NicoElNino - Fotolia

How AI will underpin cyber security in the next few years

Cyber security risks are growing in complexity and volume, but artificial intelligence techniques can help businesses track and fight them in real time

This article can also be found in the Premium Editorial Download: Computer Weekly: Where neuroscience meets technology

Cyber criminals continue to launch increasingly sophisticated and devastating attacks on industrial, business and financial organisations around the world – and the damage from such crime could reach $6tn by 2021, according to a report from Cybersecurity Ventures.

It has become clear that organisations cannot simply rely on manpower and human interaction to fight off cyber attacks. Not only is it time-consuming for employees to spot potential threats, but it is also challenging to come up with security technologies to prevent them. So there are fears that businesses will continue to fall victim to hackers.

As a result, organisations are being forced to consider new ways to boost their cyber defences. Whether it is implementing new cloud strategies or big data analytics, many companies are showing that they can think outside the box when it comes to modernising their IT security defences.

But artificial intelligence (AI) is emerging as the frontrunner in the battle against cyber crime. With autonomous systems, businesses are in a far better place to strengthen and reinforce cyber security strategies. But does this technology pose challenges of its own?

Large organisations are always exposed to cyber criminals, and so they need appropriate infrastructure to spot and combat threats quickly. James Maude, senior security engineer at endpoint security specialist Avecto, says systems incorporating AI could save firms billions in damage from attacks.

“Although AI is still in its infancy, it’s no secret that it is becoming increasingly influential in cyber security,” he says. “In fact, AI is already transforming the industry, and we can expect to see a number of trends come to a head, reshaping how we think about security in years to come. We might expect to see AI applied to cyber security defences, potentially avoiding the damage from breaches costing billions.”

But Maude believes the use of AI in cyber security is a double-edged sword. While businesses will see the benefits, criminals will also tap into this technology to automate attacks. He says businesses could “see criminals and nation states using innovative AI attacks to do serious harm to everything from companies’ reputations to critical infrastructure”.

Andy Powell, vice-president and head of cyber security at professional services firm Capgemini, agrees that criminals could turn to AI to drive their attacks. “From a hacker’s point of view, AI will power attacks, from automatically generating and launching distributed denial of service (DDoS) attacks via the internet of things (IoT), to rapidly analysing code and system weaknesses before inserting exploitation methods,” he says.

New opportunities

Based in the UK, RazorSecure is an example of a cyber security company that is capitalising on the potential of AI. It uses AI techniques to recognise attacks targeting the aviation, rail and automotive markets, and is one of nine cyber security firms chosen to take part in GCHQ’s latest Cyber Accelerator.

Alex Cowan, CEO at RazorSecure, says AI and deep learning will transform cyber security approaches in the coming years. “Artificial intelligence is a big part of the future of cyber security,” he says. “One of the key areas we must solve is how to not only use deep learning for correlation detection, but also causation. Without understanding the ‘why’ behind a cyber security incident, we will always be chasing false positives and lacking the ability to prioritise a growing queue of cyber security incidents.

“Cyber security is a difficult enough problem. We must use AI to bring a new focus and to enhance and improve our ability to manage security of systems. Given the shortage of cyber security professionals and the explosion in IoT and cloud systems, at RazorSecure we are focused on working smarter, not harder. And as an industry, we must stop inflating the scale of the problem.”

Headquartered in Cardiff, Amplyfi is a cutting-edge business that is using AI to transform cyber security research. It has created a machine learning platform that mines the deep web for key security trends. The company recently completed a project with Harvard University that explored North Korean biological warfare threats.

“AI is an indispensable tool to help uncover the threat landscape to organisations’ competitive advantages”
Chris Ganje, Amplyfi

Chris Ganje, CEO at Amplyfi, says: “Artificial intelligence is prevalent across almost every industry and, among other things, is an indispensable tool to help uncover the threat landscape to organisations’ competitive advantages.

“In cyber security, AI can automatically identify potentially malicious software behaviour, attack vectors and related anomalies in real time, allowing a continuously adaptive defence mechanism to identify and shut down intrusions faster and easier than ever before. This technological advancement not only significantly reduces the number of cyber security breaches, but also empowers analysts to better focus their time and speeds up the process to identify breaches from hundreds of days to mere hours.”

Farrpoint, an independent consultancy that advises companies on matters surrounding IT infrastructure, cyber security and connectivity, has also shifted its attention to AI. It has worked with a number of high-profile clients, including Kwik Fit, Total and Clarks, and public sector organisations such as the Scottish government, the NHS and the London Borough of Greenwich.

Dan Brown, a cyber security consultant at Farrpoint, says companies can speed up response times by implementing machine learning. “Traditionally, identifying a cyber threat would require prior knowledge of the function and source of the threat,” he says. “Machine learning means that technology can adapt and improve, using its learned knowledge to flag up shared characteristics of threats and pre-empt a previously unseen attack.

“The continual seep of AI into security offerings should help shift the balance of power, giving companies the upper hand, speeding up responses and helping to spot potential problems before they occur. AI is also able to spot, and adapt quickly to, changes in attack methodology.”

Managing complex data

With threats becoming more complicated, cyber security professionals are dealing with a growing influx of data. Alexandra Mendes, a senior lecturer in computer science at Teesside University, believes AI is the answer.

