AI in Cyber Threat Detection
Cyber Threats have become a critical issue in today’s world. Worldwide spending on information security climbed to over US$90 billion in 2017, a roughly 15% increase compared to 2016. Research and development of cyber threat detection and response capabilities will continue to grow this year.
CYBER THREAT TYPES
Cyber attacks can be categorized according to what the attacker is targeting.
Phishing: The attempt to fraudulently obtain sensitive information such as usernames, passwords, or credit card details by posing as a trustworthy entity in an electronic communication.
Ransomware: Malicious software that blocks access to the victim’s data and threatens to publish or delete it unless a ransom is paid. The US Computer Emergency Readiness Team (US-CERT) reported an average of 4,000 daily ransomware attacks worldwide in 2016, a fourfold increase over 2015. More than one-quarter of these attacks were in the US.
Cross-site scripting: A web application vulnerability enables attackers to inject client-side scripts into web pages viewed by other users.
SQL injection: An injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server.
Botnet: A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, e.g., to send spam messages.
DDoS: A type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack.
THREATS RELATED TO EMERGING TECHNOLOGIES
By harnessing the power and potential of machine learning and deep learning technologies, cybercriminals are innovating faster than everybody could imagine. Although emerging technology-based attacks are still rare, some new types of threats can be identified.
The “New” Malware Attacks
The 2017 report “Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN” introduced the threat of machine learning being used for malware creation. The paper proposed a generative adversarial network based algorithm that could easily bypass a detection system. Last year, security company Endgame released research in which they were able to create a new type of malware by modifying Elon Musk’s OpenAI framework. This malware could also easily fool security engines’ defences.
Smart Technique Smart Attacks
By using a combination of machine learning, speech recognition and natural language processing (NLP), the quality of phishing emails or other smart attack techniques could become much more humanlike and effective. A paper released at security conference Black Hat USA 2017, “Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter,” introduced a neural network framework that was able to fool 45% of users (in a random test of 90 users) with its targeted phishing tweets.
AI CYBER THREAT SOLUTIONS
Automation and False Positives
Security Automation, which identifies potential cyber-security incidents by monitoring abnormal data use, is key in defending against cyber threats. AI and machine learning are powerful tools in the field of security automation, and can evolve the monitoring, prioritization and alert processes to the next generation to cut human labour costs and speed up threat management cycle time. Humans remain in the loop only for the purpose of identifying false positives.
With emerging technologies becoming more and more involved in cyber attacks, simply gathering data or creating digital signatures is no longer sufficient for fast threat detection. Introducing AI solutions allows the system to monitor a wider number of factors and better identify patterns of abnormal activity. By leveraging this data, AI and Machine learning can be trained to track information and deliver predictive analysis.
AI SOLUTIONS IN REAL USE CASES
Case Study: MIT AI2 System
MIT’s AI2 System is able to work through raw data and leverage unsupervised machine-learning algorithms to detect abnormal information security activities. The system summarizes patterns and provides detailed information to security operators for further decision making. The decision records act as auto feedback to the core machine-learning model to improve its algorithm for future analysis. The AI2 system’s AI-human fusion achieved an impressive cyber attack identification rate of nearly 86%.
Case Study: Startup Scene
Sentinel — Home Security
The home security company Deep Sentinel leverages deep learning algorithms for property-related safety concerns. The product combines algorithms and computer vision technologies to quickly analyze threat factors in raw video stream data. The company is also researching the use of autonomous drones and IoT device environmental data collection for security solutions. Deep Sentinel’s products aim to leverage pre-trained systems to build a comprehensive home control platform.
Cloudflare — IoT Security
Cloudflare released its Orbit IoT security solution in 2017. Obert is an IoT security solution that enables IoT device manufacturers to connect their products to Cloudflare’s network automatically, providing users with a machine-learning based API to monitor for suspicious activities.
Analyst: JingwenSun| Editors: Robert Tian、Michael Sarazen