AI, DL: salvation or demise for cybersecurity?

This year promises to herald a plethora of new artificial intelligence (AI)-driven technologies to make our lives better. These innovations will include safer logins for banking and online purchases, controlling traffic and driving our cars, as well as convenience in our homes through automation of everything from answering the doorbell, monitoring heating/cooling to even cooking and doing the laundry. In addition, AI is being incorporated into tools to help us automatically detect cybersecurity threats, collect data on breaches and design new security software far more quickly than the current cycle of detection, analysis and cyber fixes permits.

Unfortunately, cybercriminals are also using AI to more rapidly exploit vulnerabilities in these systems. The race is on between the “defenders” and the “defrauders” to see who will conquer the benefits of AI first.

Sophisticated attackers are exploiting the lucrative opportunities provided by new mobile applications and access to the Internet of Things (IoT). Newly designed mobile malware developed by sophisticated AI is being used to help hackers crack passwords. Attackers are inserting malicious components into mobile apps via third-party providers. Once installed, the malware can gain root privileges, converting the compromised devices into mobile botnets to conduct nefarious activities.

Cybercriminals are using AI in a variety of ways to gain access to your information. They are searching through social media for personal data, which either allows them direct access to user accounts, or provides sufficient information for a directed “spear-phishing” attack to target you through emails and other social media applications to respond by providing security credentials.

While AI requires data science skills and abilities to build complex algorithms for data mining which will give nation-states as well as highly organized transnational cybercriminal organizations the upper hand in capitalizing on the technology, this will not limit its use. AI will accelerate the potential for super large-scale exploits and matching costs to governments, industry and commerce.

More than 8.4 billion IoT-connected devices are expected to be in use this year. These devices are typically less secure than existing devices, due to their limited onboard computational power and memory. Most vulnerable are the devices’ authentication mechanisms, which can be quickly compromised, allowing easy access to the heart of the systems and devices to which they are attached, and from which malicious code can be entered for replication and further attacks. These systems include online printers, peripheral devices, such as the keyboard and mouse or trackpad, and all our health monitoring devices, such as fitness trackers.

Cyber defenders will be incorporating more AI as they seek to counter the advances made by cybercriminals in evading sophisticated Intrusion Detection and Prevention Systems (IDPS). The application of AI will enable defenders to increase the detection rates of IDPS, while machine learning techniques will give defenders an edge in data mining to detect the source of botnets. These troublesome botnets are used to launch Distributed Denial of Service Attacks (DDoS) and cause false alarms in the IDPS systems, hindering detection of authentic security threats.

Botnets or ‘bots’, a network of computers and other devices connected through a malware infection that allows the ‘botmaster’ to send commands to these captive computers to control their attacks. Command channels are difficult to detect due to the encrypted communications from botmaster to bots. Bots can be used not only for traditional DDoS attacks, but also as a tool for identity and data theft. In 2016, the malware Mirai used botnets to connect more than 500,000 IoT devices in a catastrophic DDoS attack. Since this software is open source, cybercriminals may already be using AI to develop effective mutations to the malware structure, making it far harder for defenders to detect new variations.

By using machine learning methods, such as Artificial Neural Networks, which uses processing nodes to connect to each other, machine learning can recognise complex, as well as imprecise patterns of malware cybercriminals may be using to initiate attacks.

Using AI as a deterrent for cybersecurity threats brings great benefits, but alas, also complex risks. The AI itself offers cybercriminals a lucrative target for attack. As AI becomes more accessible to the general public, cybercriminals can use these same techniques to “get inside the cybersecurity loop.” This occurs most often when applications are running on our devices which have not been patched immediately upon notification by the manufacturers of ‘fixes’ for new malware threats. By delaying or ignoring patches for these applications — many of which may be running in the background of your device without your knowledge — the devices are open to significant vulnerabilities.

Mitigating cyberattacks

Preventive actions by you, the user, may help to mitigate cyberattacks. First, always update your software immediately upon notification of new versions and patches. Even postponing the installation until the end of the day may expose you to danger, as malware may already have been in the wild for several days or weeks before it was discovered and patched. You may have already been exposed. You should also consider using some form of identity theft protection. These have already saved millions of people by monitoring account activity and alerting them to suspicious activity.

If you suspect your device and data have been breached, take the following precautions immediately to minimize damage.

1. Change your password! This simple tip can be highly effective. Remember to “mix it up” and not use the same patterns as your previous password.

2. Check your accounts regularly. “Seeing is believing,” so look for potential clues that your accounts have been compromised. If you see unusual charges, report it!

3. Update your privacy settings. Make sure your social media accounts aren’t providing too much information about your personal life and identification elements. These can (and will!) be used against you in cybercrime.

4. Finally, if in doubt, freeze your account! This will stop criminals from opening new accounts in your name. Immediately place a fraud alert with your bank and credit card companies.

(Iyengar is Distinguished Ryder Professor and Director, School of Computing and Information Sciences, Florida International University, Miami, Florida; Miller is Associate Director, Robotics and Wireless Systems at Discovery Lab, FIU)