Cybersecurity: when artificial intelligence gets involved
What is the relationship between artificial intelligence and cybersecurity? One certainly strengthens the other. Thanks to “machine learning”, which is already well known among researchers, AI makes it possible to tackle security in a different way, better suited to the changing context of cybercrime, with greater anticipation and through behavioural analyses. Applications have already been released by laboratories, particularly via open-source libraries, however new skills are required.
“By improving its knowledge and understanding of the phenomena by itself, machine learning enables an attack to be detected even if it is not familiar with the signature.”
Let us not forget that machine learning is a discipline of artificial intelligence (AI) which studies the techniques enabling systems to learn by themselves from their own experiences. Since the first algorithmic studies in the 1950s, and reinforced by the explosion of data in the 1990s, machine learning is a rapidly expanding field well known among researchers.
Technically speaking, it involves algorithms enabling a system to adapt its analyses and “behaviours” in response to information it receives in the form of unstructured empirical data from other systems, databases or sensors.
Machine learning is already used in a broad range of applications: recognition of images, objects and handwriting, search engines, assistance with medical diagnostics and faults, financial and stock analysis, robotics, semantic opinion analysis, consumer sentiment and behaviour for targeted marketing campaigns…
Countless and unexpected security breaches
In a context of an increasing number of cyberattacks related to the growing volume of data and equipment to be monitored, cybersecurity techniques are changing in order to address the limitations of detection means using filters, rules and signatures. In this confluence of events, machine learning is a good option to meet the need for automated threat detection, particularly in the banking sector to detect credit card fraud. Contactless payment is highly sensitive in terms of security. More generally, the digitization of factories, public transport and cars are also concerned. From an IS viewpoint, the digital transformation of companies leads to increasingly open and heterogeneous systems in terms of infrastructure and the nature of applications or data. This complex environment is linked to growing concerns around access by varied populations of users to information.
Early detection of deviant behaviours
The time has come! As current security solutions are showing their limits in terms of cybersecurity: “signature” databases (malware detection and filtration rules) are still lagging behind in terms of hacking techniques; security systems and applications are not sufficiently scalable given the increase in the phenomenon; current detection systems are not adapted to the highly distributed environments… and finally, the solutions are passive, not preventive and rely on human intervention. An attack must have already been experienced in order for its signature to be recognised, before it is countered.
Thanks its self-learning abilities, machine learning facilitates the early detection of deviant behaviours by analysing massive quantities of data in multiple formats, by relying on behavioural analyses and by improving its own knowledge and understanding of these phenomena. It therefore facilitates anticipation by detecting an attack even when the signature is not known.
This involves increasing the development of automated methods to analyse complex and massive data in order to extract information useful for preventive detection. Like Big Data, it has become clear that with increasing data flows comes a simultaneous increase in the need for processing capacities (process, analysis and actions) that only machines can satisfy.
These techniques are experiencing rapid expansion in security, particularly at the R&D stage. Large companies such as Cisco, for system logs, and Google, working against spam, already apply machine learning. In the industrial sector, the Box@PME, developed as part of the Albatros cybersecurity program aiming to increase the security of the entire Aeronautics & Spatial sector, incorporates a machine learning module.
Towards a machine vs. machine fight
This advance in cybersecurity will require new skills, that are quite different from those used in current cybersecurity projects and will create new roles. Security needs increasingly more data scientists, specialists in mass data mining and analysis, as well as experts in processing these data in the field of cybersecurity.
Above all, we are witnessing an almost “philosophical” change at present: we are inevitably moving into an era of automated cybersecurity, even though the machine, which is increasingly more powerful, is and and will remain at the service of humans. Faced with the increased number and automation of attacks, it is a machine vs. machine war that we will be witnessing in the decades to come. Big Data and AI will be the primary players involved.