Deep Learning in Cyberspace. In International Conference on Computer Networks and Communication Technologies (pp. 739-747). Springer, Singapore.