Artificial Intelligence and Cybersecurity
Information systems are greatly identified as the engine that drives and supports the U.S. and global economy, giving industry a strategic competitive advantage in global markets, enabling the federal government and agencies to collaborate among themselves, and building a 21st century digital government platform to provide better services to their citizens. The 21st century is the age of digital information when information within corporation becomes an imperative important strategically and, it is valuable resource than ever as the development of such field like business economics intelligent underlines it. But information systems are exposed to serious internal and external threats that can have adverse effects on organizational operations. Unfortunately, the complexity of security attacks, and increased number of vulnerabilities, and lack of effectively protecting against the dynamically evolving attacks within organization networks have greatly increased over the past few years, even the best security mechanisms can be bypassed by professional hackers. The National Institute of Standards and Technology’s (NIST) National Vulnerability Database (NVD), established just a little over a year ago, now contains information on 20,000 computer system vulnerabilities, up from the original 12,000, and the website receives hits at a rate of 25 million per year. For those organizations trying to prevent computer system attacks, keeping up with the hundreds of new vulnerabilities discovered each month can be an overwhelming and challenging task (http://nvd.nist.gov/). In the recent research survey, it shows (Figure 5.1) the United States having by far the most cyber-attacks, followed by China and then Germany.
Figure 5.1 Countries by Cyber-attack
Countries by Cyber-Attack
Despite widespread training, education, and awareness of the impact of cybercrime, cyber-attacks continue to occur frequently and result in serious financial consequences for businesses and government institutions. This statistic gives information on the percentage of annualized cybercrime cost of the U.S. companies in 2015, by type of attack. During that year, 24 percent of costs caused by cybercrime were due to malicious code (Figure 5.2) (http://.statista.com/statistics/193431/annual-cyber-crime-cost-for-us-companies-by-attack-type/).
Figure 5.2 The percentage of annualized cybercrime cost of the U.S. companies in 2015
Ponemon Institute’s 2015 cybercrime study report found that the cost of digital crime rose by 19 percent in the last year, and the average annual loss to companies worldwide is 47.7 million.
Many organizations are still applying manual efforts to compose cybersecurity threat findings and to characterize them with external threat information. Using these mechanisms, it can be time consuming to detect, and identify intrusions, during which time intruders can exploit vulnerabilities to compromise systems, and extract sensitive organization information. To address these issues, and challenges, organizations are making progress toward better condition in cybersecurity by applying artificial intelligence (AI) in their business operation. AI offers enormous potential to enable more efficient and effective business and government operations. AI can help an organization to predict, prevent, and defeat attacks. For example, product recommendations from services such as Amazon and Netflix that evolve through users’ web experiences are powered by machine learning, or digital images from millions of satellite observations can be analyzed for environmental or socioeconomic trends using machine learning to identify patterns of change and development, by applying neural networks, genetic algorithms, Markov models of various sorts, and other machine learning to detect anomalies to packet streams, protocol uses patterns. This chapter creates and develops a new perspective in information security management, and it introduces a new concept called AI and cybersecurity. It supports the organization cybersecurity strategy in their information security management processes by applying the AI techniques. This chapter also discusses about managing information security by applying AI in organization cybersecurity operation, and businesses can strategize how to implement AI within their organization. Also, the latest AI products related to cybersecurity will be discussed.
Given the increased dependence of businesses on computer-based systems and networks, vulnerabilities of systems abound, lack of cyber security strategies, lack of proper commitment from top management, lack of proper policies, standard, awareness, and education. For that reason over the past decades managing the information systems security has risen to be a challenging task. Clearly, exclusive reliance on either the technical or the managerial controls is inadequate. Rather, a new perspective to information security approach is needed. Technical approaches by itself cannot work out an answer or solution for the security problems for a simple reason that information security is not merely a technical problem, but also is a management problem.
A core concept and message is that good security in an organization starts at the top management, not with technical tools such as firewalls, intrusion detection systems, antivirus, or biometrics devices. Top senior management has a much more significant role to play in achieving security than they may think.
The first strategy of organization must be to develop and monitor mechanism to evaluate the quality of information security by applying the AI techniques to secure information in enterprise.
