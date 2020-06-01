Adam Bangle, Vice-President, EMEA, BlackBerry Today’s cybersecurity threats are incredibly smart and sophisticated. Security experts have to battle every day to discover new instances, identify which ones are fraudulent, label them as such, and then feed these instances into cybersecurity algorithms. To meet these constantly changing threats, the security industry has followed the example of wartime codebreakers by offloading these tasks to intelligence much greater than any human brain. At Bletchley Park, what turned the tide in the battle against Enigma was Colossus, the world’s first programmable, electronic, digital computer, a machine that was able to perform many more calculations, much faster and more accurately than a team of skilled humans could do. Today’s equivalent of Colossus is artificial intelligence (AI) and machine learning (ML), which are rapidly becoming the foundation of modern cybersecurity infrastructure. The next generation of cybersecurity threats require agile and intelligent programs that can rapidly adapt to new and unforeseen attacks. AI and ML’s ability to meet this challenge certainly hasn’t gone unnoticed by cybersecurity decision makers, the vast majority of whom believe that AI is fundamental to the future of cybersecurity. Well, little wonder. While ML and AI have only recently entered the public’s consciousness (and indeed only been widely considered a cornerstone of cybersecurity for a couple of years), these technologies boast a long pedigree. Way back in 1956, the term ‘artificial intelligence’ was coined at a conference at Dartmouth College, New Hampshire. In IT threat detection, AI has been implemented as early as 1995. Where once security was manual and reactive, technologies that harness AI and ML are automated and predictive. This means the technology is not only capable of preventing known and unknown threats, but of predicting new threats before they are encountered in the real world. As AI and ML technologies continue to mature, they are giving rise to new possibilities for cybersecurity threat protection. For instance, they allow us to automatically flag unusual patterns and enable detection of network problems and cyber-attacks in real-time. These technologies recognize patterns in our environment and apply complex analytics to monitor, and therefore protect, networks and infrastructure to a scale far exceeding what is possible for a human to do. This visibility supplies deeper insights into the threat landscape which in turn informs the ML. This means that AI-based security systems are constantly learning, adapting, and improving – just like human brains, only many orders of magnitude faster and smarter. Powered by AI, the cybersecurity industry, having lagged long behind the malevolent geniuses who continue to develop new malware faster, can finally have the tools to take the lead and stay there.

Dr David Day, Special Officer, NCA You have now read about all the remarkable pioneering implementations of AI in cybersecurity, for ‘good’ and ‘bad.’ So let me now introduce you to the darn right ugly face of AI in our beloved field. We have all heard the cliché before: “cybersecurity is an arms race,” – well, when it comes to AI, it really is. Our nemesis is moving quickly to weaponize AI against us, and here are just a few examples of how they are doing it.



Detecting vulnerabilities in source code: Open source code has always been perceived as a double-edged sword from a cybersecurity perspective. On the one hand, its transparent nature allows robust security checking by an extensive collection of open-source advocates, all keen to contribute to ensuring the application is secure. On the other hand, the bad guys can see it too, and if they spot a vulnerability in the code, they will keep quiet and compromise it; the so-called ‘zero-day’ attack. With AI, they now have the means to do this quicker and easier. A recent academic paper from Beijing University proposes methods of using machine learning to teach safe programming patterns to systems by subjecting them to many instances of known mature safe code. This learning process then creates rules for determining secure code. If new code is then subjected to these rules and fails, we can be almost sure it is vulnerable. Imagine the bad guys feeding through masses of code snippets from Github to these algorithms – not a pleasant thought is it? Kamikaze malware: One of our principal weapons against malware is the ability to reverse engineer it and figure out precisely what it is doing. The process consists of using specialized tools, including disassemblers, network analyzers, debuggers and memory analysis tools. Evidently, though, nobody wants to execute malware in a production environment, so the analysis tools are usually bundled together into malware analysis sandboxes, to isolate the malware analysis procedure from the operating system. In retaliation, the malware developers include several tests to see if the malware is operating in a sandboxed environment, and if it is, it modifies its intended operation or deletes itself to keep us all guessing how it works, sneaky eh? However, the researchers know these tricks and hook into the malware, fooling it into thinking it is on a real system, touché bad guys! For now, the bad guys have AI and can train the malware to recognize the patterns of virtualized environments, and when they detect they are running in one, they will shut up shop – checkmate, the hackers win. IBM’s Deeplocker: This proof of concept AI malware was designed by IBM and first showcased at Blackhat USA in 2018. The malware is combined with benign software such as an audio application to avoid detection by security analysis and anti-virus. Also, it is fused with target attributes. When these target attributes are recognized, the malware is opened, and the payload activated. This target recognition uses an AI neural net which has been trained to detect traits of the target. With the target identified, the malicious payload, e.g. ransomware, is released. It brings to mind images of precision-guided smart missiles hitting their targets. The million-dollar question is, are such techniques in the wild now? The truth is, we don’t know for certain, but one thing is for sure, they are most definitely coming for us.