Artificial intelligence and security: what you should know
In March 2019, Norsk Hydro, a Norwegian renewable energy and aluminum manufacturing company, faced a ransomware attack. Instead of paying the ransom, a cybersecurity team used artificial intelligence to identify corruption in the computer system and rebuild operations in an undamaged parallel system. Finally, the ransomware LockerGoga, which spread via Windows-based systems, was identified as the culprit. Although Norsk avoided paying the ransom, the attack left it without computer systems for extended periods (weeks to months) while the security team isolated thousands of employee accounts and scanned them for malicious activity.
Signature-based detection is an approach that creates a unique identifier of a known threat so it can be identified in the future. However, signature-based approaches require continuous updates that take time and effort to maintain. Next-generation artificial intelligence (AI) products proactively learn and identify changes in the networks, users, and databases through data drift to adapt to specific threats as they evolve.
AI products are the linchpin of a multi-layered defense system that can be used prophylactically in the background, especially against unknown threats. Cyberattacks that dominate the nightly news usually end in disaster; It is rarely reported how AI could have prevented these attacks in the first place. Additionally, cyberattacks, which are contained or thwarted on a daily basis while AI is ubiquitously at work, almost never make the news because they are so common.
Unfortunately, due to the lack of coverage of these “non-events” on public forums, most people fail to understand how AI makes effective cyber defenses achievable rather than just theoretical. Here’s what you should know.
Next generation deep learning AI tools
Data drift is a term used to measure changes in underlying data patterns. A case in point would be when an e-commerce company launches a new payment gateway for selling furniture. In this case, BECS direct deposit could be a new financial term being introduced into the business process. BECS, or Bulk Electronic Clearing System, governs how direct debits, automatic payments, bill payments, and direct credit work and how a series of bulk electronic transactions are conducted between its participants.
Deep learning AI models can recognize the term and classify it as a financial transaction with minimal human assistance. Next-generation AI can then monitor the flow of data from financial transactions and correlate the data accordingly, linking it to financial context and sensitivity.
For example, financial data monitoring may involve an application programming interface while the user checks out through an online shopping cart, or even general business operations. The advantage of the auto-detection approach is that a security team does not have to keep an eye out for new vulnerability patches for these terms. Instead, the security team can rely on AI to recommend new data patterns and patch themselves accordingly.
A successful attempt to thwart phishing attacks that compromised Stanford University can serve as an example. WannaCry ransomware threatened campus systems, but the university’s self-patching AI software, in addition to its firewall protection and email security solutions, prevented the threats from successfully escalating.
Data transformers are one of the AI tools to automatically detect and classify data patterns. A Transformer model stores and tracks relationships between changes in data attributes to gain contextual insights. In many ways, it is similar to how the human brain works when reading a book. Although you often don’t understand a character’s role in the story or their relationships to the other characters when they first appear, you gain this knowledge as the story develops.
Data transformers leverage attention-based mechanisms that constantly learn the same way to gain a better understanding of networks, files, emails, etc. and the relationship and interaction of data content to identify and classify malicious changes. The text is represented by mathematical data sets that derive data representations that can later be used to quantify the changes in the data as it is processed by a Transformer.
Deep learning models can also be used for behavioral purpose classifications that help security teams efficiently identify sensitive or malicious content. An AI Transformer model uses its natural language understanding to analyze email data it’s never been exposed to, such as: B. credit offers, lottery ticket promotions, job offers or COVID test results to classify and identify malicious content. Similar mechanisms can be used to identify malicious content in documents containing employee health information, although the AI model had never analyzed health data of any kind before. The transmission model proactively warned security teams about the disclosure of sensitive data before a security breach occurred.
What this means for your company
Not only is it important to ensure that cybersecurity systems are in place to mitigate and prevent threats, but it is also important to have the right system to suit the needs of your business. Manual document classification for documents, emails and text messages is complex and requires technical know-how. Deep learning transformers simplify these tasks and, if executed correctly, can be used efficiently to save cost and effort.
However, an AI model with the wrong settings can lead to false positives and, in turn, over-alerts, causing headaches for security teams. Therefore, when choosing products with AI components, you should always seek professional advice. Next generation AI tools will be able to automate your business processes with minimal setup, human intervention, rules and policies.