Artificial Intelligence: Ally of cybersecurity or actor of cybercrime?
Artificial intelligence (AI), which is about sixty years old, brings together theories, sciences and techniques whose purpose is to imitate human behavior. “Imitate, but never equal” are the words of some experts who deplore this qualification, which is far too humanoid.
Since 2010, the discipline has taken off with the development of computing power of computers, taking an increasingly important place in all areas: private and professional life. Connected houses, cars etc… are the result of AI, which appears as a real support in our personal life. Its role in our professional life, is more discreet: protector in the shadow of cyber attacks and all the threats that weigh on our work environment.
Attacks are more and more numerous within structures, resulting in the recognition of the importance of cybersecurity by managers. Its importance is such that it becomes a fundamental issue, and the associated budget evolves, becoming more and more consequent. The surface of these cyber attacks is expanding, with an environment that is rapidly evolving and attacks are becoming more and more varied. It is here that the role of artificial intelligence is of real importance, its evolution allowing to prevent attacks of any kind.
This technology is far from being at the peak of its development, as the current achievements related to artificial intelligence cannot be qualified as “strong AI”. This qualification would then allow it to contextualize specialized and different problems in a fall way. However, in the current state of affairs, artificial intelligences are “weak” or “moderate” with non-contestable performances in very specific domains, which is moreover the case of cybersecurity; and allows us today to consider the primordial role that AI plays in the protection against cyber attacks.
The place of this discipline is unquestionable, the objective being to allow the prosperity of this technology, while protecting the humanity from the drifts. This process can lead us to question the place that artificial intelligence can take, but it is crucial to analyze this process as an ally and not as an evil for humanity. Laurent Alexandre, co-founder of Doctissimo, during a colloquium at the Senate on January 19, 2017, makes an interesting observation. He explains the importance for human intelligence to become complementary to artificial intelligence, thus leading to the necessary transformation of professional training, for the sustainability of jobs as well as their preservation. Artificial intelligence technology is thus put forward as a real vector of transformation and not as a threat.
Far from being an evil for society, artificial intelligence can provide solutions to new problems. Data security, and more broadly the protection of information systems, will be one of the crucial issues in the decades to come, and artificial intelligence appears to be a major ally.
Artificial Intelligence: The way to meet cyber challenges
Artificial intelligence is already integrated into many systems, the most telling example is the FACE ID system developed at Apple, since 2018, allowing the detection of the user’s face, strengthening at the same time the access to its data.
The CNIL’s Digital Innovation Laboratory produced a report in April 2022 on the security of artificial intelligence systems. It makes the following observation: AI is a force of proposal for new responses related to security risks, particularly through an analysis capacity that is increasingly developed and important. Examples that can be given are the numerous IDS (intrusion detection systems) network probes and the deployment of EDR (endpoint detection and response) that integrates it.
More broadly, AI is used in such a way that any behavior that is not considered normal will be flagged as a potential cyber risk. These methods combined with Deep Learning, allowing to process a large amount of data without going through the pre-processing step that is usually done by humans, artificial intelligence then becomes a powerful weapon against cyber attacks.
This tool allows the analysis of millions of data, allowing a 360° study, ranging from suspicious human behavior to malware. In order to feed the data used for the development of AI, we are entering a collaborative model, with companies that will accept the sharing of information in order to enrich the artificial intelligence, a very virtuous circle.
AI also allows to fight bots that represent an important part of the internet traffic and distort the traffic by creating fake accounts. The manual response appears insufficient, and this is where the intervention of artificial intelligence is more than necessary. Machine learning allows to understand the traffic and to detect bots from humans, it is through this massive analysis that the response can be fast.
Artificial intelligence is present at all levels, even making an inventory of IT assets. This computerized inventory provides an in-depth analysis and predictions of assets that may be compromised. Artificial intelligence therefore plays a visionary role, allowing the manager to act upstream and allocate additional resources to the most vulnerable assets.
Artificial and human intelligence: A collaborative work
Artificial intelligence can then be presented as an efficient tool, allowing to reduce the workload of the Security Operations Center (SOC) teams representing the division that ensures the security of a company and supervises the whole security of the information system.
Nevertheless, this advantage can also be presented as a danger. Indeed, artificial intelligence cannot replace the human in the sense that human intervention is necessary, which explains the need to develop synergies between the two intelligences. The work must be done in a collaborative manner to provide efficient protection.
The presentation of artificial intelligence alone as a superhero against cyberattacks is flawed, as it can itself be used to carry out cyberattacks.
The dangers of artificial intelligence
Machine learning can introduce vulnerabilities that can be exploited, causing the artificial intelligence to malfunction. It appears essential that the data at the heart of AI does not contain anomalies or malicious code. These flaws would be an easy entry point for hackers, who would make the artificial intelligence malicious themselves by manipulating the data that are at the origin of the artificial intelligence.
Another risk worth highlighting is the “Adversarial Attacks”, consisting in adding noise to a data to deceive the AI, to illustrate these remarks; we can evoke the case of Tesla cars; a simple piece of tape on the panel can make the speed limits of the car change.
The use of solutions composed of artificial intelligence in the information systems of companies, can appear as a new flaw that it is necessary to protect. Like any tool, it is exposed to external dangers and must be used knowing both the risks and the necessary means to protect it.
The use of artificial intelligence by hackers
The operation of artificial intelligence can be based on the training of a neural network for the realization of tasks at the same level of human performance, we also find AI based on Machine Learning. However, its operation requires a large amount of data, a lot of training and computing power CPU (central processing units) and GPU (graphics processing units) which is very expensive. These different points make the use of artificial intelligence by hackers more complex. However, there is still the possibility for hackers to exploit the commercial or self-service AI system.
In this sense, the year 2022 already appears dark in terms of new weapons to counter cyberattacks and especially the use of artificial intelligence and machine learning.
Cyber attackers can fabricate deepfakes, the goal here being to mimic the action of a third party logging into accounts protected by facial recognition. To take it a step further, cyber attackers will even be able to profile the types of profiles that are likely to succumb to an attack.
Today, the simple use of translation software allows for the mass distribution of phishing in a language not spoken by the hacker, making the use of AI accessible at any level. AI in this case is indirectly responsible for phishing, and turns into a simple and efficient way to allow massive data dissemination.
In short, you will have understood that artificial intelligence is a weapon of defense, but also of attack! The cyber risk is present everywhere and at any time, and the solutions to this risk are no longer a secret: awareness, penetration test and security process are the key to overcome the various attacks. Artificial intelligence must be used with care, and like all tools, it must be protected against attacks of which it could become the victim.
