AI and ML can be used to conduct Cyber-attacks against Autonomous Cars

Innovative automakers, software developers and tech companies are transforming the automotive industry. Today, drivers enjoy enhanced entertainment, information options and connection with the outer world. As cars move toward more autonomous capabilities, the stakes are increasing in terms of security. As per a report by the UN, Europol and cybersecurity company Trend Micro, cyber-criminals could exploit disruptive technologies, including artificial intelligence (AI) and machine learning (ML) to conduct attacks against autonomous cars, drones and IoT-connected vehicles.

The rapid increase in these technologies inevitably creates a rich target for hackers looking to get access to personal information and control the essential automotive functions and features. The possibility to access information on driver habits for both commercial and criminal purposes, without knowledge and consent, means attitudes towards prevention, understanding and response to potential cyber-attacks require changing.

For instance, stealing personally identifiable information comes into sharper focus when considering virtually all new vehicles on the road today come with embedded, tethered or smartphone mirroring capabilities. Geolocation, personal trip history, and financial details are some examples of personal information that can potentially be stolen through a vehicle’s system using AI and ML.

How Cybercriminals Attack Connected Vehicles

Cybercriminals could conduct attacks abusing machine learning. The technologies are evolving so fast that today autonomous vehicles have ML implemented in them to recognise the environment around them and obstacles like pedestrians must be avoided.

However, these algorithms are still evolving, and hackers could exploit them for malicious purposes, to aid crime or create chaos. For instance, AI systems that manage autonomous vehicles and regular traffic could be manipulated by cybercriminals if they gain access to the networks that control them.

Understanding the threats to connected cars requires knowledge of what cybercriminals are trying to achieve. Hackers will try out different kinds of attacks to achieve unique goals. The most dangerous objective might be to bypass controls in crucial safety systems like steering, brakes and transmission. But cybercriminals might also be interested in obtaining valuable pieces of data that are managed within the car software like personal details and performance statistics. Wherein data can be protected with cryptography, this only shifts the problems from preventing data directly to protecting the cryptographic keys.

If the cybercriminal is trying to steal sensitive data like cryptographic keys, they have to know where to search for them. It usually involves a plethora of reverse-engineering techniques. For instance, the hacker might introduce faults into the compiled code to see how it breaks. Or the individual might look for a string corresponding to an error message related to ‘engine failure’ or ‘anti-lock brake system disabled,’ and trace where that string is used. The individual leverages sophisticated AI techniques to understand the overall structure of the code, where the functions are located.

On the other side, physical access to a device means bad actors can tamper with the application itself. The way this is often done is by making one small change to the application code so it can be bypassed in any number of ways, generally at the assembly language level like inverting the logic of a conditional jump, replacing the test with a tautology or changing function calls to those of the attacker’s own design.

It’s not just road vehicles that cybercriminals could hack by exploiting new technologies such as AI and ML algorithms and increased connectivity; there’s the potential for attackers to abuse machine learning to impact airspace too. Attackers might also consider autonomous drones because they have the potential to carry ‘interesting’ payloads like intellectual property.

Hacking autonomous drones also provide cybercriminals with a potentially easy route to making money by hijacking delivery drones used by retailers and redirecting them to a new location- taking the package and selling it on them.

The post ARTIFICIAL INTELLIGENCE CAN BE EXPLOITED TO HACK CONNECTED VEHICLES appeared first on Artificial Intelligence.

As artificial intelligence (AI) emerges into the mainstream, there is misinformation and confusion about what it’s capable of and the potential risks it constitutes. Our culture is enriched with dystopian visions of human ruin at the feet of all-knowing machines. On the other hand, most people appreciate the potential good AI might do for the civilization through the improvements and insights it could bring.

Though computer systems can learn, reason, and act, these are still in their infancy. Machine learning (ML) needs massive datasets. Many real-world systems such as self-driven cars, a complex blend of physical computer vision sensors, complex programming for real-time decision making, and robotics are needed. For businesses that are adopting AI, deployment is more straightforward but enabling AI to access information and allowing any measure of autonomy brings serious risks that have to be considered.

What risks does AI cause?

Accidental bias is not new with AI systems, and programmers or specific datasets can entrench it. Unfortunately, if this bias leads to poor decisions and even discrimination, legal repercussions and reputational damage may follow. Flawed artificial intelligence design can also leads to overfitting or underfitting, while AI makes too particular decisions.

