CyberSecurity

These days we live a predominant portion of our lives dealing with technology, don’t we? Today technology is a common man’s tool, every day serving our needs right from helping us being connected, in all our homes in the form of AI to even our refrigerator, home security, and so much more, it has weaved into every aspect of life. It has become very important, more than ever, to have security awareness and understand its implications in our life. Technology has added a lot of convenience to our lives, unfortunately making us also vulnerable to many attacks and threats.

What is Cyber Security ?

Cybersecurity is a set of techniques that are used to defend internet-connected devices and assets from all kinds of external threats.Today, the internet has become ubiquitous. Everyone uses it, and general users are nearly unaware of the security risks to their devices that exist. This unawareness gives hackers many opportunities to create harmful codes to explore the vulnerabilities of the ever-increasing internet-attached devices such as computers, laptops, smart-phones etc.

Why we need it?

We need cyber-security to protect us from Cyber-Attacks. Threats and risks are present everywhere in the cyber-world. A cyber-attack targeted at a business can bring the business to its knees (For example, the Sony Pictures Hack of 2014). Such attacks not only affect the business to function, but can have long lasting stigma attached to the attacked business. By implementing proper cyber security, we would be protecting our information and systems, while also keeping up with ever-changing technology.

What are the most common cyber-security threats?

As the internet and devices connected to it is evolving, cyber threats are also continuously evolving. In order to stay safe while connected to the internet, it is useful to learn some of the common types of network and security threats.

Phishing Attack

In a phishing attack a directed email is sent to fool individuals to use a link. The link has the capability of installing malware, or uncovering important data. An example of a phishing attack is an email that looks identical to the one sent by your bank to login to your bank account. These kinds of attacks assist black hat hackers in taking user information such as login credentials, credit card authorizations, and other monetary information. These attacks are built on a large scale by gaining access to information from private databases.

Ransomware

In this kind of an attack, hackers steal a database, or some proprietary information, accurately. They then keep all of the data under their control for ransom demands. The growth of cryptocurrencies, such as bitcoin, is empowering ransomware attacks by letting ransom demands to be funded secretly.

Man In The Middle Attacks

These attacks are sometimes known as “snooping attacks”. The attacker inserts themselves in between two-party dealings. They can then tap into the user’s networks, and keep an eye on confidential transactions and gain access to private and/or financial information. The goal is to gain such information from unsuspecting individuals.

Crypto-jacking

This is a new kind of threat related to cryptocurrency. Here, cyber criminals take over the computing power of of people’s home or work computers to search for cryptocurrency, and also for mining crypto-currency.

Supply Chain Attacks

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain.

The examples include ,The Target security breach, Eastern European ATM malware, as well as the Stuxnet computer worm.

Computer viruses

We have heard of this one before. Computer viruses are stealth programs that are intended to spread from computer to computer. Viruses are famous for showing themselves as attachments and as spam emails. They can disable security settings, take private data such as pins and passwords, and even delete complete hard-disks.

Trojan Horses

Just like the Greek Soldiers hid in the wooden horse gifted to the city of Troy, A Trojan Horse is usually a harmful program that hides behind any valid program. Users install it willingly without knowing about it. One of the prime ways they spread is via email, and in the form of fake advertisements.

Spyware and Adware

Spywares are installed on a device without the user’s knowledge. Key loggers are the most common spyware programs, and their prime goal os identity theft.

Computer Worms

Worms are bits of malware that duplicate rapidly and extend between computers. A worm extends from an infected PC by distributing itself to all the contacts of the computer. From there, this cycle continues until all networked computers are affected.

What Are The Powerful Trends in Cybersecurity?

So far, we looked at the definition and a few, common, top types of cybersecurity threats and learnt its relevance in our lives. Next we will explore a few powerful trends such as AI and Quantum computing in the world of Cybersecurity.

Artificial Intelligence (AI)

The application of AI to cybersecurity is still in its experimental stage. It is likely that AI will be used to take charge of the hard and dirty work of selecting potential suspect cases, leaving the most advanced tasks to the security analysts. The advanced tasks would then be investigated with more attention.

The Evolution of AI

Expert Systems

One of the first attempts at automated learning consisted of defining the rule-based decision system. All the possible options were hardcoded within the automated learning solutions, and were verified by experts in the field. Expert systems reduced the decisions to Boolean values, and are not able to adapt to new problems.

Statistical Models

This evolved to statistical models, using large datasets, making the use of statistical and probabilistic models that can more appropriately reflect the indeterministic nature of reality. However, even with statistical models, rule-based decisions, were established in advance and could not be modified to adapt to new data.

Artificial Intelligence, Machine Learning, and Deep Learning

To overcome the above issues, we started using machine learning (ML) algorithms that are capable of generalizing the descriptive models starting from the available data, and then progressively and autonomously generating its own features. Such an approach does not limit itself to predefined target functions, but adopts them to the continuous evolution of the algorithm training process.