The development of evaluation mechanism depends on the risk assessment of the organization. The organization shall specify the critical risk factors and indicate the potential level of exposure. These factors are what determine the implementation of evaluation mechanism to controls, and, therefore, must determine its behavior over time to determine whether the level of risk exposure has increased or decreased [3, 11, and 12]. Determining the effectiveness of controls is a fundamental practice applied to assess risk. The result obtained by the risk analysis identifies the controls to be implemented. The risk classification obtained by the analysis will define the nature of the measurement mechanisms employed to attempt to measure the effectiveness of controls. The key to the metrics definition is the correct definition of the critical attributes of the control to measure the risk exposure of the company. The AI techniques play key role in risk management processes. The process of risk management consists of risk identification, risk assessment, and risk control. The first phase of risk management is risk identification with respect to system vulnerabilities. Risk identification is the process of determining risks that could impact the confidentiality, integrity, and availability of the information system. Based on Garvey (2008) analytical methods for risk management are illustrated in Figure 5.3.
Figure 5.3 Fundamental steps in risk management
The second step of risk management is risk assessment. Risk assessment is a key component of a holistic, organizationwide risk management process as defined in NIST Special Publication 800-39, Managing Information Security Risk: Organization, Mission, and Information System View. Based on NIST 800-39 document the risk assessment is illustrated in Figure 5.4.
Figure 5.4 Risk assessment within risk management process
The third step of risk management is risk control or risk treatment. The notion of this step is to develop a plan that identifies the countermeasures necessary to reduce, retain, avoid, or transfer identified risks. Organizations confront an uphill challenge when it comes to identification of threats, since the attack mechanism is changed from network and endpoint to cloud services, application, and mobile devices (e.g., tablets, mobile phones, smart watches, and Bluetooth devices). The business model has changed from traditional business model to e-commerce, m-commerce, and Internet of Things (IoT). As the next 50 billion IoT devices come online by 2020, the organizations will face some apprehension challenges, such as securing the security of their devices. Also there are challenges of the of big data to the organization which changing the way businesses compete, and operate. Security big data is a major concern within organization. Based on recent research which it indicates that, it takes most of organization on average 146 days to identify the attack, and fix the critical vulnerabilities (https://info.whitehatsec.com/rs/675-YBI-674/images/WH-2016-Stats-Report-FINAL.pdf). This report obviously represents that we need to reconsider or reassess the existing approach to cybersecurity. With the complexity and amount of cyber-attacks, and also the speed of processes and the amount of data to be analyzed to defending the organization information security systems cannot be handled by human or human intervention is simply not sufficient for timely attack analysis, and appropriate response to the attacks. For that reason we need a more sophisticated information security system that requires to be flexible, adaptable, and robust (Selma 2015) and able to detect a wide variety of threats and make intelligent real-time decisions. This is why we need innovative methodologies such as applied AI that provide flexibility, and machine learning capability to software, which will help human to defending cyber threats/attacks. There are tremendous benefits for cybersecurity professionals to invest AI and cognitive techniques. For example routine tasks such as analyzing large volumes of security event logs can be automated by using machine learning to increase accuracy. As systems become more effective at identifying and recognizing malware and unauthorized access, cybersecurity systems can become “self-healing” by updating controls and patching systems in real time, and as a direct result of machine learning and understanding how hackers exploit new approaches. AI methodologies can help in developing a better threat detection algorithm to secure the information security systems (Anwar). Threat detection is definitely a main focus of today’s AI and machine learning technology. As we illustrated in Figure 5.5 the machine learning should be part of detecting the threat and identifying organization information systems vulnerability, and assess the risks with respect to them. Based on Selma (2015) some of the scholars such as Chaudhary et al. (2014) developed an anomaly-based fuzzy intrusion detection system to detect the packet dropping attacks in mobile ad hoc networks; Benaicha et al. (2014) presented a network intrusion detection model based on genetic algorithm, and also Padmadas et al. (2014) developed a layered genetic algorithm-based intrusion detection system for monitoring activities. There are companies using AI in cybersecurity. For example, based on CBINSIGHTS report Cylance applies the AI algorithms to predict, identify, and stop malware and mitigate damages from zero-day attacks. Tantium, a real-time endpoint management solution that provides instant visibility into networked devices through natural language processing, allows enterprises to collect data and update machines across networks. LogRhythm offers threat intelligence and analytics, for organizations to rapidly detect, respond to, and neutralize threats, in addition to compliance automation and assurance, and enhanced IT intelligence. Darktrace pairs behavioral analytics with advanced mathematics to automatically detect abnormal behavior in organizations. RiskSense uses a contextualization engine and human-interactive machine learning technology to drive risk-based analytics and prioritize remediation actions based on business criticality. Sift Science provides real-time machine learning fraud prevention solutions for online businesses. Avata Intelligence delivers descriptive, diagnostic, predictive, and prescriptive analytics to understand and respond to security threats. E8 Security provides intelligence and analytics software alongside a big data platform for long-term data retention and retrospective analysis. Finjan’s online security innovation cultivates proprietary technology that is focused on proactively detecting threats by identifying patterns and behavior of online viruses and other malicious code, rather than relying solely on lists of existing or known coded threats. F-Secure’s endpoint products prevent all examples of the threat. F-Secure’s vulnerability management product flags the used vulnerabilities within the system for remediation. Finally, the F-Secure-managed incident response service detects the attack and enables immediate response to the threat.