Establishing human oversight, stringently testing AI systems can mitigate those risks during the design phase. It is also possible by closely monitoring those systems when they are operational. Decision-making abilities must be measured and assessed to confirm that any emerging bias or questionable decision-making is addressed rapidly.

Although these threats are based on unintentional errors and failures in design and implementation, a different set of risks emerges when people intentionally try to subvert AI systems or wield them as weapons.

How can cyber attackers manipulate AI?

Misleading an AI system can be alarmingly easy. Attackers can manipulate the datasets to train AI, making subtle changes to carefully designed parameters to ignore increasing suspicion while slowly steering AI in the desired direction. Wherein attackers fail to access the datasets; they may employ evasion, tampering with inputs to vigour mistakes. These systems can be manipulated into misclassifications by modifying input data to make proper identification hard.

Though checking the accuracy of data and inputs may not prove possible, every effort should be made to harvest data from reputable and verified sources. Bake in the identification of oddity to empower AI so that it can identify malicious inputs. Also, isolate AI systems with preventive mechanisms that make it easy to turn off if things start to go wrong.

How could AI be weaponised?

Cybercriminals can also employ AI to seek assistance with the scale and effectiveness of their social engineering attacks. Artificial intelligence can learn to detect behaviour patterns, figuring out how to convince people that a video, phone call, or email is legitimate. It then can persuade them to compromise networks and hand over sensitive data. All the social techniques that cybercriminals are currently employing could be enhanced immeasurably using AI.

There is another scope to use AI to recognize new vulnerabilities in networks, devices, and applications as they emerge. The job of keeping information secure is made difficult because of brisk identifying opportunities for human hackers.

How to stimulate the company’s security using AI?

AI can be highly effective in monitoring network and analytics, setting up a baseline of normal behaviour, and flagging discrepancies in things such as server access and data traffic immediately. Detecting intrusions beforehand gives you the maximum chance of restraining the damage they can do. Initially, it may be useful to have AI systems flag abnormalities and alert IT departments to investigate. While AI leans and improves, it may be provide the authority to invalidate threats itself and refrain intrusions in real-time.

With a significant lack of information security, AI can shoulder some of the burdens and allow limited staff to focus on complex problems. As companies try to reduce costs, AI is turning into more attractive, aiming to replace people. It will benefit companies and improve with experience, but ambitious companies must plan to mitigate the potential risk of cyber-attacks now.

The post HOW ARTIFICIAL INTELLIGENCE IS CAUSING CYBER ATTACKS appeared first on Artificial Intelligence.

To protect IoT devices and networks in smart building, smart city, healthcare, industrial and critical infrastructure environments against all types of advanced Gen VI cyber-threats, Check Point Software Technologies has introduced its Internet of Things (IoT) Protect solution. This new solution will deliver threat prevention and security management capabilities to block even unknown cyber-attacks at both IoT network and IoT device level, using threat intelligence and innovative IoT-specific security services.

“The number of IoT devices connected to the Internet continues to accelerate and will be 41.6 billion by 2025. Cyber criminals are targeting IoT devices across all industries including medical, industrial, smart building, smart office, so enterprises are making security a high priority. Given the huge volume and variety of IoT devices, organisations need an easy way to deploy security. Check Point’s comprehensive IoT Protect Security solution uses automation and threat intelligence to provide device risk assessment, network segmentation, and threat prevention from the most sophisticated cyber-attacks,” says Robyn Westervelt, IDC’s Research Director, Security & Trust.

As majority of organisations across the commercial, industrial, healthcare and utility sectors have deployed IoT and operational technology (OT) solutions, the cyber-risk has increased significantly as many IoT devices have vulnerabilities and cannot be patched, or use insecure communications protocols. In addition, organisations have diverse estates of devices from multiple vendors, with many shadow devices that are unmanaged and connected to networks without authorisation, so organisations have limited visibility and control of devices and their associated risks. Check Point’s IoT Protect will give network-level security and policy management together with Check Point security gateways, and IoT Protect Nano-Agents, which enable on-device runtime protection. The solution delivers Complete IoT device visibility and risk analysis that identifies and classifies IoT devices on any network through integrations with the leading discovery engines, to expose risks such as weak passwords, outdated firmware and known vulnerabilities, vulnerability mitigation and zero-day threat prevention even on unpatchable devices and intuitive Zero Trust network segmentation and management

To protect IoT devices and networks in smart building, smart city, healthcare, industrial and critical infrastructure environments against all types of advanced Gen VI cyber-threats, Check Point Software Technologies has introduced its Internet of Things (IoT) Protect solution. This new solution will deliver threat prevention and security management capabilities to block even unknown cyber-attacks at both IoT network and IoT device level, using threat intelligence and innovative IoT-specific security services.

