AI: Cybersecurity’s great hope and cybercriminals’ newest weapon

Brid-Aine Parnell

Wednesday 20 December 2017

Artificial intelligence (AI) and machine learning can change the entire model of cybersecurity from a ‘keep out’ strategy to a targeted, intelligent defence. But it will also allow more sophisticated social engineering attacks and automate cybercriminals’ intrusions.

Artificial intelligence has been lauded as the great hope for future cybersecurity and lamented as the next greatest weapon in cybercriminals’ arsenal.

The truth is that AI is a double-edged sword. The technology has the potential to convert cybersecurity systems from dumb defensive firewalls to sophisticated immune systems. But it could also greatly enhance the complexity and sophistication of social engineering attacks and help cybercriminals to proliferate attacks on all of the multiple access points afforded by the growing Internet of Things (IoT).

AI is coming

At this year’s Black Hat conference in the US, security firm Cylance surveyed attendees and found that nearly two-thirds believe that AI is likely to be used for offensive purposes in the next 12 months.

“However, increasingly automated cyberattacks won’t slow the adoption of AI for defensive purposes,” the Cylance Team reported. “In fact, as cybercriminals and nation-states begin using AI to increase the rate of attacks, the need for smarter solutions that can help human security teams keep up will only become more apparent.”

Businesses and government entities cannot ignore the benefits of greater automation and cost-effective processes brought by smart devices and the IoT. But as the world becomes hyper-connected, it opens up more and more avenues of attack for cybercriminals to enter private networks.

Meanwhile, AI technologies will allow cybercriminals to automate and spread their attacks, using more sophisticated social engineering tools and intelligent malware.

Intelligent defence

To fight these attacks, businesses and governments will have to turn to the same technology to change how they think about cybersecurity and defence. Traditionally, companies and governments have concentrated on trying to keep all bad actors out – a fenced-off mentality epitomised by the idea of firewalls.

As intrusions become more sophisticated, it’s clear that no firewall is impenetrable and the model of cybersecurity has changed. Instead of keeping everyone out, modern cybersecurity systems tend to act like police in a city or antibodies in an immune system: seeking out bad behaviour and eliminating it.

Cybersecurity and machine learning

AI is a big part of this idea. For example, Cambridge-based cybersecurity firm Darktrace uses machine learning to detect and stop attacks. Its software analyses the system and establishes a baseline for what is ‘normal’. How much load does the network usually carry? How many and which devices regularly link with it? Where are those devices located when they log in?

When it detects something out of the ordinary, it reports it in real-time for investigation. This is the sort of analysis that will pick up on intentional malice from someone who is allowed inside the network as well external intrusions. Similar startups include Hexadite, which was acquired by Microsoft this summer, and, which was bought by Amazon last year.

Like so many other advances in technology, AI and machine learning are just tools – they can be used by the good guys and the bad guys. But their growing usage means that companies have to start applying them to their cybersecurity now, before the criminals get a step ahead. 


Building the next-gen data centre

Where traditional and web-scale apps co-exist