AI And Machine Learning For Cybersecurity: Friend And Foe?

Artificial Intelligence and machine learning are increasingly promoted as a solution in the context, and you don’t need to look far to find products and services trumpeting their use of such techniques as a key selling point.

Before looking at the potential downsides, it is worth thinking about the defensive role the AI can play in cybersecurity.  The key areas here will include spotting things that we would not ordinarily notice and aiding the automation of things that otherwise rely upon manual intervention.

Statistical methods can work to some degree, but AI can pull out more subtle patterns, and can help to derive new rules that would have been unlikely to be identified if security analysts were asked to specify them directly.

As a result, we don’t need to look far to find evidence of AI and machine learning becoming ever more commonplace.  For example, around half of the shortlisted candidates for Best Threat Intelligence Technologies in the SC Awards 2018 feature the use of related techniques as part of their solutions.

This has received over 8,000 signatories to date (including Elon Musk, Steve Wozniak, and numerous academics), with cybersecurity and privacy being flagged as key elements amongst the recommended research priorities Given the tendency for all technologies to find negative applications, it is reasonable to assume that AI will become a feature of future attacks.

Such an eventuality clearly amplifies the challenge in an area where many are already struggling to keep pace.  Indeed, at present, the need to use AI for attack is arguably limited by a plenitude of low-hanging fruit in terms of unpatched or misconfigured systems that can be targeted without it.

However, as the technology becomes standard in defence, it is likely to become equally standard in attack – with one side using AI to spot patterns of misuse and malicious activity, while the other uses it to find vulnerabilities and evade detection...taken to the extreme, this may reduce things to a machine-to-machine conflict, in which we become the observers rather than participants.

