Cyber-security has always been a major concern for providers, vendors and operators of IT systems and services. Despite increased investments in security technology, this has not changed, as evident in several notorious cyber-attacks and related security incidents that have taken place during the last couple of years. It’s time to revolutionize cyber security artificial intelligence.
For instance, earlier this year, the global “WannaCry” ransomware attack has severely affected the operations of numerous organizations worldwide, including major organizations such as Britain’s National Health Service (NHS). “WannaCry” has manifested the potential scale and physical consequences of cyber-crime incidents, while confirming the importance of proper cyber security measures.
Beyond their financial and business implications, cyber-attacks have a significant socio-economic impact as well, as they reduce citizens’ and businesses trust in IT systems and services. This lack of trust is a major issue in an increasingly connected world and in an era where IT systems are a primarily vehicle for increased competitiveness and productivity. It’s therefore important to understand the factors that increase the number and scale of cyber security attacks, along with options for alleviating security incidents against IT infrastructures, such as phishing, botnets, ransomware and DDoS (Distributed Denial of Service) incidents.
Advanced Cyber Security Artificial Intelligence Applications
Effective cyber-protection requires modern, advanced and intelligent cyber-security systems. The scale, complexity and sophistication of these systems are driven by the following factors:
Technology Evolution: The evolving technological complexity of cyber infrastructures renders their protection more challenging. For example, the rise and expanded use of Internet-of-Things (IoT) technologies provides cyber-crime opportunities based on the hacking of individual devices. Such hacking was hardly possible before the advent of the IoT paradigm. This is evident in the emergence of large scale IoT attacks, such as last year’s IoT-based massive Distributed Denial of Service (DDoS) attack that brought down the Dyn’s Domain Name System (DNS) and affected major internet sites like Twitter, Amazon and Spotify.
Complex Regulatory Environment: Nowadays, IT infrastructures’ operators and IT service providers need to adhere to quite complex regulatory requirements, including sector specific requirements (e.g., regulations for financial institutions) and general-purpose regulations such as EU’s general data protection regulation. The implementation of security policies and controls that address these regulatory requirements contributes to the rising complexity of cyber-security systems.
Convergence of Physical and Cyber Security: IT systems are increasingly becoming connected and interdependent to physical systems and processes. This is for example the case with most industrial organizations, which converge their cyber physical infrastructures as part of their digital transformation in the Industry 4.0 era. Industry 4.0 infrastructures in sectors like energy, manufacturing and oil & gas form large scale cyber-physical systems. This cyber-physical nature leads gradually to a convergence of physical security and cyber-security measures and policies towards greater effectiveness and economies of scale. Converged cyber and physical security measures are more appropriate for identifying and mitigating complex, asymmetric security incidents, which are likely to attack both cyber and physical systems at the same time. Overall, while this convergence is beneficial for industrial organizations, it leads to a widening complexity for the respective security systems.
New Business Models and Opportunities: The increased reliance of products and services on cyber infrastructures provides new business opportunities for providers of cyber-security solutions and services. As a prominent example, a new wave of cyber-insurance services is currently designed to support the emerging connected cars and semi-autonomous driving paradigms.
These include for example, insurance business models that consider IT-derived information about the driver’s behavior as a means of adapting the car insurance fees. Supporting these opportunities implies additional security measures concerning for example the secure and trustworthy transmission of information that supports them.
Paradigm Shifts in Cyber Security Artificial Intelligence
Confronting the recent wave of sophisticated cyber-attacks requires new approaches to threat identification, assessment and mitigation. Some of the main characteristics of these approaches, include:
- Integrated and holistic nature: Instead of protecting specific devices and IT systems, there is a need for holistic, cross-cutting mechanisms that span all the different layers of modern cyber-security infrastructures, including individual device, fog/edge computing nodes, as well as cloud infrastructures. The implementation of holistic, cross-cutting mechanisms must be driven by integrated approaches to threat modelling, which identify, assess and rate vulnerabilities/threats across all different layers of a cyber-infrastructure. Assessment and rating is a key to prioritizing the deployment of specific security measures at the most appropriate places of the infrastructure. This is very important given that organizations operate based on quite constrained budgets for IT security, which makes it impossible to provide full protection against all possible vulnerabilities.
