Artificial Intelligence (AI) offers support against cyberattacks

Some people associate AI with the concern that technology could take over more and more human jobs. In the field of IT security, where ever-increasing challenges meet notorious staff shortages, this is precisely where a great opportunity lies: to ward off malware, attacks on mobile devices or targeted phishing attacks on individuals and departments, technology can relieve employees and support them in IT protection. In particular, machine learning (ML) techniques, a subfield of artificial intelligence, can help develop secure IT systems that adapt to threats as they learn. ML methods are generally well suited for analyzing large volumes of data and detecting anomalies. However, this requires a great deal of effort to train the systems.

IT attacks are constantly changing. Until now, however, reactive protection concepts have been in the majority in IT security: virus scanners and firewalls check data for known malware, hacking trends and security gaps, and after new security incidents, a corresponding update must be imported and delivered. AI allows a proactive reversal in that it can also independently analyze and document relevant security incident anomalies and defend against threats. Many providers of cyber security solutions use AI components in their software – to varying degrees of automation:

• When protecting against malware, many antivirus systems work with malware signatures that manage only hash values for efficiency reasons. Even minor changes to malware lead to new hash values, so that similar malware is managed in parallel. Unlike such rule-based systems, ML systems, after being trained with “good” and “bad” data, can also detect malware patterns and weight results.
• ML can also be used to detect IT intrusions using intrusion detection mechanisms: Since recording and analyzing network communications produces a huge volume of data and a high number of potential attack alerts, AI and ML systems can help with automated evaluation. ML models that predict events and vulnerabilities in the future are even conceivable.
• ML also offers the opportunity to complement existing methods for detecting botnets. Scientists have succeeded in using ML methods to distinguish attacks by real people from those by botnets on honeypots and thus also to obtain information on the origin of the botnets.
• AI can also be useful as a basis for security training by detecting spear phishing attacks, blocking them, and thereby identifying which employees are at the highest risk of exposure. Here in particular, however, there is the challenge of using the technology in a privacy-compliant manner.
• Last but not least, AI is valuable as a code optimizer in the spirit of “security by design” when program code is scanned for vulnerabilities during software development. ML-based vulnerability scanners not only detect known vulnerabilities and entry points, but also typical vulnerability patterns. Beyond this, machine learning methods are already being used in IT security by various providers, for example in antivirus programs or anomaly detection systems.

Author: Schnaubelt, G. (2022)  “Künstliche Intelligenz – Eine Technologie als Fluch und Segen für die IT-Sicherheit, „ IKH Ulm website, https://www.ihk.de/ulm/inno-und-umwelt/wirtschaft-digital/it-sicherheit/kuenstliche-intelligenz-4455326, retrieved on 19.10.2022