Cyber Security

IN ARTIFICIAL INTELLIGENCE
Artificial Intelligence
ARTIFICIAL INTELLIGENCEORAI IS THE INTELLIGENCESHOWN BY
MACHINES. WHEN ANY MACHINEBECOMESAWAREOF ITSSURROUNDINGS
AND DOESSOMETHINGKEEPING THAT IN MIND IN ORDERTO ACHIEVE
SOMETHING. USUALLY THETERM ARTIFICIAL INTELLIGENCEISUSED WHEN A M
ACHINEBEHAVES LIKEA HUMAN IN ACTIVITIESSUCH AS PROBLEM
SOLVINGOR LEARNING, WHICH ISALSO KNOWN AS MACHINELEARNING. AI IS
A SCIENCEAND TECHNOLOGY BASED ON DISCIPLINESSUCH AS:
COMPUTERSCIENCE, ENGINEERING, PSYCHOLOGY ETC.

THE MAIN GOAL OFARTIFICIAL INTELLIGENCE IS TO CREATEA TECHNOLO GY TH

AT ALLOWSCOMPUTERSAND MACHINES TO FUNCTION IN AN
INTELLIGENT MANNER. THE ENTIREPROBLEM HAS BEEN BROKEN DOWN I
NTO THE FOLLOWINGSUB-PROBLEMS
· LEARNING
· NATURAL LANGUAGEPROCESSING
· REASONING AND PROBLEM SOLVING
· PLANNING
· CREATIVITY
Cyber Security
CYBER-SECURITY IS THE PRACTICEOF DEFENDING COMPUTERS, SERVERS,
MOBILEDEVICES, ELECTRONICSYSTEMS, NETWORKS, AND DATA FROM
MALICIOUSATTACKS. IT' SALSO KNOWN AS INFORMATION TECHNOLOGY
SECURITY OR ELECTRONICINFORMATION SECURITY. THE TERM APPLIESIN
A VARIETY OFCONTEXTS, FROM BUSINESS TO MOBILECOMPUTING, AND C
AN BE DIVIDED INTO A FEW COMMON CATEGORIES.
• N E TW O R K SE CU R ITY IS THEPRACTICEOFSECURING A COMPUTER N
ETWORK FROM INTRUDERS, WHETHERTARGETED ATTACKERSOR OP
PORTUNISTICMALWARE.
• IN FO R MAT IO N SE CU R ITY PROTECTS THE INTEGRITY AND PRIVACY OF
DATA, BOTH IN STORAGEAND IN TRANSIT.
• D I SA ST E R R E C OV E R Y A N D B U SI N E SS C O N TI N U I TY DEFINEHOW AN
ORGANIZ ATION RESPONDS TO A CYBER- SECURITY IN CIDEN T ORANY
OTHER EVENT THAT CAUSES THE LOSSOFOPERATIONSOR DATA.
DISASTERRECOVERY POLICIESDICTATEHOW THEORGANIZATION RE
STORESITSOPERATIONSAND INFORMATION TO RETURN TO THE
SAMEOPERATINGCAPACITY AS BEFORE THE EVENT. BUSINESS
CONTINUITY IS THE PLAN THEORGANIZATION FALLS BACK ON WHILE TR
YING TO OPERATE WITHOUT CERTAIN RESOURCES.
The scale of the cyber threat
The U.S. government spends $19 billion per year on cyber-security but warns that
cyber-attacks continue to evolve at a rapid pace. To combat the proliferation of
malicious code and aid in early detection, the National Institute of Standards and
Technology (NIST)recommends continuous, real-time monitoring of all electronic
resources.
• The threats countered by cyber-security are three-fold:
• 1.Cybercrime includes single actors or groups targeting systems for financial
gain or to cause disruption.
• 2. Cyber attack often involves politically motivated information gathering.
• 3.Cyber terror is intended to undermine electronic systems to cause panic or
fear.
Common methods attackers use to control computers or networks include viruses,
worms, spyware,Trojans, and Ransom ware. Viruses and worms can self-replicate
and damage files or systems, while spyware and Trojans are often used for
surreptitious data collection. Ransom ware waits for an opportunity to encrypt all
the user’s information and demands payment to return access to the user.
Malicious code often spreads via an unsolicited email attachment or a legitimate-
looking download that actually carries a malware payload.
Cyber-security threats affect all industries, regardless of size.The industries that
reported the most cyber attacks in recent years are healthcare, manufacturing,
finance, and government. Some of these sectors are more appealing to
cybercriminals because they collect financial and medical data, but all businesses
that use networks can be targeted for customer data, corporate espionage, or
customer attacks.
Artificial Intelligence for Cyber security
• The next generation of cyber security products are increasingly incorporating
Artificial Intelligence (AI) and Machine Learning (ML) technologies. By training
AI software on large datasets of cyber security, network, and even physical
information, cyber security solutions providers aim to detect and block
abnormal behavior.
• There are different approaches to using AI for cyber security, and it is
important first to determine which is appropriate for the organization. Some
software applications analyze raw network data to spot an irregularity, while
others focus on user/asset/entity behavior to detect patterns that deviate from
normal. The types of data streams, how they are collected, and the level of
effort needed by analysts all vary by approach.
Artificial Intelligence for Cyber security
• Cyber security solutions utilizing AI and ML can greatly reduce the amount of
time needed for threat detection and incident response, often being able to
alert IT staff of anomalous behavior in real time. These technologies also help
reduce and prioritize traditional security alerts, increasing the efficacy of
existing investments and humananalysts.

