AI/ML Basics
Simply defined, Artificial Intelligence (AI) is a field of Computer Science where Systems are taught and can simulate intelligent and/or predictive behavior and/or activities using programs and technology.
Machine Learning (ML) is a subspecialty of AI by which a computer improves its own performance by continuously incorporating new data into its statistical model.
An Artificial Neural Network (ANN) is a term used to describe algorithms and programs that mimic biological neural networks. The machine learns based on input and output as information flows through these networks.
Deep learning is a type of machine learning based on artificial neural networks in which multiple layers of processing are used to extract progressively higher level features from data.
Next, what is Data Science?
We use Data Science to understand and analyze the world around us with data. Data Scientists do so using techniques and theories associated with mathematics, computer science, and information science. With these tools, they attempt to extract the best and most valuable insights and information out of any type of data.
AI/ML Tools & Technology
The advancement of AI/ML tools & technology has somewhat become a double-edged sword. As data scientists rejoice in their findings, cybersecurity professionals are unable to sleep at night thinking about the CIA triad. When it comes to data, the CIA triad goes as follows.
Confidentiality
Confidentiality is all about making sure that data is accessible only to its intended parties. Attacks on confidentiality can include:
- Cracking encrypted data
- Man-in-the-middle attacks on plaintext data which is intended to be private
Integrity
Integrity is all about making sure that data is kept properly intact without it being meddled with in an unauthorized way. Attacks on integrity can include:
- Penetrating a webserver to embed malware into webpages and web server-side scripting
- Maliciously accessing a financial server to falsify financial records
- Turning a machine into a “zombie computer” to control it through a botnet
Availability
Availability is all about making sure that data and computers are available as needed by authorized parties. Attacks on availability can include:
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks on servers
Ransomware attacks, which encrypt data on targeted computers so that the authorized parties cannot use it, to compel the victim to pay a ransom to an attacker.
Data Aggregation
In most AI/ML use-cases, we are aggregating enormous amounts of data. Larger the sample data sets, more accurate will be the findings and models that the AI uses to adapt itself into its Skynet version. Jokes aside, aggregation of simple data could lead to higher sensitivity of data in the collection. For instance, a name by itself is not sensitive, but a name and telephone number are considered PII.
Security Concerns with AI/ML
There are several security concerns with AI/ML tools & technologies. Threat actors can use it to steal sensitive & proprietary information by tapping into an unprotected data lake for instance. Many AI software are still evolving making them vulnerable to attacks if not patched on time, and we know adminstrators aren’t always top of their game when it comes to patching. AI bias is another significant concern and I can’t begin to peel that onion on this post.
Can AI Help in Security Operations?
Email Security
Malicious actors understand it is easier to apply social engineering techniques than it is to attack an organization’s perimeter or finding and exploiting a zero-day or unpatched system. Machine learning and AI-based algorithms can be involved at all levels of identifying phishing emails. Anti-phishing programs that are deployed today perform link inspection by simulating clicks on all links in the email and then working to identify signs of phishing on the resulting sites. This makes for a great application of AI in email security. AI could help secure organizations in the future from these types of attacks. Furthermore, sentiment analysis and natural language processing could be used to check for suspicious language, grammar issues, and other indicators of phishing emails.
Finally, AI-based anomaly detection could be implemented at all levels to determine whether the sender, receiver, body, or attachments have malicious intent.
Network Analysis
Automated analysis is a perfect job for AI in information security. The total volume of data consumed by information security systems can be daunting. Applying AI/ML inline to existing tools can help to streamline the network monitoring performed by Firewalls, IDS/IPS, SEIMs, or other network or API based monitoring systems. Most attacks take place on the network and to combat incident fatigue AI/ML-based detection algorithms that use keyword matching, statistical monitoring, anomalous behavior monitoring can pick these packets out as being different than the baseline and can be brought to the attention of the security team for further analysis.
Antivirus
Antivirus programs have been primarily signature-based, heuristic-based, or activity-based. These programs are highly dependent on frequent updates and signature list. The problem with this traditional approach is it delays scalability and applicability of these updates, therefore, a delay is created between when the attack starts and when new signatures are made available. Malware detection makes for great use of AI as artificial intelligence isn’t necessarily dependent on signatures or based on attributes activity rather than abnormal behavior. Fingerprinting this would allow AI-based antivirus to find and detect zero-day exploits, another previously unknown malware.
User Behavior Analytics (UBA)
Another risk in cybersecurity today is that of the forgetful user or malicious insider, both of whom open the door to security threats. An AI-based tool could be used to remediate security concerns such as account takeover attacks, where an attacker has stolen user credentials or to prevent users from pulling unnecessary information from a system. To identify malicious users masquerading as legitimate users on your network, AI can be deployed to observe deviations of user behavior an alert on things that are outside of the norm.
Try this free hands-on AI/ML Anamoly Detection Service workshop and leave me your thoughts –