Hyper connectivity between devices, new technologies such as mass data collection or new forms of communication between intelligent devices generate not only benefits, but also cyber threats. It could be said that there is a direct relationship between the development of new technologies and their application and the number of threats to which they are exposed.
For some time now it has been proposed to use Artificial Intelligence and Machine Learning as means of fighting electronic threats, whatever their type, and although the investment (as we shall see) in this type of solutions has only increased, there are still doubts about the effectiveness of AI and Machine Learning in the fight against computer risks.
Are AI and Machine Learning effective in fighting cyberthreats?
Cyberthreats are not always stable. Over time they change, evolve, and even new forms emerge. This is why Machine Learning is seen as the ideal tool to combat them, given its ability to adapt and learn.
However, solutions based on Machine Learning, and therefore on Artificial Intelligence, are not infallible. It is true that their ability to detect, contain and thwart malware attacks, forms of attacks or suspicious activities already known surpasses existing cybersecurity solutions, but there are still types of cyber attacks against which AI and Machine Learning have no answers.
Machine Learning as a discipline can be broken down into two other sub-disciplines: shallow learning and Deep Learning. Both sub-disciplines have supervised and unsupervised learning systems.
It is important to point out that some studies indicate that Deep Learning is less effective than shallow learning in detecting cyber threats, thanks to the fact that detection patterns are already defined beforehand.
In general, Machine Learning algorithms, whether deep or shallow, supervised or unsupervised, are better able to recognize cyberattacks if they focus on a single threat, rather than several at a time. This means that a virus detection tool will work much better than a tool that promises to end any kind of cyber-threat.
Moreover, in many cases, unsupervised algorithms are responsible for detecting large amounts of false positives.
In conclusion, it can be said that although the advances in Machine Learning applied to cybersecurity are important, these tools are not perfect. They still require a high degree of human supervision, algorithms have to be constantly retrained, and the establishment of recognition parameters cannot be automated.
What threats can’t Machine Learning algorithms fight?
The first of the threats that an algorithm cannot detect (in fact there is no means to do so) are zero-day attacks or attacks unknown until the moment they are executed.
After all, an algorithm cannot detect something it has not been taught to detect, simply because it did not exist until the time of the attack.
On the other hand, the detection of behavioral patterns and anomalies in them, can lead to the detection of false positives if the behavior restriction policy is very broad or vulnerabilities if it is a tighter policy.
At the same time, the choice of data sets is especially important when training a Machine Learning algorithm dedicated to cybersecurity tasks. If the data set does not fully represent the environment to be monitored, attacks are to be expected.
In this sense it is necessary that data sets are not only a record of frequent threats, but also record anomalous and less frequent threats. Otherwise, a Machine Learning algorithm will never identify a rare threat.
Exploiting vulnerabilities is one of the skills of cybercriminals. If they identify that a security system has a unique defense algorithm, they may find ways to circumvent it. That’s why a good cybersecurity system based on Machine Learning has to have several complementary algorithms.
Moreover, one cannot ignore the fact that hackers use the same tools as those who try to prevent their attacks, i.e. Machine Learning. There are already tools such as spear phishing, which through the application of natural language processing generate false messages imitating some of the victim’s contacts to steal their data.
Hackers have begun to use polymorphic malwares, which thanks to Machine Learning can learn to circumvent the cybersecurity measures of a network by learning from the tactics that were successful in previous attacks.
All in all, the market relies on Artificial Intelligence and Machine Learning
The market for cybersecurity applications powered by Artificial Intelligence is alien to the vulnerabilities detailed above and is expected to reach a value of 38 billion dollars by 2026 from the current 9 billion, an annual increase of 23.3%.
It is said that the adoption of IoT, the increase in the number of connected devices, the evolution of cyberthreats, the increased concern for data protection and privacy and the vulnerability of Wifi networks will drive the market to that figure.
The adoption of AI and, by extension, Machine Learning as tools against cyberthreats will become more widespread in the automotive market and in the freight transport sector.
However, the enthusiasm for the adoption of Artificial Intelligence and Machine Learning as the main security measure in digital environments does not seem to be unanimous.
Only a quarter (26%) of consumers in the EMEA region would prefer to entrust their cybersecurity to Artificial Intelligence rather than to a human. Of course, this percentage is higher in the Millennial population (31%) and lower in the Baby Boomers (23%).
When comparing countries, Italy is the country that trusts most in AI, with 38%, while only 21% of Britons would feel comfortable if they trusted their data to AI.
Be that as it may, the main companies in the cybersecurity sector continue to bet on AI and Machine Learning. The latest to announce the implementation of these technologies in their products has been Avast. According to the Czech company, IA’s flexibility coupled with its flexible and autonomous character will significantly improve cyber defenses.
Apart from companies with long experience in the field of cybersecurity, AI is being used by a large number of startups. It seems that one of the prevailing business models among these startups is the creation of applications that allow to visualize and monitor the state of a network in real time.
One of them is the British Darktrace, whose market value exceeds 1.65 billion dollars and whose most prominent customers are the National Health Service, Gatwick Airport and Drax.
Darktrace monitors the behaviour of computers on a network and creates a visualisation through which it can be easily identified that equipment is not working properly.
Another company that emphasizes the development of visualization interfaces to identify threats is Cynet with its Cynet 360 tool.
Conclusions
There are doubts about the infallibility of Artificial Intelligence and Machine Learning as tools to fight cyberthreats. Not even Deep Learning can tackle some of today’s threats.
However, market trends indicate that investors and businesses rely on the effectiveness of these technologies to fight cyberthreats. Consolidated cybersecurity companies and startups bet on the use of Artificial Intelligence and Machine Learning and one of the trends that is being imposed is the creation of visualization tools that allow to see in real time the state of a network of computers or devices.
