With the artificial intelligence cyber-hacking arms race already moving at a break-neck speed, a group of Ben-Gurion University experts warn that cyber defense can waste no time in playing catch-up.
BGU expert Bracha Shapira, speaking to The Jerusalem Post by telephone after presenting at this week’s World Economic Forum in Davos, said that cyberattackers using AI “are winning… their role is easier… things are not great at this moment.”
In order “to defend, you must find all of the holes,” and plug them, whereas AI cyberattackers “just need to find one hole,” she said.
BGU expert Yuval Elovici told the Davos Forum that “AI aims to create intelligent machines… When the attacker conducts malicious activity… he must make sure that he will remain undetected… the attacker employs various obfuscation techniques.
“Today, the attacker conducts an AI-based detection analysis in a lab environment in order to understand whether the malicious code will be detected by an anti-malware tool. AI tests the code vis-à-vis every possible detection engine, and automatically re-crafts it, so it will remain undetected by existing tools and methods,” said Elovici.
“AI is also able to assist the attacker in achieving the attack goals more quickly and more efficiently. When the attacker is after specific information… once he has penetrated the organization and gained access to the system, he will need to scan it and locate the required information,” he added.
“Since the target system may have a huge amount of data, locating the specific files may require a lot of time. AI is able to automatically scan the machine and prioritize the documents to be leaked,” Elovici said.
SHAPIRA OFFERED up some hope and advice. She said that “at the end of the day, humans use computers. We need to try educate people to be aware. If you have one person who might not be aware” of cyber threats, then “you can have the most sophisticated defense, but someone opens up something bad, and all the defenses can collapse.”
AI cyber defense “techniques might be utilized for intelligent detection of attacks. Supervised machine learning can classify between benign and malicious patterns when enough data to learn those patterns” exist to identify “new attacks that deviate from the normal pattern,” she said.
Furthermore, “every program leaves unique footprints in the cyberspace that can be traced and learned. Malicious programs would have a different pattern from the normal behavior, since they must act differently to achieve their goals,” she explained.
Unlike even the smartest human analysts, Shapira said that AI cyber defense can go beyond a simple diagnosis of an attack to look at “all of the layers of cyber traffic on the network… not just one layer… it can look at the timeline and use powerful algorithms to process all of the information.”
Moreover, AI cyber defense can “analyze an anomaly further to see if it could be malware, including new malware that we do not know about… the amount of information AI can process, not just the speed, and to connect it… humans cannot do it… it is like taking thousands of pictures to make a pattern.”
Shapira said AI is also important on defense, because even if cyberattackers have an advantage, simply using AI to slow them down could get them to move on to a different target.
“Attackers’ motivation is money. They think about if the cost of an attack is less than the benefit… so you want to try to make attacks more costly so they are not worth it,” she said.