When the data is very conformant, there is no advantage to using Machine Learning (ML). Pre-defined statistical models should work fine with such data.

However, when the data is unpredictable, we need to use AI.

Using AI, we can manage data of a more generic and abstract nature than ML

AI is considered as a broad field of research that includes ML. In turn, ML includes deep learning (DL) which is ML method based on artificial neural networks

Detecting Spam with AI

Most security threats use email as an attack vector. To screen out emails (which can be large), sophisticated solutions such as decision trees, logistic regression, and natural language processing (NLP) can be used.

Simple spam detectors use Neural Networks (NN’s) in the form of Perceptrons.

Spam Detection by Perceptrons

A Perceptron is the first successful implementation of a neuron. It is characterized by a layered structure, aimed at associating a result in output to certain input levels.

In AI, the term hyperplane is meant for a decision boundary that help classify the data points. Data points falling on either side of the hyperplane can be attributed to different classes.

Spam Detection with SVMs (Support Vector Machines)

In machine learning, support-vector machines (SVMs, also support-vector networks) are supervised learning models with associated learning algorithms that analyze data for classification and regression analysis.

The advantage of the SVM is that the hyperplane is not limited to the limited model as is in the case of perceptrons.

Detecting Phishing with AI

Phishing can be detected using following methods involving AI and ML.

Logistic Regression

Logistic regression is a classification algorithm, that is used when the response variable is categorical. A categorical expression is one that can only exist as two values, each which is the opposite of the other.

Making Decisions with Decision Trees.

Decision trees are very efficient in the elaboration of large datasets. In fact, the characteristics of the tree data structures allow us to limit the complexity of the algorithm to an order of magnitude equal to O(log n).

Malware Detection with AI

The growth of malware has made it necessary to automate the triage (preparation) phase of malware analysis.

The many names malware go by are

• Trojans — harmless looking executables, which once launched, execute harmful instructions in the background.
• Botnets — compromises as many hosts at the operating system level, taking up compute resources.
• Downloaders — download malicious libraries or portions of code from the network and execute them on victim’s hosts.
• Rootkits — compromise host at OS level, and often device driver level, making the countermeasures (such as antivirus softwares) ineffective.

Malware detection is most effective using dynamic methods involving

• K-Mean Clustering — An unsupervised Machine Learning Algorithm
• Decision tree methods
• Polymorphic malware detection strategies, such as Hidden Markov Models (HMMs)

The Future with AI

As AI gains more prevalence in the cybersecurity realm, the demands from AI for information processing has to increase exponentially. To an extent, this is achievable by using large “armies” of machines in the cloud.

The computing power we have today is based on the binary (0–1) logic, and the hardware for such devices is based on logic gates that microprocessors have. We have been speeding things up by continued miniaturization of circuit components, squeezing the size of circuits in transistors, and increasing the processor clock speed. The effects of this increase in computational power is defined by Moore’s Law.

Super-Charging AI with Quantum Computing

Quantum Computing is based on Quantum Mechanics.

Quantum Mechanics describes systems which always stay at some level of uncertainty, a fluid state rather than a binary state of 0 or 1. It can be used for advanced cryptography.

Quantum computers operate qubits which have to stay in quantum coherence with each other during computations. A qubit is a 2-level quantum system, which means the system can be in two distinguishable states. Whereas, a quantum computer with n qubits can be in $2^n$ states. With each additional qubit, the power of a quantum computer doubles. A quantum computer with 300 qubits is $2^{100}$ times more powerful than a quantum computer with 200 qubits. Thus making it faster and more powerful than traditional computers.

In Quantum Mechanics, we have a vector of complex numbers, which are called amplitudes, and the sum of squares of absolute values of these amplitudes, which equal 1. The amplitudes can be positive or negative, and it’s important that these amplitudes interfere with each other, which is called quantum interference.

A quantum computer exploits quantum interference. The computations are arranged in such a way, where the paths leading to wrong answers have negative and positive amplitudes cancelling each other, while the paths leading to correct answers have amplitudes of the same sign.

Quantum physics is probabilistic, meaning the outcomes constitute a predicted distribution.

In certain classes of problems, where outcomes are governed by unintuitive and surprising relationships among the different input factors, quantum computers have the potential to better predict that distribution thereby leading to a more correct answer.

Dr. Hayes states: “The basic idea is that there are problems that require an AI to generate new data that it hasn’t seen before in order to make a decision. Solving this problem may require coming up with an underlying model for the probability distribution in question that it could use in new situations.”

References

1. Hacking AI — Hans Weber
2. How To Create Machine Super-Intelligence — Artem Kovera
3. https://www.forbes.com/sites/tomtaulli/2020/08/14/quantum-computing-what-does-it-mean-for-ai-artificial-intelligence/?sh=6bef63423b4c
4. Hands On Artificial Intelligence for CyberSecurity — Alessandro Parisi
5. Images — www.pexels.com
6. wikipedia.com