- Intelligence and dynamism: To cope with the emerging complex, large scale, dynamic and asymmetric attacks, there is a need for intelligent and dynamic mechanisms that can correlate information from multiple sources to timely identify security incidents and vulnerabilities. In practice, this requires the deployment of advanced data-driven techniques to security identification and assessment, based on machine learning and data mining models that implement a data-driven approach to cyber-security.
- Adherence to latest security standards: Fortunately, security standards have been evolving in-line with the rising sophistication of cyber-security attacks. This means that adhere to standards can be a safe path to designing and deploying systems that support the above-mentioned holistic approach to cyber-security. Organizations are therefore implementing security standards from the popular ISO/IEC 27001 on Information security management to the Security Framework of the Industrial Internet Consortium for securing cyber infrastructures that support industrial processes.
- User Friendly and Human Centric: Novel approaches to cyber-security should consider the human factor, to alleviate the need for end-users to understand security systems and processes. This is particularly important for organizations (such as Small Medium Businesses), which lack the knowledge and equity needed to invest in security training of their personnel.
- New delivery models: Organizations are increasingly adopting new delivery models for security services, such as Managed Security Systems and Security-as-a-Service. These models obviate the need for on premise installations and enable enterprises to leverage security services in a flexible pay-as-you go fashion.
The implementation of solutions with the above-listed characteristics signals a paradigm shift in the way security is designed, deployed and provided. This shift is destined to increase the cyber-resilience of organizations, including large enterprises and SMBs.
How to Revolutionize Cyber Security with Artificial Intelligence
In quest for dynamic, intelligence and holistic cyber-security mechanisms, security experts are nowadays considering the employment of AI based mechanisms. This consideration is largely motivated by recent advances in deep neural learning and AI, which facilitate the identification of very complex patterns based on human like reasoning.
Relevant technology advances have empowered Google’s Alpha AI to defeat grandmasters in the Go game, which is considered a milestone in the evolution of AI technologies. Likewise, AI techniques can be used to detect and assess complex attack patterns, as a means of preventing or alleviating large scale security incidents such as “Wannacy”.
The idea to deploy or revolutionize cyber security with artificial intelligence can provide some compelling advantages, including:
- Detecting complex attacks: Deep learning techniques based on advanced neural networks enable the detection of non-conventional, non-trivial security incidents that can be hardly detected based on commonly used rules and conventional reasoning.
- Predictive Security Analytics: AI is a perfect enabler for predictive security, through employing predictive data analytics based on deep learning. This can enable a paradigm shift from reactive to predictive security. Based on predictive security, organizations can anticipate the occurrence of threats to timely prepare and apply proper mitigation strategies.
- Security Automation: AI systems can increase the automation of security measures, through triggering mitigation actions automatically, upon the detection of cyber-security threats. While human involvement is always necessary and desirable, one way to revolutionize cyber security with artificial intelligence is to increase security automation, while delivering advanced protection functionalities at a lower cost.
Despite these benefits, AI security implementations are still in their early stages. This is because there are several challenges to be addressed towards effective AI deployments. For example, there is a need for collecting and using large amounts of data, which are not always readily available. Therefore, AI systems are usually supported by the deployment of additional security monitoring probes, at the device, fog, edge and cloud layers of the cyber-security infrastructure.
Likewise, the effective deployment to revolutionize cyber security with artificial intelligence requires domain knowledge to avoid failures of the deep learning networks, such as failures due to overfitting on the training data.
Such domain knowledge requires the collaboration of security experts, data scientists and experts in field processes, which is not always easy to achieve. Finally, there is also a need for aligning the operation of AI-based security systems with the business objectives and security policies of the organization, which can be extremely challenging.
In order to alleviate these challenges, enterprises need to consistently collect and manage security datasets, while at the same time assembling a security team with proper skills including both data science and security expertise.
Finally, it’s good to adopt an incremental deployment approach, which boosts the acquisition of knowledge and experience in the AI field, while gradually meeting business objectives. As enterprises face unprecedented security challenges, new approaches are required. AI will be certainly among the most useful tools in organizations’ cyber-resilience arsenal. Despite early challenges, the best means to revolutionize cyber security with artificial intelligence are still to come.