When it comes to artificial intelligence, people typically envision a Sci-Fi world where robots take the scene. But artificial intelligence is already here, improving everyday technologies such as ecommerce, surveillance systems and many others.
It’s also the not-so-secret weapon of cyber-security experts. To shed some light on how AI is used in this industry, we’ve asked Cristina Vatamanu, malware researcher at Bitdefender’s Antimalware Labs, to answer a few questions. For the past 6 years, Cristina has demonstrated strong expertise in reverse engineering, exploit analysis, threat analysis and automated systems. She is now pursuing a PhD in Machine Learning theory in malware detection systems at “Gheorghe Asachi” Technical University in Iasi.
What do we actually mean by ‘AI’ when looking at AI-driven cyber security solutions?
In cyber-security, artificial intelligence is implemented through machine learning techniques. Machine learning algorithms give computers the ability to learn and make predictions based on previously acknowledged data.
How does it work?
Bitdefender started integrating machine learning technologies in its detection systems seven years ago. A wide number of clustering and classifying algorithms are used to correctly and quickly answer the quintessential question: “Is this file clean or malicious?” For instance, if a million files needs to be analyzed, those samples can be split into smaller groups (called clusters) where each file is similar to the others. Then all a security analyst has to do is to analyze one file from each cluster and apply the findings to all of them.
How can AI be used to truly enhance security?
This technology showcases its efficiency especially when it comes to dealing with millions of malicious files daily. Security analysts have to scrutinize more than 400,000 new malicious programs daily, according to AV-Test statistics. Traditional detection methods (signature-based systems) lack the ability to be truly proactive in a lot of cases. What’s more, security vendors also deal with third-party specialized services that offer obfuscation mechanisms to help hide malware from traditional AV systems.
The bad guys outnumber the good guys, but machine learning evens the odds.
What are the biggest advantages of implementing machine learning?
Machine leaning scores a high detection rate for new malware released in the wild. The fundamental principle of machine learning is to recognize patterns that emerge from past experiences and make predictions based on them. This helps security solutions to react to new, unseen cyber-threats faster than automated cyber-attack detection systems used today. The technology is also being adapted to fight off sophisticated attacks such as APTs, where threat actors are especially careful to remain undetected for indefinite periods of time.
Does this mean human analysts are no longer needed?
Artificial intelligence is a great cyber-weapon, but can’t handle the burden of fighting cyber threats alone. At least, not yet. Machine learning systems may yield false positives and a human’s decision is needed to retrain those algorithms with proper data.
I believe machines and cyber-security experts need to work together. We, researchers, always keep an eye on how our algorithms are performing, which one is better and under what circumstances an algorithm needs to be modified to give better results. However, machine learning algorithms are, overall, more accurate in assessing potential malware threats from large amounts of intelligence data than their human counterparts. They are also better at tracking down intrusions quickly.
A hybrid approach, where machine-learning is supervised by human analysts, has proven to offer the best results so far.