Artificial Intelligence and Cybersecurity
How can we use AI in the field of cybersecurity and what are the advantages and disadvantages?
AI In The News
“National security always matters, obviously. But the reality is that if you have an open door in your software for the good guys, the bad guys get in there, too.”
— Tim Cook
Nowadays, we hear the words AI, Artificial Intelligence, Machine Learning, Deep Learning, and so on almost every day in the news and on many social media. We hear more and more usages of AI in our daily life in the following fields:
- Medicine
- Banking
- Tech Support
- Sports
- Films
- Shorts and Reels
And so on, the list is endless. But we barely hear the word AI when it comes to the cybersecurity field. Why?
- There are a lot of classified projects of AI in many defense organizations that we never heard of and will never hear of.
- Most of the algorithms aren’t that huge like many popular algorithms(Diffusion Models, ChatGPT and etc…), but they do have a huge impact on a larger system. Those algorithms are more to “boost/support” the larger non-AI algorithm.
- Most AI algorithms in the cyber field will work only on a specific kind of data and were built to do one specific task and will not do a great job if we will change the slightest feature/parameter or data.
- Most of the data is private and classified so, to the public there is not a lot of data to work with or experiment with.
Now that you know why you barely hear about AI in the field of cybersecurity, you might understand that even if you have the data and the right tools it’s still hard to build something good and reliable because of the little information that we have in that field with AI.
How Can We Use AI In The Cybersecurity field?
“One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man.”
— Elbert Hubbard
Even though we have a little information problem, we still can use AI to automate the small daily tasks of a cyber analyst, cyber researcher, SOC analyst, or any other role that looks at the data and tries to analyze it.
AI is good at one task and one task only, finding patterns in the data. This is what AI was meant to do and this is what AI is doing, learning “unseen” patterns in big data and finding those similar patterns in new given data. And so, we can use it to find anomalies in system behaviors (when a cyber attack happens on that system). We can also detect the type of attack on that system by “teaching” the AI the previous attacks on the system and how they affected that system, so later the AI will be able to detect that attack and even say what kind of attack it is and what it's upcoming actions.
We can use AI to:
- Detect strange actions in the system — Anomaly Detection
- Classify the type of the cyber attack
- Cluster cyber attacks to find connections between them and maybe connect them into a group of threat actors — Detect threat actors or maybe found new unknown threat actors
And much more…
Reconnaissance
There are a lot of usages in real-time detection but using AI in the “reconnaissance area” is much more powerful and more useful. The first step of a hacker is to get as much information as he can to not walk “blindly”, and sometimes there is too much-unneeded information that makes that task much harder. This is where an AI can act and help the hacker clear the way.
As we know, AI is much more powerful when it has more data and since AI doesn’t care about how much information it has, it will do a great job of detecting unseen areas that the hacker might skip. Many companies are using the same/similar software structures and architectures and sometimes it can be hard to know all of them or to understand that software is similar to a previous software that you know. Using AI can solve this problem and make it easier to know what kind of architecture it is and find hidden areas too if there’s something unfamiliar/new.
But of course, we aren’t here to talk about how to hack but how to defend ourselves from those cyber criminals and make our software more secure than before. We can use this kind of AI algorithm to understand how a hacker will try to hack into our systems and what we can do to avoid this kind of situation. We can pretty much use AI to test how secure our software is.
Confuse the hackers
“The whole secret lies in confusing the enemy, so that he cannot fathom our real intent.”
— Sun Tzu
Nowadays, we hear more and more about generative AI so why not use it to secure our software? After all, our websites, files, text, and everything about our software are just a bunch of data and code that we pass from x to y. Most of the users aren’t looking inside the code nor inside the files themselves, but the people who want to exploit them do.
Generative AI can help us to generate useless data, rearrange the paths and even make the code unreadable for the public to read so, it will be almost impossible for hackers to understand how the system works.
We can also use generative AI in the area of encryption, there are many AI models whose job is to encrypt the data and decrypt it. But at the moment, there are many ways to decrypt the message using other AI algorithms so this isn’t the best idea (at the moment).
What’s Next?
So now that you have a basic understanding of how we can use AI in the cybersecurity field and know why it’s not popular in the news, you can understand how important is but also how difficult is to use AI in the cybersecurity area. But it doesn’t stop us (the open community) from still contributing to that field with the power of AI and even bringing and introducing that field to new people. So, later in the future, the open community will maybe solve huge world cyber problems that will make us safer and more protected from future cyber attacks.
What now?
You can stick with me, as I’ll publish more and more blogs, guides, and tutorials.
Until the next one, have a great day!
Tomer
Where to find me:
Artificialis: Discord community server , full of AI enthusiasts and professionals
Newsletter, weekly updates on my work, news in the world of AI, tutorials and more!
Our Medium publication: Artificial Intelligence, health, life. Blogs, articles, tutorials. all in one.
