Artificial intelligence, however you define it, has been a central topic of conversation in tech circles in recent years. Everything from AlphaGo's victory over a champion human player in the game of Go, to the emerging controversy over how algorithms are used to curate news on Facebook, have kept AI in the spotlight.
While it often is presented in a futuristic guise (e.g., a Go-playing computer), AI is everywhere in more mundane forms. Virtually any Web user is going to have a run-in with "AI" when he or she sees a targeted ad. On the less appealing side, there are the numerous bots that power botnets such as SIMDA, which was taken down by Trend Micro and others in 2015.
SIMDA in particular used malware to automatically modify HOST files and check for the presence of cyber security software that might detect it. With more cyber criminals turning to automation and AI to increase the potency of their attacks, is it time that security solutions followed suit?
How AI could change the malware state-of-the-art
Today's malware is undoubtedly menacing, but the bulk of it is not self-aware in the way that, say, a game-playing AI with machine learning capabilities is. As such, it requires human guidance and, frequently, the presence of command-and-control infrastructure.
"Malware, unlike future artificial intelligence, is generally not self-aware and requires direction from an attacker to function well," explained Marco Dela Vega in a 2014 post for Trend Micro TrendLabs. "That's where C&C servers come in. While these are commonly thought of as limited to use by botnets, that is less true than it is today: Many different threats require C&C servers to function correctly today, not just botnets."
Even under these circumstances, discovering and dealing with C&C servers can be difficult. A slew of threats, from the ZeuS banking Trojan to the CLACK adware, took advantage of cloud computing infrastructure to disguise their activities. Others have utilized domain generation algorithms churn out up to 50,000 domains a day, overwhelming traditional blacklist-based solutions (this technique was pioneered by Conficker).
Indeed, the prospect of simply being overwhelmed by the scope of the malware threat, especially once AI enters the picture more fully, is one of the best cases for pushing back with AI-assisted security tools:
- As of April 2015, around 1 million new malware threats were emerging each day, according to Verizon and Symantec estimates.
- Cisco has projected that worldwide IP traffic will surpass a zettabyte (1000 exabytes) by the end of 2016 and then double by 2019.
- Even large organizations such as Home Depot, which was breached in 2014, are often understaffed and unable to keep up with the number of attacks against their networks.
AI for security: A look ahead
The White House and the Pentagon's DARPA research wing have turned their attention to AI in recent months, citing the need to comb through the massive amounts of data about new and old threats. While humans excel at tasks like analyzing unusual activity, they are not as good at handling information at tremendous scale.
Enter AI. A startup called PatternEx has shown how AI might look like in a starring role in cyber security. Without any supervision by humans, it can still use its algorithms to identify abnormalities across the network, although intervention is still needed to respond to attacks.
AI will likely play a growing role until then, but enterprises don't have to wait to keep their assets safe. Use cloud security systems to protect against even the most advanced threats in real-time.