Securing AI is as relevant as its use for cyber security
Vijay Mohan in Chandigarh
IN the field of cyber security, artificial intelligence (AI), the current buzzword in the Information Technology world, is emerging as a double-edged weapon, redefining both the criminal modus operandi as well as counter measures. While AI can improve security by handling data and analysis faster and identifying threats more accurately than humans, it may conversely help cyber criminals spot vulnerabilities and overpower defensive mechanisms with relative ease.
Pointing out that the large deployment of devices across the globe results in a single vulnerability or failure making significant compromises that are usually beyond the ability of human operators to cope with, a report on ‘Cyber Security, Safety, Legal And Ethical Issues’ submitted last year by a committee set up by the Ministry of Electronics and Information Technology states that the necessity is for AI to act as a force multiplier by augmenting the cyber security workforce’s ability to defend at scale and speed.
Read also:
- Cyber crime net widens
- Gangsters’ reliance on ‘fake’ numbers
- Information Technology legislation ‘falls far short’
- Services work on cyber defence and attack strategies
“The agility created by AI augmentation of a cyber security system may, however, be two-sided. Along with a rapid response to both detection and remediation comes the potential for an equally rapid corruption of systems,” the report cautions.
There are already instances, for example, where attackers are using AI to detect when the malicious activities are being monitored within a “security sandbox” and alter its behaviour accordingly to escape detection and thereby extend the potential damage and surface attack. AI will allow computers to take over Internet security tasks from humans and then do them faster and at scale. These include:
- Discovering new vulnerabilities and, more importantly, new types of vulnerabilities in systems, both by the offence to exploit and by the defence to patch, and then automatically exploiting or patching them;
- Reacting and adapting to an adversary’s actions, again both on the offence and defence sides. This includes reasoning about those actions and what they mean in the context of the attack and the environment;
- Abstracting lessons from individual incidents, generalising them across systems and networks, and applying those lessons to increase attack and defence effectiveness elsewhere; and
- Identifying strategic and tactical trends from large datasets and using those trends to adapt attack and defence tactics.
Observing that it is near impossible to predict what AI technologies will be capable of, the report states that it’s not unreasonable to look at what humans are doing today and then imagining a future where AI is doing the same things but at computer speeds, scale and scope.
“However, cyber security of AI is as relevant as AI for cyber security. The models and data need protection from manipulation,” the 55-page report by the 11-member committee chaired by Prof Rajat Moona, Director, IIT-Bhilai, states while adding that the new ‘Cyber Security AAA: Automation, Analytics and AI’ is going to be the next battleground through 2020 and beyond.
“As predictive analytics gains ground, mathematics, machine learning and AI will be baked more into security solutions. These will learn from the past, and essentially predict attack vectors and behaviour based on that historical data,” it states.
Observing that AI technologies have the potential to upend the advantage that attack has over defence on the Internet, the report says this has to do with the relative strengths and weaknesses of people and computers, how all those interplay in Internet security, and where AI technologies might change things.
“Defence is currently in a worse position precisely because of the human components. Present day attacks pit the relative advantages of computers and humans against the relative weaknesses of computers and humans, thereby creating asymmetry. Both attack and defence will benefit from AI technologies, and we can safely presume that AI has the capability to tip the scales more toward defence. There will be better offensive and defensive AI techniques,” the report forecasts.