The Role of AI in Enhancing Cybersecurity

“Crime doesn’t pay,” we are told from a young age. Apparently no one bothered to convey this to today’s cybercriminals, who find it lucrative enough to keep doing it, and they do it with ever more sophisticated tools. Society pays immense sums to build and operate defenses against cybercrime.

Traditional anti-malware depends on “signature-based detection”: They identify a virus or other malware from characteristics of its executable program and maintain a database of known threats.

This approach is limited because it depends on a process that can identify new threats in the wild, characterize them, and deploy updates and patches before the threat can cause widespread damage. In this cat-and-mouse game, the mice are always at least one step ahead.

Moreover, much modern cybercrime doesn’t rely on malware. The latest weapons in the cybercrime arsenal are based, instead, on artificial intelligence and social engineering. They include tools such as:

• Deepfakes: They create convincing but fake audio and video of politicians, celebrities, corporate leaders, and other well-known people. This causes confusion or fear, or it causes gullible viewers to hand over their money.
• Phishing: They create fraudulent email and convincing fake website content with generative AI that is more convincing (and grammatically correct) than that produced by humans.
• Password hacking: They use AI algorithms trained on previously compromised passwords, ones that are much more efficient than humans at guessing user passwords.

But providers of cybersecurity tools are not standing still, and they now leverage their own AI-based defenses to keep the cybercriminals at bay. In this article, we discuss some of the new tools security providers deploy to keep your systems and data safe from the bad guys.

Next-Generation Antivirus

Although malware is not the only cybercrime approach anymore, it is still important. Its goal is disruption or destruction rather than fraud or theft. Defending against modern malware attacks relies on AI-based “next-generation antivirus” (NGAV), which overcomes the limitations of signature-based detection with an approach called “anomaly-based detection.”

In NGAV, the defense system doesn’t need to know anything about a specific new threat. NGAV identifies new threats by their behavior rather than characteristics of their program files. When a new program on a system exhibits behaviors similar to those of other malware programs, the system raises an alert, and actions can be taken to verify, isolate, and eliminate the threat. Suspicious behaviors can include certain types of database queries, network traffic, input-output requests to connected devices, and other activities.

NGAV systems are machine-learning solutions that are trained on existing data around malware behavior, so they know what patterns to look for.  Because an NGAV system runs 24/7 and can monitor an entire IT environment, it’s much faster and more effective than human monitoring can ever be.

Other AI-Based Cybersecurity Tools

Just as AI-based cybercrime isn’t limited to one kind of cyberattack or another, AI-based weapons in the fight against cybercrime go beyond malware detection. Examples include the following, among others:

• Insider threat detection: Many cyberattacks are conducted not by brute-strength attacks on an organization’s defenses but by actions taken from within, whether by deliberate sabotage or with a user account compromised through trickery or password hacking. Similar to AI-based malware detection, machine-learning-based monitoring tools can identify behaviors by inside agents, behaviors that indicate a cyberattack from within.
• Email impersonator detection with NLP: One method scammers use to gain your trust is by using generative AI to compose convincing email content and make it look like it came from an authority figure, such as the CEO of your company. It might, for example, ask you to wire money to a certain account. But new natural-language processing (NLP) tools can identify subtle clues in the email and flag it as suspicious.
• Phishing and fake website detection with NLP: In a similar way, NLP tools can filter out general phishing emails and identify fake websites before users can be fooled into handing over their login credentials and credit card numbers.

The Future of AI Cybersecurity

Other examples of AI-based cybersecurity tools are available or in development by major players, including Microsoft, IBM, and others. AI is fast becoming the go-to technology for keeping data and systems safe from hackers.

One exciting area of development is in intrusion prevention systems. These systems continuously monitor your IT landscape for suspicious activity and use machine learning to know what patterns to look for. Once a threat is detected, the integrated threat response functionality can send alerts to human administrators and trigger automated proactive steps to minimize the damage.

The AI-powered components of these systems endow them with high accuracy, with low false-positive and false-negative rates, to keep business disruption to a minimum.

Whether you think AI represents the ultimate labor-saving technology or an existential threat to the human race, two things are clear: Malicious actors will use AI to perpetrate cybercrimes, and the tools to thwart them must also be powered by AI. The cat-and-mouse game continues, but with AI, the cats may finally have the upper hand.