The average business receives 10,000 alerts every day from the various software tools it uses to monitor for intruders, malware and other threats. Cybersecurity staff often find themselves inundated with data they need to sort through to manage their cyber defenses.
The stakes are high. Cyberattacks are increasing and affect thousands of organizations and millions of people in the U.S. alone.
These challenges underscore the need for better ways to stem the tide of cyber-breaches. Artificial intelligence is particularly well suited to finding patterns in huge amounts of data. As a researcher who studies AI and cybersecurity, I find that AI is emerging as a much-needed tool in the cybersecurity toolkit.
There are two main ways AI is bolstering cybersecurity. First, AI can help automate many tasks that a human analyst would often handle manually. These include automatically detecting unknown workstations, servers, code repositories and other hardware and software on a network. It can also determine how best to allocate security defenses. These are data-intensive tasks, and AI has the potential to sift through terabytes of data much more efficiently and effectively than a human could ever do.
Second, AI can help detect patterns within large quantities of data that human analysts can’t see. For example, AI could detect the key linguistic patterns of hackers posting emerging threats in the dark web and alert analysts.
More specifically, AI-enabled analytics can help discern the jargon and code words hackers develop to refer to their new tools, techniques and procedures. One example is using the name Mirai to mean botnet. Hackers developed the term to hide the botnet topic from law enforcement and cyberthreat intelligence professionals.
AI has already seen some early successes in cybersecurity. Increasingly, companies such as FireEye, Microsoft and Google are developing innovative AI approaches to detect malware, stymie phishing campaigns and monitor the spread of disinformation. One notable success is Microsoft’s Cyber Signals program that uses AI to analyze 24 trillion security signals, 40 nation-state groups and 140 hacker groups to produce cyberthreat intelligence for C-level executives.
Federal funding agencies such as the Department of Defense and the National Science Foundation recognize the potential of AI for cybersecurity and have invested tens of millions of dollars to develop advanced AI tools for extracting insights from data generated from the dark web and open-source software platforms such as GitHub, a global software development code repository where hackers, too, can share code.
Despite the significant benefits of AI for cybersecurity, cybersecurity professionals have questions and concerns about AI’s role. Companies might be thinking about replacing their human analysts with AI systems, but might be worried about how much they can trust automated systems. It’s also not clear whether and how the well-documented AI problems of bias, fairness, transparency and ethics will emerge in AI-based cybersecurity systems.
Also, AI is useful not only for cybersecurity professionals trying to turn the tide against cyberattacks, but also for malicious hackers. Attackers are using methods like reinforcement learning and generative adversarial networks, which generate new content or software based on limited examples, to produce new types of cyberattacks that can evade cyber defenses.
Researchers and cybersecurity professionals are still learning all the ways malicious hackers are using AI.
Looking forward, there is significant room for growth for AI in cybersecurity. In particular, the predictions AI systems make based on the patterns they identify will help analysts respond to emerging threats. AI is an intriguing tool that could help stem the tide of cyberattacks and, with careful cultivation, could become a required tool for the next generation of cybersecurity professionals.
The current pace of innovation in AI, however, indicates that fully automated cyber battles between AI attackers and AI defenders is likely years away.
This article was republished from The Conversation under a Creative Commons license to point warfighters and national security professionals to reputable and relevant war studies literature. Read the original article.
Dr. Sagar Samtani is an Assistant Professor and Grant Thornton Scholar in the Department of Operations and Decision Technologies at the Kelley School of Business at Indiana University (2020 – Present). He is also a Fellow within the Center for Applied Cybersecurity Research (CACR) at IU. Prior to joining IU, Samtani served as an Assistant Professor in the Muma College of Business at the University of South Florida (2018 – 2020).
Samtani graduated with his Ph.D. in May 2018. His dissertation was supervised by Dr. Hsinchun Chen in the Artificial Intelligence Lab in University of Arizona’s Management Information Systems (MIS) department within the Eller College of Management at the University of Arizona (UArizona). He also earned his MS in MIS and BSBA in 2014 and 2013, respectively, from UArizona. From 2014 – 2017, Samtani served as a National Science Foundation (NSF) Scholarship-for-Service (SFS) Fellow.
Samtani’s research centers around Artificial Intelligence for Cybersecurity and cyber threat intelligence (CTI). Selected recent topics include deep learning, network science, and text mining approaches for smart vulnerability assessment, scientific cyberinfrastructure security, open source software security, and Dark Web analytics. Samtani has published over forty journal, conference, and workshop papers on these topics in leading venues such as MIS Quarterly, Journal of Management Information Systems, ACM Transactions on Privacy and Security, IEEE Intelligent Systems, Computers and Security, IEEE Security and Privacy, IEEE International Conference on Data Mining, and others. His research has received funding from the NSF Cybersecurity Innovation for Cyberinfrastructure (CICI), CISE Research Initiation Initiative (CRII), and Secure and Trustworthy Cyberspace Education (SaTC-EDU) programs.
He has co-founded workshops on AI for Cybersecurity topics at IEEE ICDM and ACM KDD. He also serves as a Program Committee member or Program Chair of leading AI for cybersecurity and CTI conferences and workshops, including IEEE S&P Deep Learning Workshop, USENIX ScAINet, ACM CCS AISec, and IEEE ISI. He has also served as a Guest Editor on topics pertaining to AI for Cybersecurity at IEEE Transactions on Dependable and Secure Computing (TDSC) and other leading journals. He is currently an Associate Editor at Information and Management. Dr. Samtani also serves as a special advisor and/or on the Executive Advisory Council of leading entities in the cybersecurity industry, including the CompTIA ISAO.
More than 86 million Americans use the social media app TikTok to create, share, and view short videos, featuring everything from cute animals and influencer advice to comedy and dance performances.
Concerned experts point out that TikTok’s parent company, the Beijing-based ByteDance, has been accused of working with the Chinese government to censor content and could also collect sensitive data on users.
The recent leak of Pentagon documents included the suggestion that China is developing sophisticated cyber attacks for the purpose of disrupting military communication satellites. While this is unconfirmed, it is certainly possible, as many sovereign nations and private companies have considered how to protect from signal interference.
The Wisconsin shipyard that builds the U.S. Navy’s Freedom-class Littoral Combat Ship and the Constellation-class guided-missile frigate suffered a ransomware attack last week that delayed production across the shipyard, USNI News has learned.
Fincantieri Marinette Marine experienced the attack in the early morning hours of April 12, when large chunks of data on the shipyard’s network servers were rendered unusable by an unknown professional group, two sources familiar with a Navy summary of the attack told USNI News on Thursday.