To understand why artificial intelligence (AI) is an important tool in today’s and future cyber security toolkits, we must first understand how the threat landscape evolves and what threats Internet users face every day.
Evolving threat landscape
The global threat landscape is changing. Internet consumers are now facing very different threats. On the one hand, a large number of highly automated botnets infect consumer devices. On the other hand, social engineering (or phishing) attacks attempt to trick users of money and data.
According to researchers, the scale of the botnet threat is expanding: the data on the device adoption of about 1.7 billion Internet connected devices in North America shows that many Internet of Things (IoT) devices are becoming more and more popular. Among these devices, the threat of IP cameras and network attached storage (NAS) devices is particularly worrying because malicious actors attack them more frequently than other devices.
At the same time, mobile devices (mobile phones, tablets and smart watches) remain the most popular devices and face different threats. CUJOAI’s security data shows that nearly 60% of mobile device threats are related to insecure browsing: millions of devices are accessing malware distribution, spam and spyware websites. Worryingly, about 20% of mobile browsing threats come from phishing activities, which is one of the most difficult threats to deal with due to the transience of phishing websites.
Today’s use of AI to address threats
In the past, security solutions were mainly passive: researchers from cyber security companies would find a new malware sample, analyze it, and add it to the malware list. The industry is still using this approach, but its actions are more proactive, especially in dealing with social engineering threats.
Machine learning or artificial intelligence algorithms have played a key role in this transformation. Although they are not a one-stop solution to all cyber security problems, they are very useful for quickly automating the decision-making process and data inference patterns that are incomplete or altered. These algorithms first learn from real world data, such as existing security threats and false positives, and the latest threats found by global researchers.
Artificial intelligence algorithm is a pattern detection machine, which has significant advantages over the traditional list based security system. AI enhances and transcends these systems by detecting new threats that exhibit suspicious patterns. The learning process of AI proficiency at this stage is substantial, and can only be realized by using a powerful data source for each threat vector.
Machine learning systems are not magical and can make mistakes. However, once the error range of algorithms is small enough, they become indispensable in online security, because the fast decision-making process reduces user friction and will not have a negative impact on the user experience. This is the key to large-scale enhancement of cyber security, and also a popular side effect of using AI in cyber security. It not only improves security, but also covers most areas of the threat environment.
Due to its nature, AI algorithms can prevent some new threats: security threats, malware and countermeasures, which are usually developed on the basis of previous utilization and malware. Relatively speaking, there are few truly novel threats every year: most malicious actors are not developers, but users of the “malware as a service” suite or existing modifiers who leak malicious code. Researchers revealed this in a recent study on the evolution of the Sysrv botnet. Most of the new malware strains are combinations and recombinations of other existing malicious codes.
Because these linearly evolving threats can usually avoid standard anti malware detection, AI is a useful tool to enhance global cyber security. Simple adjustments are rarely enough to defeat these algorithms.
According to past experience, it is a great success to adopt artificial intelligence algorithm to strengthen the protection of tens of millions of families. Now, we have successfully combined the best practices of existing cyber security solutions with the progress of machine learning to produce a very low friction security solution, enabling network operators to protect their consumers. On the scale of CUJOAI, AI can help prevent about 10000 threats per minute.
Responding to Future Threats with Artificial Intelligence
One of the most exciting and valuable achievements in the field of artificial intelligence cyber security may be to warn users of suspicious websites (including phishing websites) before they visit them. Since social engineering attacks usually cause the greatest damage and loss to consumers’ privacy and finance, it is extremely important to use AI to prevent new attacks before they appear in industry databases.
Looking forward to the future, cloud computing based AI driven cyber security also has a key function beyond standard anti-virus and firewall, because it can be deployed on routers to enhance the protection of all devices on a given network. This is very important because according to data, about 50% of networked devices cannot run anti-virus software.
Without AI, the future of consumer cyber security is unimaginable, especially when it comes to the scale and threat of social engineering and Internet of Things malware.