Figure 5.5 Machine learning in threat, vulnerability, and risk
The second strategy must be to develop a holistic approach to securing, processes, and people. Processes (policy, standard, and procedures) and people are the imperative elements of an effective quality information security program by applying the AI techniques to secure information in enterprise (Figure 5.6). The mantra of a good cybersecurity is not only about technology, but it is also about people and processes. A holistic approach to information security means that security is integrated with every part of the development life cycle (hardware, software), creating a defense in depth against vulnerabilities. This kind of approach should support the people through security training, culture of security within organization, the process through policies, standards, procedure, measurement, and metrics, and finally the technology through security assessment and support tools by embedding AI. There are companies using AI in cybersecurity. For example, based on Venture radar report Exabeam offers user behavior analytics that leverages existing log data to quickly detect advanced attacks, prioritize incidents, and guide effective responses. Status Today protects companies from insider threats and data breaches using a patent-pending AI that understands human behavior. Using machine learning techniques and organizational human behavior it detects possible malicious behavior, no matter how big or small. The system doesn’t intercept data or intrude in the network, which might decrease the performance, but instead uses a passive monitoring approach that sits behind the scene. Harvest aims to replicate the processes of top security researchers: searching for changes in behavior of users, key business systems, and applications caused by targeted cyber-attacks. Harvest has applied AI-based algorithms to learn the business value of critical documents across an organization, and offer what it describes as an industry-first ability to detect and stop data breaches from targeted attacks and insider threats before data is stolen. Fortscale’s user and entity behavior analytics (UEBA) solution combines expertise from the Israeli Defense Force’s elite security unit, big data analytics, and advanced machine learning to deliver what the company describes as the holy grail of enterprise security: The ability to rapidly detect and eliminate insider threats. From rogue employees to hackers with stolen credentials, Fortscale is designed to automatically and dynamically identify anomalous behaviors and prioritize the highest-risk activities within any application, anywhere in the enterprise network. JASK says that the tsunami of logs, SIEM ( Security Information and Event Management) events, and other indicators that security analysts face every day produces a never-ending flood of unknowns, which forces these analysts to spend their valuable time sorting through indicators in the endless hunt for real threats. JASK is aiming to solve this problem by developing a new AI-based approach that can highlight the real actual attacks.
Figure 5.6 Machine learning, people, processes, and ideal security
Conclusion
In recent years AI is regarded as one of the most expressing assurance developments in the information security and cybersecurity framework. In the presence of an environment of fast growing advanced attacks it is impossible to defend the organization systems without applying AI to cybersecurity. For that reason, researchers and practitioners cultivated and developed new AI techniques to enhance the cybersecurity. Obviously the new developments in knowledge-based understanding, demonstration, and dealing furthermore in machine learning can greatly increase the cybersecurity defense mechanism. These systems are more flexible, robust, and adaptable, also in following a manner helping to improve security performance, and better defend systems from sophisticated cyber threats. At the present time machine learning techniques are the most powerful tool to be applied to the cybersecurity. Despite the promising role of AI in cybersecurity framework, a holistic perspective on the cyber environment of organization is required. The mantra of a good cybersecurity is not only about technology, but it is also about people and processes. In the end, it is still human factor that matters not only the technology. It’s important to understand that AI is not the answer to all our cybersecurity challenges. Like other technologies, there are pros and cons about that technology. AI and machine learning can make sense of patterns across many sets of quality, and accurate data, to build the model for machine learning purposes; however, lack of collecting accurate data affects the machine learning process. Organizations and business executive’s leaders are advised to familiarize themselves with the cutting edge of AI techniques and security research to support their business operation.
References
Allen, G., and T. Chan. 2017. Artificial Intelligence and National Security. Report. Boston, MA: Harvard Kennedy School, Harvard University.
Anwar, A., and S.I. Hassan. 2017. “Applying Artificial Intelligence Techniques to Prevent Cyber Assaults.” International Journal of Computational Intelligence Research 13, no. 5, pp. 883–89.
Chen, H., and F.-Y. Wang. 2005. “Guest Editors’ Introduction: Artificial Intelligence for Homeland Security.” IEEE Intelligent Systems 20, no. 5, pp. 12–16.