• Attackers are also using AI and ML to better understand their targets and
launch attacks.AI increases the ability of defenders to identify attacks, but it
may also help hackers learn about a target’s vulnerabilities.
Which types of artificial intelligence
applications are being used in cyber security
solutions?
It is up to human imagination. For the sake of clarity, following application categories
can be examined:
• Spam FilterApplications (spam assassin)
• Network Intrusion Detection and Prevention
• Fraud detection
• Credit scoring and next-bestoffers
• Botnet Detection
• Secure UserAuthentication
• Cyber security Ratings
• Hacking Incident Forecasting
How can an artificial intelligence application
that does malware analysis be used?

It’s possible to detect a software whether is a Malware or a normal software with

artificial intelligence. In order to develop an artificial intelligence application that
does malware detection the first thing to do is to determine some distinctive
features. In addition of some harmless software and some malware to those
features, thesystem is trained.
Here are some features to use in analyzation of a software:
• AccessedAPIs.
• Accessed fields on thedisk.
• Accessed environmental products (camera, keyboard etc.)
How can an artificial intelligence application
that does malware analysis be used?

• Consumed processor power.

• Consumed bandwidth.
• Amount of data transmitted over the internet.
By using the distinguished features, the system is built. Once you give a test
software to the system, it tries to detect whether the software is a malware or
not by analyzing these distinguished features.
Is artificial intelligence(AI) used to detect cyber
attacks, how is its success rate?

Of courseAI can be used to detect cyber attacks. There are plenty of academic
researches about detecting cyber attacks using artificial intelligence. The
success rate of those researches varies between 85% and 99%.
In the last few years, in addition to academic researches, some products have
been improved to detect cyber attacks with the help of artificial intelligence like
DarkTrace. DarkTrace claims to have more than 99% of success rate and it also
has a very low rate of false positives.
Are there any companies that develop cyber
security applications using artificial
intelligence?
There are lots of companies that develop cyber security applications by using
artificial intelligence. The companies that started early focusing on this domain
started worthing more in a very short time. Here are the example.
Dark trace, the company that was founded in 2013, developed a product that
does anomaly detection on a network with machine learning. The company is
now worth 825 million$. CYLANCE, the company that was founded in 2012,
developed a product to prevent advanced level of cyber threats. The company is
worth 1 billion $now.
Examples of the machine learning algorithms
which are being used to develop cyber security
applications
Spam assassin, for instance, is a project that is an open source code and it does
spam mail filtering. Spam assassin makes a feature list in order to control if an
email is a spam mail or not. Extracted features from an analyzed email is
processed with Naive Bayes algorithm. The most common algorithms in cyber
attack systems are, Random Forest, Decision Tree, Support Vector Machines etc.
In the last few years, the most commonly used machine learning algorithm is
without a doubt, Deep Learning algorithm. Deep learning is a machine learning
algorithm that uses artificial neural networks. Nowadays, most of the companies
that do artificial intelligence researchers use this method.
Is it possible to detect cyber attacks before
they happen?

In order for a cyber attack to be successful, there are some steps to follow
successfully. These steps are called “Cyber Kill Chain”. Attackers might leave
some traces in some of these steps or they can access information about the
targeted company that was leaked before, while they’re in information
acquisition phase. We can see similar situations like this one. Preventing these
kind of situations is only possible if you observe your company constantly with
the eyes of an attacker. In addition to that, knowing what the attackers can find
when they do their research about your company beforehand, and as a result,
takingprecautions prevents these situations.
Norm shield Cyber Risk Scorecard, scans most of the information about your
company, that can be accessed via internet.
Some of the information that can be accessed about your company are:
• Posts that target your company in dark forums or social media.
• Leaked information about your company’s customers and employees. (e-mail,
passwords, credit card information etc.)
• Phish website, mobile and desktop applications about your company.
If you know your virtual existence well and can manage it, you can reduce the
risk of being affected from a cyber attack. Cyber Risk Scorecard, gives you the
possibility to access information about your company from various sources and
lets you manage that data which results to taking precautions.
Advantages of Artificial Intelligence
• Organizations face millions of threats each day making is impossible for
security researcher to analyze and categorize them. This task can be done by
using Machine Learning in an efficient way.
• By finding a way to work towards unsupervised and supervised machine
learning will enable us to fully utilize our current knowledge of threats and
vectors. Once those are combined with the ability to detect new attacks and
discover new vulnerabilities, our systems will be able to protect us from threats
is a much better and efficient way.
• Another benefit of using AI based machines is that, in theory, these systems
would work in a more calculated approach and in a more accurate way
resulting in eliminating human error. Additionally, these systems could work
simultaneously on various tasks, monitoring and protecting a vast number of
devices and systems.They can therefore mitigate large scale attacks
Disadvantages of Artificial Intelligence
• The biggest disadvantage of anyAI based system is that we cannot predict
what it’ll do. If fallen into the wrong hands, the result could be fatal and a
whole different level can could do more damage than good.
• A super-intelligent AI will be really good at completing goals, but, if those
goals aren’t aligned with ours, we’ll have a problem.AI in security systems had
foregone the utilization of valuable analyst skills and therefore didn’t benefit
from humanfeedback.
• Even though the initial concerns about the development onAI in cyber security
may revolve around concerns about eliminating the much needed human
expertise, intuition and judgment, the real disadvantage of artificial
intelligence is its unpredictability.
Thank You