• Blog
  • A Non-Technical Guide to AI/ML for Security

A Non-Technical Guide to AI/ML for Security

I write this blog in the hopes of breaking the stereotype: AI/ML is reserved only for the technical audience.

You must know that whenever a new technology was invented, people always found a way to freak out. For example, fire, wheel, computers, electricity, and so on. Although we all soon came around to appreciating the inventions, we are still a tad bit anxious when it comes to computers.

Don’t get me wrong. We are attached to our screens these days, but with attachment come concerns. The sole issue that pops up every now and then is machine learning (ML) and artificial intelligence (AI). And, these issues are real, which signifies that no matter how much of a technical layperson you are like me, you need to know about this. Even though ML and AI are not our typical conversation subjects, they deal with “questions about what it means to be a human”.

Let’s begin with what is ML and AI, and the difference between them.

While AI deals with the programming of computers to form decisions, ML is focused on making predictions by understanding patterns from data. These two are interconnected and if talked in a non-techie sense, they are basically the same. For example, your Spotify recommendations. At first, it is a mess but the more you use the app, the better the recommendations get. As Andrew NG stated, “AI is the new electricity. It will transform every industry and create huge economic value”.

Now, coming to AI/ML in cybersecurity, they assist both attackers and defenders in achieving their goals. AI can be stated as the science that makes things smarter. It is “human intelligence performed by machines”. Let me dampen your hopes a bit: machine learning is exploited by hackers to carry out attacks, by bypassing security mechanisms. However, ML seems to be the only hope when it comes to solving tasks, such as classification, prediction, and regression.

Cybersecurity combined with AI/ML is a relatively new domain, and companies believe that AI/ML helps them overcome their business hurdles and respond to threats. The use of machine learning for detecting and preventing threats from unknown malwares have reduced the number of cases that were previously being investigated by a team of cybersecurity professionals. Even the tasks of blocking and monitoring are being done by machines. These days, the AI acts as a first responder to a threat, which is then investigated by the cybersecurity team. This way, technicians have more time to focus on serious issues, while the continuous monitoring is done by systems. Thus, we can state that humans and AI are collaborating on building a responsive and stronger security protocol.

Threats, through AI and ML, are detected in the same way as spam. There the system goes through a huge amount of data to identify right from wrong. AI/ML helps reduce the time taken to detect a threat, enabling technicians to prevent damage proactively. As compared to humans, they are less susceptible to committing errors and every threat is dealt with accurately. These systems also help categorise attacks according to their tendency for damage. AI/ML systems can use huge amounts of data and modify over time, providing firms with a strong line of defense.

Now, coming to application security or more commonly known as, AppSec. Although machine learning is not the magical potion that it is made out to be, it has the potential to be the most promising arena in cybersecurity. With proper use, it can reveal a multitude of capabilities, especially in the AppSec domain.

As per a study, led by The University of Oxford, the rising use of AI by hackers will result in the expansion of existing threats, which will eventually give rise to new threats and replace human labor. This increases the efficiency and effectiveness of attacks, in a significant manner. In simple terms, we can say that one bad guy can now cause more damage. This leads to the realisation that we need to apply machine learning in AppSec. Nonetheless, it comes with a warning - we need to prevent abuse of AI by bringing together humans and AI, since AI is better at exploiting vulnerabilities as compared to humans.

Another use of ML in the application security domain is defending zero-day exploits. It is imperative to deter such attacks since they are not usually noticed right away. While it takes months of hard work to identify and address these breaches, sensitive data gets exposed. Through machine learning we can identify abnormal data movement and help find aberrations.

This is where I would like to end my journey about AI/ML for security for non-techies, like me. For the time being. But, you should know that this is just the basics of AI/ML and it is a vast box that needs to be explored. Even though it cannot solve all our cybersecurity issues, with the increasing number of data and the reducing number of experts, ML seems to be optimum. Since it has a lot of potential, it is better if we start right now.

References

1. https://towardsdatascience.com/ai-and-ml-security-101-6af8026675ff
2. https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7307098
3. https://link.springer.com/content/pdf/10.1186/s13635-018-0074-y.pdf
4. https://towardsdatascience.com/ai-and-machine-learning-in-cyber-security-d6fbee480af0
5. https://towardsdatascience.com/machine-learning-for-cybersecurity-101-7822b802790b

- Written by Sayantika Sanyal for Nullcon

Copyright © 2019-20 | Nullcon India | International Security Conference | All Rights Reserved