Artificial Intelligence Against Hackers: How AI Startups Race To Fight Cybercrime

Pauline Macapagal

Like the human immune system, artificial intelligence can detect the threat of cyber attacks and prevent them from spreading any further. With advancements in machine learning technologies, many cybersecurity startups are racing ahead to stop cyber attackers.

In an increasingly digital environment, businesses are creating more technology-related services and become more vulnerable to cybercrime. Financial institutions offer online and mobile banking, healthcare systems rely on IoT-connected patient devices, and retail companies keep improving their CRM systems. A lot of these systems and devices are prone to potential cyber attacks, meaning that businesses are in need of powerful tools to guarantee their security. The appearance of this market need has meant that many startups and established brands have begun developing AI-powered, machine learning (ML) technologies to detect and respond to cyber threats across different environments.

In the past, many network security software solutions have been signature-based, meaning they have looked for specific malicious programs and monitored networks or devices with their specific signature. New security tools based on machine learning technologies present a much more holistic view of the complex network infrastructures. These security solutions work like the human immune system where they recognize foreign objects and unusual patterns of behavior. Like a ‘digital antibody’, they then prevent or contain threats from spreading further in networks. New security tools based on artificial intelligence learn what to watch out for and how they should react to different situations.

As many businesses are shifting to cloud computing service providers, they are also turning to AI-based cybersecurity startups to improve their network security. Cybersecurity industry leaders like Palo Alto Networks, Fortinet and Cisco Systems are ones of the few companies wanting to develop their own AI tools from scratch, while many cybersecurity startups like Crowdstrike, Darktrace, Anomali, Cybereason, and Jask are also progressively making advancements in developing cybersecurity solutions.

Artificial Intelligence as a Security Tool

Unlike diagnosing a detection as ‘malicious’ or ‘benign’, AI algorithms determine varying degrees of potential threats, enabling users of the system to rank alerts and give priority to those that need urgent action. Lauren Koenig, the Vancouver Regional Manager of Darktrace, notes that their Enterprise Immune System can function autonomously against impending cyber attacks with minimal human input. Their system allows AI algorithms to do independent adjustments and self-regulation as it evolves through deep learning.

In taking inspiration from the human immune system, the Enterprise Immune System is capable of learning the ‘self’ and its ‘pattern of life’. In learning what constitutes ‘normal’ and not normal, the system is able to remove traffic of false positives and neutralize cyber threats before there is time to cause damage. “Your own immune system has an innate sense of self. It knows who you are and who you’re not,” Koenig tells us at the Vancouver Cybersecurity Conference last week. “So when something gets passed your skin, your firewall is able to detect that it’s not you, and tell your body that it needs to respond, and that’s exactly what we do for your network.”

Similarly, Google has also set up its own cybersecurity business. When it comes to spam and phishing, Gmail uses machine learning techniques which filter through emails, malicious activity, and fake documentation. With deep learning approaches, it’s able to prevent violent images, remove inappropriate comments, and detect phishing, malware and fraudulent payments in the Google Play Store. But as hackers become more sophisticated with their cyber attacks, Google must constantly adapt its automation and machine learning technology.

For example, to further improve its phishing-detection performance, Google delays sending Gmail messages to recipients in order to perform a more detailed phishing analysis. In doing this, phishing attempts are more easily detected, especially when groups of data come in overtime and algorithms are updated in real-time.

In regards to protecting business data, Gmail prompts you with a warning when you’re about to send replies to external email addresses. It asks you if you really intended to send it, and this usually happens with email contacts you don’t regularly communicate with. Google also offers a sophisticated set of filters in an attempt to prevent unintended (and sometimes intended) data sharing.

Another cybersecurity firm called Cylance offers security endpoint services to thwart malware and ransomware. This includes threat prevention for networks that are accessed through remote devices such as laptops and cell phones. Cylance has built a system that identifies and learns how a malicious file works in order to prevent them from being executed.

Though artificial intelligence requires minimal human input, the very best machine learning systems incorporate both deep learning and supervised learning approaches. One of the strengths of an ML system is the ability to understand what is ‘normal’ and to flag foreign or unusual objects that attempt to enter a network. But supervised learning and the ability to ask for verification from a human adds a strengthened layer of security.

Artificial Intelligence in Action

Cybersecurity firms have deployed their solutions and helped numerous companies, managing threats in ransomware, data manipulation, malicious cryptomining, data theft, denial of service attacks (DDoS) and many more.

For example, a casino in North America had an IoT-connected thermostat installed in its fish tank which automatically regulated its water temperature, salinity and feeding schedules. Since this internet-enabled device was connected to the rest of the casino’s network, a cyber attacker was able to break in through this thermostat and gather important data. Once an AI security system was installed, it was able to quickly detect this suspicious activity since it wasn’t ‘normal’ behavior, and the attack was prevented from progressing further.

In another cybercrime case, an employee from a large telecommunications firm downloaded a malicious file on a Friday night from his personal email on his work phone. The AI cybersecurity system installed in the network was able to identify the fast-acting ransomware that was deployed and took immediate action to stop all encryption attempts. Though this happened at the weekend when the security team were away, the AI system was working autonomously to prevent the attack while still allowing normal network operations to continue.

The Future of AI Cybersecurity

With a unique combination of high-class artificial intelligence, cybersecurity expertise and highly effective business models, AI cybersecurity companies continue to grow. Though the hope is to run fully-automated AI systems to fight against cyber attacks, the best ones still incorporate both deep learning and supervised machine learning. This lets the artificial intelligence systems operate autonomously, whilst allowing humans to provide verification and feedback. Cybersecurity firms continue to expand in regions with a high demand for network security solutions to meet the growing demand to fight cybercrime.

You can follow more details on the Vancouver Cybersecurity Conference on social media using #DCCyberShowVancouver.