Cybersecurity with Artificial Intelligence in 10 Questions
1. What is the difference between Artificial Intelligence (AI), Machine Learning (ML), and Deep Learning?
Artificial intelligence is a science field interested in finding solutions to complex problems like humans do. AI is a decision mechanism similar to a real human decision mechanism modeled with algorithms. Machine learning is a subdomain of artificial intelligence, using mathematical and statistical methods to extract information from data, and with that information – try to guess the unknown. Deep learning is a subdomain of machine learning and tries to learn the data with artificial neural network approach.
2. What problem does ai solve? What does AI do better than a human?
Artificial intelligence (AI) is a result of a software that tries to create a decision mechanism similar to human brain’s decision mechanism. However, in the early years of AI, it couldn’t become the exact imitation of the human brain. With the improvement in science and technology, it was seen that human brain is too complicated to be modeled with a software. In following years, researchers focused on decision mechanisms in more specific fields instead of focusing on modeling the exact human brain structure.
The purpose of AI applications is to solve a problem more quickly than a human can. For example, think about a doctor who is an expert in cancer research. The process of detecting the cancer cells can be modeled with an artificial intelligence technique, detecting the cancer cells just as well as the doctor does, if not better. The AI software can be used by everyone, which is helpful when hospitals don’t have specialist doctors.
Essentially, most problems that requires experts — as long as there is appropriate data — can be modeled by using artificial intelligence techniques. Data is key to the accuracy of AI results. For example, in order to detect cancer cells, cell size, cell speed, the enzymes that it secretes, the rate of mutation, etc., are distinctive features that need to be collected to be solved by using machine learning techniques.
In scenarios in which it’s not possible to analyze tremendous amounts of data by a human expert in an efficient amount of time, artificial intelligence applications can serve as successful and fast solutions.
3. Which types of aI applications are being used in cybersecurity solutions?
For the sake of simplicity, the following application categories can be examined as most common:
- Spam Filter Applications (spamassassin)
- Network Intrusion Detection and Prevention
- Fraud detection
- Credit scoring and next-best offers
- Botnet Detection
- Secure User Authentication
- Cybersecurity Ratings
- Hacking Incident Forecasting
4. How can an aI application that does malware analysis be used?
It’s possible to detect a software, whether it’s Malware or a normal software, with artificial intelligence. In order to develop an artificial intelligence application that does malware detection, you must first determine distinctive features.
Here are some features to use in the analysis of a software:
- Accessed APIs
- Accessed fields on the disk
- Accessed environmental products (camera, keyboard etc)
- Consumed processor power
- Consumed bandwidth
- Amount of data transmitted over the internet
Using these features, a software test can then detect whether the software is a malware or not.
5. what is the success rate of using ai to detect cyber attacks?
AI can be used to detect cyber attacks, and the success rate of those varies between 85% and 99%.
In the last few years, in addition to academic researches, some products have been improved to detect cyber attacks with the help of artificial intelligence like DarkTrace. DarkTrace claims to have more than a 99% success rate and it also has a very low rate of false positives. For more details, you can check the company’s website.
6. What are the alternatives to open source machine learning libraries?
It’s important to note that it doesn’t matter which language you’re using for machine learning. What’s really important is the algorithmic approach. As long as you know the machine learning algorithms, you can use the programming language that you want and code the algorithms using that language — or using the libraries — and develop a machine learning application.
Python, is one of the most common languages used in machine learning. It is an open source language that can easily access various libraries for different purposes.
The libraries used for machine learning are:
- Scikit Learn (Sk-learn): a huge library with many algorithms. Using this library makes running the algorithm that you want possible with simply four lines of code.
- Numpy: In a machine learning application, statistical and mathematical complex calculations are common. Therefore, the library Numpy for mathematical functions is essential for machine learning applications.
- Pandas: Pandas library is used to process the data fast and effectively.
6. I’m interested in more information about artificial intelligence?
For beginners, to get the latest articles about artificial intelligence you can follow these blogs:
You can also find cyber security related artificial intelligence researches in this (http://www.covert.io) source. You can also check Black Kite’s blog page (https://www.blackkite.com/blog) to access the latest articles about cybersecurity and machine learning.
7. Does a cybersecurity domain have differences from other machine learning domains?
Machine learning is being used frequently in a tremendous amount of applications, which can be used to detect most questions. Contrarily, in some of the cybersecurity problems, the thing that we want to detect is not implicitly defined and difficult to understand. Additionally, the cybersecurity domain require more manual work to calculate updated data.
8. do companies develop cybersecurity applications using artificial intelligence?
There are lots of companies that develop cybersecurity applications using artificial intelligence. The companies that began using AI early focused on using AI for time management and efficiency. Examples include:
Darktrace, founded in 2013, developed a product that does anomaly detection on a network with machine learning. The company is now worth $825 million. CYLANCE, founded in 2012, developed a product to prevent advanced level cyber threats. The company is worth $1 billion now. The leading companies that use artificial intelligence in cybersecurity domains are listed in a report by CBInsight (See the image down below) :
With artificial intelligence increasing in popularity, there has been a massive increase in the number of startups that focus on cybersecurity domains. According to CBInsight, applications using artificial intelligence in cybersecurity rank in 5th place!!!
9. Can you provide examples of machine learning algorithms being used to develop cybersecurity applications?
Spamassassin is a project that is an open-source code and does spam mail filtering. Spamassassin makes a feature list in order to control if an email is spam mail or not. Extracted features from an analyzed email is processed with Naive Bayes algorithm. The most common algorithms in cyber attack systems are, Random Forest, Decision Tree, Support Vector Machines etc.
In the last few years, the most commonly used machine learning algorithm is, without a doubt, the Deep Learning algorithm. Deep learning is a machine learning algorithm that uses artificial neural networks. Nowadays, most of the companies that do artificial intelligence researchers use this method.
10. Is it possible to detect cyber attacks before they happen?
In order for a cyber attack to be successful, steps used are called the “Cyber Kill Chain”. Attackers might leave traces in some of these steps, or they can access information about the targeted company with previously leaked information. Preventing cyber attacks is only possible if you observe your company constantly through the eyes of an attacker. In addition, knowing what attackers can find about your company beforehand, and as a result, taking precautions to prevent loopholes.
Black Kite’s Cyber Risk Assessment scans most of the information about your company, that can be accessed via the internet.
information that can be accessed about your company include:
- Hacktivist posts that target your company in dark forums or social media.
- Leaked information about your company’s customers and employees. (e-mail, passwords, credit card information etc.)
- Phishing website, and company mobile and desktop applications
You can manage your virtual existence and prevent susceptibility to cyber-attacks with awareness. The Cyber Risk Assessment, gives you the ability to access information about your company from various sources and lets you manage that data to take precautions.