AI-based cybersecurity: Hype or reality?

Article By : Ludovic F. Rembert

Given the hype around AI and ML, it’s very easy to overestimate the threat level presented by these technologies, and equally as easy to overestimate the protection they provide...

AI and ML were once thought of  technologies that would struggle to find real-world applications, but they are an increasingly inherent part of our lives.

One in five organizations are already using AI technologies to some degree, and two thirds of organizations not using it plan to implement it by the end of this year.

These technologies are not only a force for good, though. There are both challenges and opportunities for machine learning, and nowhere is this seen more clearly than in the cybersecurity sector. At the same time that cybersecurity teams are using ML technologies – and Neural Networks in particular – to identify threats, hackers are using the same techniques to attack them.

Given the hype around AI and ML, however, it’s very easy to overestimate the threat level presented by these technologies, and equally as easy to overestimate the protection they provide.

In this article, therefore, we’ll undertake a realistic assessment of how AI and ML are being used by hackers and organizations.

The Threat

There is much speculation when it comes to the threat presented by ML technologies. Some of this speculation claims future capabilities that are hard to credit.

In this category, for instance, can be found types of AI-driven malware that will intelligently probe for weaknesses in a victim’s systems. The real threat presented by ML – at least at present – is much more limited, and largely relies on training Neural Networks (NNs) to mimic legitimate network traffic or communications.

Among the real-life examples of AI being used in cyberattacks is IBM’s AI-driven proof of concept DeepLocker. This system is able to leverage publicly available data in order to conceal itself from cyber security tools, lying dormant until it reaches its intended target. Once it detects the target — either via facial or voice recognition — it executes its malicious payload.

Another real-world example of malicious uses of AI was the recent incident in which an as-yet unknown hacking group managed to use DeepFakes – fake videos created using NNs – to trick a UK-based energy company into making a transfer into the attackers’ bank account. Although this hack relied on ML technology, however, it’s also worth recognizing that at the most fundamental level this was used to facilitate a fairly “traditional” phishing scam, rather than presenting a completely new threat.

AI in Cybersecurity

At present, the use of NNs in cybersecurity appears to be much more developed, and much more widely-used, than the use of these technologies in attacking systems. AI is already improving organizational security, and the AI cyber security market is also valued at $8.8 billion, expected to top $38 billion by 2026.

At first glance, ML systems appear to offer many benefits when it comes to threat prevention. Identifying anomalous network traffic is a difficult and slow process for human operators, and the measures that NNs – in particular – employ could be useful in speeding this process up.

However, it’s also worth recognizing that these systems rely largely on NNs, rather than on truly intelligent AIs. Machine learning cybersecurity systems are being used to spot unusual network activity that could be an early indication of an imminent attack.

The benefit of these systems is still primarily their speed, rather than their ability to intelligently respond to attacks. Website security systems, for instance, can scan web activity to detect the bots used to probe for weaknesses, but at present they are unable to respond directly to suspected attacks.

The Challenges

This is all not to say that ML will not find increasing use in cybersecurity or hacking. However, at present the utility of ML systems is limited by a number of challenges.

Foremost among these are the computational resources, and the huge amounts of data, that are required to train these systems. Recent research which sought to assess the value of ML models in detecting TOR traffic is a good indication of this.

This research showed that a good level of protection against data exfiltration via anonymised traffic can be achieved by deploying ML techniques to analyze incoming requests. However, the researchers also point out that the datasets used in this research were far smaller than those that are typical of the average cybersecurity environment.

This issue of scale remains the biggest challenge for both hackers and cybersecurity staff seeking to use ML techniques. Even malware scanners are not typically trained on datasets large enough to overcome training bias, if only because the average firm does not have access to the kind of global datasets needed to do this.

  • At the moment, the primary use of AI and ML (for both hackers and cybersecurity professionals) is in the automatic analysis of network traffic. Major tech corporations such as Google and Facebook have been utilizing machine learning to identify trends and patterns over massive data sets. The goal is to develop algorithms that can evolve over time and lead to a future of artificial reality.
  • Specifically, Facebook has been using machine learning to develop their facial recognition technology, while Google is using machine learning algorithms to scan new queries being run every second. In the end, both will be used to help understand how worldwide behavior is shifting. Systems can therefore provide threat intelligence to both groups, but at the moment the autonomy of AI tools is extremely limited.

The Future

Given all the observations above, it’s easy to be skeptical of the claims made for AI and ML systems. It’s clear, on the one hand, that such systems are going to become more common, not least because of their usage in IoT networks.

However, at the moment the ability of these systems to defeat cyber threats, or indeed to perform novel types of cyber attack, remains limited.

— Ludovic Rembert is a security analyst, researcher, and the founder of

Leave a comment