Chui, M. 2017. “Artificial Intelligence the Next Digital Frontier?” McKinsey and Company Global Institute, https://.mckinsey.com/global-themes/artificial-intelligence (accessed August 21, 2017).
Dasgupta, D. 2006. “Computational Intelligence in Cyber Security.” In Computational Intelligence for Homeland Security and Personal Safety, Proceedings of the 2006 IEEE International Conference on, pp. 2–3.
Garvey, P.R. 2008. Analytical Methods for Risk Management: A Systems Engineering Perspective. Bedford, MA: Taylor & Francis Group, CRC Press.
Greengard, S. 2016. “Cybersecurity Gets Smart.” Communications of the ACM 59, no. 5, pp. 29–31.
Hager, G.D., R. Bryant, E. Horvitz, M. Mataric, and V. Honavar. 2017. “Advances in Artificial Intelligence Require Progress Across all of Computer Science.” https://arxiv.org/abs/1707.04352 (accessed August 19, 2017).
Kasprick, R., J. Hoffman, J. Straub, and E. Kim. 2016. “Cyber Security Artificial Intelligence Expert System.” https://works.bepress.com/jeremy_straub/314/download/ (accessed July 7, 2017).
Landwehr, C.E. 2008. “Cybersecurity and Artificial Intelligence: From Fixing the Plumbing to smart water.” IEEE security & Privacy 6, no. 5, pp. 3–4.
Madhok, E., A. Gupta, and N. Grover. 2016. “Artificial Intelligence Impact on Cyber Security.” IITM Journal of Management and IT 7, no. 1, pp. 100–107.
Markov, Z., I. Russell, and B. Eberle. 2016. “Report on the 29th International Florida Artificial Intelligence Research Society Conference (FLAIRS-29).” AI Magazine 37, no. 4, pp. 81–83.
Merat, S., and W. Almuhtadi. 2015. “Artificial Intelligence Application for Improving Cyber-security Acquirement.” In Electrical and Computer Engineering (CCECE), 2015 IEEE 28th Canadian Conference on, pp. 1445–50.
Mittu, R., and W. Lawless. 2015. “Human Factors in Cybersecurity and the Role for AI.” In Foundations of Autonomy and Its (Cyber) Threats: From Individual to Interdependence, AAAI Spring Symposium Series.
Morel, B. 2011. “Artificial Intelligence and the Future of Cybersecurity.” In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, pp. 93–98.
National Institute of Standard Technology, NIST 800-39. 2011. “Managing Information Security Risk: Organization, Mission, and Information System View.” https://csrc.nist.gov/publications/detail/sp/800-39/final (accessed August 10, 2017).
Patil, P. 2016. “Artificial Intelligence in Cyber Security.” International Journal of Research in Computer Applications & Robotics 4, no. 5, pp. 1–5.
Pfeffer, A., B. Ruttenberg, L. Kellogg, M. Howard, C. Call, A. O’Connor, G. Takata, and et al. 2017. “Artificial Intelligence Based Malware Analysis” https://pdfs.semanticscholar.org/8e58/db5def7e10e7e442236df7c4ec01da024e1f.pdf (accessed August 19, 2017).
Rehman, A. and T. Saba. 2014. “Evaluation of Artificial Intelligent Techniques to Secure Information in Enterprises.” Artificial Intelligent Review Journal 42, no. 4, pp. 1029–44.
Research Artificial Intelligent. 2016. “Cybersecurity’s Next Step: Artificial Intelligence Is Helping Predict, Prevent, and Defeat Attacks.” https://.cbinsights.com/blog/cybersecurity-artificial-intelligence/ (accessed September 10, 2017).
Russell, S., D. Dewey, and M. Tegmark. 2015. “Research Priorities for Robust and Beneficial Artificial Intelligence.” AI Magazine 36, no. 4, pp. 105–14.
Selma, D., H. Çakır, and M. Aydın. 2015. “Applications of Artificial Intelligence Techniques to Combating Cyber Crimes: A Review.” International Journal of Artificial Intelligence & Applications (IJAIA) 6, no. 1, pp. 20–24.
Tyugu, E. 2011. “Artificial Intelligence in Cyber Defense.” In Cyber Conflict (ICCC), 2011 IEEE 3rd International Conference on, pp. 1–11.
Thomas, A. 2016. “10 Hot Startups Using Artificial Intelligence in cyber security.” http://blog.ventureradar.com/2016/03/11/10-hot-startups-using-artificial-intelligence-in-cyber-security/ (accessed September 7, 2017).
Wirkuttis, N., and H. Klein. 2017. “Artificial Intelligence in Cybersecurity.” Cyber Intelligence, and Security Journal 1, no. 1, pp. 21–3.