“AI systems and techniques have a big role to play in cyber defence,” she says. “In recent years, with the huge increase in the number of systems and security attacks, the amount of data that cyber security professionals have to process has increased dramatically, to the point where it is impossible to process it manually.

“It is also almost impossible to manually detect patterns in the data that can be used to respond to, or prevent, security incidents. Modern AI techniques, such as machine learning and deep learning, have an important role to play in the analysis of that data. They are particularly useful for predicting attacks and providing response plans.

“In fact, these AI techniques have been used to improve the performance of intrusion detection systems. More classic AI techniques, such as AI planning, still have an important role in cyber security systems, for example in the generation of response plans for security attacks.”

Talal Rajab, head of cyber and national security at industry support organisation TechUK, takes a similar view to Mendes. He believes AI can help companies to simplify and quicken their cyber security strategies.

“AI allows companies to understand their adversaries better, predicting where the next attack may come from and helping them respond to cyber threats and attacks more quickly than they can now,” he says. “Many companies are currently reliant solely on human expertise to detect anomalies. With the current cyber skills shortage, investing in AI can be a crucial tool in addressing the increase in frequency of attacks, both to businesses and individuals.”

Big business benefits

Prakash Arunchalam, chief information officer at customer experience management firm Servion, also sees big business benefits in AI-driven security, and says the technology can improve efficiencies among IT and cyber security teams.

“As more and more devices get connected, the challenges of new security risks is sure to arise, and cyber security experts will need all the help they can get to meet these threats,” says Arunchalam. “AI systems are designed to detect even the smallest changes in the environment, and they have the potential to act much faster and fix them. AI will be of tremendous help to identify and analyse such exploits and weaknesses to quickly mitigate more attacks. In 2018, AI-based cyber security technologies will become more mature.”

Joining a new breed of security-conscious businesses, telecoms giant BT is using AI to stay ahead of attackers. Mark Hughes, CEO of the firm’s security arm, explains how BT has developed a new AI-driven method to identify threats and protect its network.

“Our approach is to enable cyber analysts to perform ‘hunting’ for unusual or abnormal patterns in huge amounts of different types of data to find early indicators of cyber attacks,” he says. “Our patented approach is based on ‘intelligence augmentation’, where we train a deep learning network to learn what normal network behaviour is and use data visualisation to present deviation from the normal behaviour to human analysts. Typically, the system is trained to produce tens of anomalies from hundreds of millions of logs.”

Read more about AI and security

With this technology, the company’s 2,500 cyber security experts can get a much deeper insight into threats. Hughes adds: “Once an analyst selects a subset of the anomalies, deeper analysis is performed by the algorithms to determine whether the anomaly points to a real attack or a known vulnerability. In either case, this approach helps analysts deal with much larger volumes of data in a fraction of the time.

“We often refer to this approach of using AI within cyber security as ‘Ironman’ rather than ‘Terminator’, aiming to enhance human detection capabilities rather than replacing them.”  

Jeff Dickerson, CEO at point-of-sale software provider DaySmart, says his company has been using AI security technology from Burning Tree and CyGlass to keep an eye on potential cyber attacks. He says the growth and complexity of threat “makes it difficult for existing security tools to prevent or even to identify today’s’ attacks”. He adds: “We saw artificial intelligence as a way to assist our security team, by reducing the noise and focusing them on what is a potential threat.

“Using products such as CyGlass, which uses a layered AI approach to search through millions and even billions of network conversations and find anomalous behaviour, gives us the ability to find the needle in the haystack while providing a level of protection that cannot be offered with the security products we have become used to in recent years.”

Eben Upton, CEO and founder of Raspberry Pi, has ploughed money into AI security systems from Darktrace to safeguard his firm’s intellectual property. He says: “Darktrace’s AI technology for cyber defence is a game-changer. It provides us with full visibility into our network, including any connected personal devices, and other weak spots.

“Darktrace is unique in its ability to detect and remediate any emerging cyber threats, including ‘unknown unknowns’ that routinely bypass legacy security tools. It allows us to remain resilient in the face of a rapidly evolving threat landscape – despite a flexible IT policy and a lean security team.”

Transforming network security

Eric Ogren, a senior analyst at 451 Research, says the “most promising” area for AI in cyber security is in network security, helping businesses to secure their hybrid cloud infrastructure. “There is huge value in AI applied to network security,” he says. “For one, the network is a data source that never lies. What network security sees on the wire is what is actually happening – there is no dependence on untrusted hosts or agents self-reporting their health status.

“So mapping east-west and north-south flows with network traffic analytics provides a good metric for catching threats, streamlining traffic, and thus improving business outcomes. So much of security is looking outward into the dark web. Sandboxing is one example of reacting to what is actually executing in the network.

“Network traffic analytics with AI approaches twists security conventional wisdom to what is actually seen in the business, as opposed to a priori patterns of everything that can be a security risk. We have seen this with FireEye’s work in establishing sandboxing as a major security category based on actual execution performance. We see similar possibilities for AI in network security.”

If there is one technology that will have a massive impact on the world in the coming years, then AI is definitely it. But it is not just powering smart assistants such as Amazon’s Alexa – it is also becoming a prevalent force in the cyber security industry. Although businesses need to be mindful that AI is still relatively nascent, there are already many proven possibilities.

Read more on Hackers and cybercrime prevention

CIO
Security
Networking
Data Center
Data Management
Close