For CISOs looking to leverage the latest and most effective defenses against increasingly relentless cyber adversaries, implementing artificial intelligence and machine learning solutions can feel like the moment when evidence in a crime scene is revealed by a black light. Suddenly, the great lengths taken to conceal criminal activity can be detected and eliminated — in real time.
Without a deeper understanding of the role AI can play in a security strategy, however, it is all too easy to fall into the trap of seeing it as a magical security solution.
Not only will this severely limit the very real benefits that AI offers, but it will also make CISOs and their organizations more susceptible to overvaluing their AI in a way that makes them less safe. Similarly, organizations could easily overinvest in an AI that doesn’t really provide the security benefits they think they are receiving. This is not to say that AI is a trend or fad. It is not. When set up correctly, AI is an extremely powerful, and increasingly necessary, technology.
Ask the cybercriminals already using it.
Artificial Intelligence And Cybercrime
Just as the most sophisticated thief is aware of the latest forensic techniques, cybercriminals are using AI to improve and advance their efforts.
Rather than relying on generic, open-ended phishing messages, for instance, criminals are now utilizing AI to analyze a target’s writing style and social media communications. The result is deceptive messaging that is almost indistinguishable from authentic communication. And it is not just the written word. Using AI, threat actors have even managed to mimic the sound of a CEO’s speaking voice to trick unsuspecting employees into sending out unauthorized payments.
Machine learning and deep learning have already been used to find vulnerabilities in source and compiled code, as demonstrated in a Cyber Grand Challenge sponsored by DARPA. Similarly, cyber reasoning systems (CRS) are designed to automatically find and exploit vulnerabilities in complex software. New solutions, like the Central Exploit Organizer (CEO), also use machine learning to predict the relative effectiveness of a given vulnerability detection tool to improve its effectiveness at compromising a system.
Eventually, AI-enhanced malware will be able to learn a network’s dominant communication channels in order to traverse an environment while also blending into the digital environment -- learning the vulnerabilities, best points of access and highest-value targets while it moves across the network under the radar.
The Three Elements Of AI
As a result, CISOs rightly recognize the need to scale up their solutions to match their cyber-adversaries’ tactics and technologies. The mistake they often make, though, is assuming that anything labeled as “AI-enhanced” is going to provide the protection they need.
The first step to avoiding that pitfall is to gain a deeper understanding of AI.
Rather than thinking of AI as a stand-alone technology or tool, it is essential to see AI as a system of three distinct elements:
1. Machine learning is a process of analyzing data over time to enable a system to accurately predict outcomes and perform tasks using defined inputs.
2. Deep learning typically leverages multiple layers of an artificial neural network using datasets (without human design) to learn to represent input, predict outputs and perform tasks.
3. Artificial intelligence is the science of making intelligent computer programs by combining knowledge, reasoning and learning (both ML and DL). The better the data (possibly big) and the deeper the learning, the more humanlike performance it will achieve.
Bolstering Your Defenses
However, in many cases, what is being touted as AI does not include these elements and, as a result, is often nothing more than complex sets of automated scripts.
AI technology is only as good at its ANN -- the massive artificial neural network of interconnected nodes underneath its decision-making process. An ANN system is ideally composed of millions or billions of interconnected hardware and software components designed to accelerate data analysis and decision making -- while adapting and evolving to new information. Regardless of its intended use, if this underlying ANN environment is too small (compared to the problem-specific domain complexity), the AI’s capabilities will be severely limited.
Just as important as the size of the ANN are the learning strategies used to train it. To be effective, there are three essential modes of learning that can be used: supervised learning, unsupervised learning and reinforcement learning. In general, for an AI system to be reliable, it needs to use all of them.
The first mode is supervised learning (for classification), where labeled data is fed into the ANN to determine the best parameters for producing minimal classification errors. The second mode is unsupervised learning (for classification). In this case, unlabeled data -- identified with similarities to the labeled data -- is used to further refine data classification while minimizing errors. The third mode is reinforcement learning, in which the ANN learns by trial and error, using a reward signal specified by a human trainer.
Data volume is also essential. Proper training requires massive amounts of information. Without an investment in labeled and unlabeled data, an AI’s capabilities will be as limited as the information it is fed.
Finally, an effective AI trainer needs years of experience and very specific training to create the layers of analysis needed for AI to make reliable and effective decisions.
Looking Beyond The Hype
As more and more cyberattacks utilize the power of AI, CISOs are right to invest in it. But before they make that investment, they must look beyond surface specs and marketing hype and understand exactly what it is they are buying.
AI systems need to be relied on to make autonomous decisions at machine speeds. If the organizations investing in these solutions don’t look closely at the full AI system -- examining the infrastructure, learning process, data, and technology and resources used to create it -- they could learn the hard way that not all AI is created equal.
