Why AI is Rewriting the Cybersecurity Rulebook

Teow-Hin NgairArticle

Artificial intelligence (AI) isn’t just about self-driving cars or robots that can hold down a conversation. It’s an entire approach to problem solving that aims to combine the intelligence and creativity of humans with the speed and power of computing. While cybersecurity already relies heavily on automated processes, AI could find new and more effective ways to fight malware.

The Story So Far on AI

AI is the next step in the evolution of cybersecurity. It’s a field that has become more sophisticated and powerful in efforts to keep up with increasing creativity by cybercriminals:

  • Early cybersecurity was largely about scanning computers to look for known malicious files. Think of it like a nightclub or grocery store with a list of banned customers. The obvious problems included new malware that wasn’t yet on the watchlist, and old malware that disguised itself as a “legitimate” file or application.

  • The next step was behavioural analysis and heuristics (effectively rules of thumb.) Instead of looking for specific rogue files, scanners would look for suspicious patterns of behaviour associated with malware. That brought problems including having to figure out those patterns and the risk of false positives where legitimate files were blocked by security software.

  • Another big development was cloud-based intelligence incorporating crowdsourcing. Rather than security software simply working on isolated individual computers which await scheduled anti-malware updates, security software can now combine results across an entire user base in real time. Instead of relying on marginal calls, cybersecurity tools can combine multiple examples to confirm a particular file is malicious and then block or disable it on millions of computers in a matter of moments.

Combine these various technologies and you get today’s cybersecurity systems. It’s not that they have a problem as such, but rather there’s definitely more room for improvement. That’s where AI comes in.

So What Is AI?

When we talk about AI in a cybersecurity context, we’re talking specifically about machine learning. Traditionally computers have been powerful but stupid: they can perform a task more reliably and quickly than humans, but can only do what they are told.

Machine learning changes that. It’s designed to replicate human abilities to not just follow rules and systems, but develop new ones. (One branch of AI called neural networking tries to literally recreate a brain’s physical operation.) Machine learning involves refining guidelines and learning from experience.

With cybersecurity, that could mean AI-powered systems analyse unimaginable quantities of data and spot previously undiscovered patterns and clues to identify threats. In particular, AI systems can spot correlations between multiple characteristics of files and applications and figure out which combinations should arouse suspicion.

It’s a cliché to call a piece of technology a “gamechanger” but in this case, AI could literally rewrite the rules for how to detect malware.

Why Is This Approach So Important?

Having AI find new ways to identify malware would have three major benefits:

  • It stands a better chance of quickly spotting new tactics by malware distributors, particularly those who are trying to find ways round human-designed detection methods.

  • More accurate diagnosis of rogue files will reduce the risk of false positives. That means less frustration for computer users, plus less risk that they’ll be tempted to ignore and override legitimate warnings.

  • By honing in on which factors are most important for spotting malware, AI-based cybersecurity can work more efficiently and thus more quickly. That could mean spotting threats earlier while reducing the demand on a computer’s resources.

What Cybersecurity Tasks Could AI Help Perform?

The beauty of AI is that it isn’t restricted to a specific task. It’s more of an approach than a specific tool, so it can adapt to different cybersecurity challenges that require differing tactics.

Mention cybersecurity to most people and they’ll think of anti-malware tools. That’s certainly a task AI could be well-suited to. As noted, the big challenge for fighting malware is spotting malicious files, processes and applications and blocking them, preferably before they do any damage. That can include scanning files before they are downloaded or opened; regularly scanning files on a computer; and actively monitoring everything that’s operating on a computer. Speed and accuracy are both vital.

That’s not the only cybersecurity task however. AI could be useful at the network and website level. For example, it could monitor internet activity and look for signs of suspicious activity that might indicate a computer had been compromised and was now part of a network of infected computers. Cyber-criminals harness the combined computing power of such “botnets” to wreak havoc online. Right now it’s not an easy task to quickly identify such activity among the noise and sheer volume of online data, but AI might figure out better ways to do it.

There’s even a role for AI in areas of computer protection that you might not think of as obviously part of cybersecurity. For example, most internet and email providers offer some form of spam filtering designed to catch unwanted messages. That involves a range of techniques including blacklisting addresses known to send spam; searching for suspicious keywords; and examining patterns of activity across messages. AI could find even more effective ways to catch spam without mistakenly labelling legitimate emails.

The Bottom Line

We think of computing in rational, logical terms, but when it comes to cybersecurity we almost have to think philosophically. Current anti-malware tools are technically impressive, but they can only follow instructions. That means they are limited by human imagination.

Artificial intelligence in cybersecurity doesn’t just mean carrying out existing anti-malware tactics more quickly or with more power. It means AI developing tactics that human beings can’t yet conceive.