“The number of IoT devices connected to the Internet continues to accelerate and will be 41.6 billion by 2025. Cyber criminals are targeting IoT devices across all industries including medical, industrial, smart building, smart office, so enterprises are making security a high priority. Given the huge volume and variety of IoT devices, organisations need an easy way to deploy security. Check Point’s comprehensive IoT Protect Security solution uses automation and threat intelligence to provide device risk assessment, network segmentation, and threat prevention from the most sophisticated cyber-attacks,” says Robyn Westervelt, IDC’s Research Director, Security & Trust.

As majority of organisations across the commercial, industrial, healthcare and utility sectors have deployed IoT and operational technology (OT) solutions, the cyber-risk has increased significantly as many IoT devices have vulnerabilities and cannot be patched, or use insecure communications protocols. In addition, organisations have diverse estates of devices from multiple vendors, with many shadow devices that are unmanaged and connected to networks without authorisation, so organisations have limited visibility and control of devices and their associated risks. Check Point’s IoT Protect will give network-level security and policy management together with Check Point security gateways, and IoT Protect Nano-Agents, which enable on-device runtime protection. The solution delivers Complete IoT device visibility and risk analysis that identifies and classifies IoT devices on any network through integrations with the leading discovery engines, to expose risks such as weak passwords, outdated firmware and known vulnerabilities, vulnerability mitigation and zero-day threat prevention even on unpatchable devices and intuitive Zero Trust network segmentation and management

IoT Protect supports over 1,600 IoT and operational technology (OT) protocols, applications and commands out of the box, and enables compliance best practices for regulations including HIPAA, NERC CIP, GDPR and many others. Its market-leading threat prevention capabilities are powered by Check Point ThreatCloud, the world’s largest and most powerful threat intelligence database. It maintains an open framework of technology partners specialising in the discovery and classification of IoT devices in a variety of verticals.

The post Check Point to protect IoT devices and networks against advanced cyber-attacks appeared first on Artificial Intelligence.

A group of researchers from the US, China, and Saudi Arabia, have demonstrated how artificial intelligence (AI) algorithms can help detect distributed denial-of-Service (DDoS) attacks where other methods fail.

With the number of internet-connected devices growing at an exponential rate and attackers becoming more sophisticated in their methods, finding and filtering out harmful DDoS traffic against web servers is becoming a mounting challenge.

Their method, presented in a paper published on the open science platform Europe PMC, uses deep learning to determine whether network traffic coming from a source is normal or part of a malicious DDoS attack.

The researchers’ findings show that when dealing with large-scale data, deep learning-based detection methods improve speed and accuracy while reducing false alarm rates.

The work focuses on software-defined networks (SDN), a networking paradigm that has gained popularity in recent years.

SDN provides flexible virtualization capabilities that fulfill the growing demands of cloud computing, mobile networks, and internet of things (IoT).

However, SDN and OpenFlow, the protocol often used to enable communications between SDN controllers and network devices such as switches and routers, are vulnerable to DDoS attacks, as many researchers have found.

Rule-based detection failures

The classical way to detect DDoS is to compare incoming network traffic against a predefined set of rules that can separate normal from attack traffic.

But setting rules for DDoS detection is very difficult due to the diversity of DDoS attack schemes and the difficulty of defining thresholds between normal and malicious traffic.

“In practice, there is no clear distinction between normal traffic and attack traffic,” the authors of the paper note, adding that it would practically be impossible for humans to analyze the huge volume of data running through networks to find the correct rules.

Tackling DDoS with deep learning

Instead of manually perusing data, the authors propose to analyze it with deep neural networks (DNNs).

DNNs, which roughly imitate the workings of their biological counterparts, ingest large amounts of data and find relevant patterns, which they transform into complex mathematical representations.

They can then use this model to classify new incoming data or predict the next piece of information in a sequence.

In the case of DDoS, the researchers treat it as a classification problem. The goal of the algorithm is to determine, on a scale of 0 to 1, how likely incoming traffic from a node in the network is malicious, or, as the researchers put it, “judging whether the characteristic data of the OpenFlow flow table is normal or not”.

By analyzing reams of data, a well-trained deep learning model will be able to glean intricate characteristics of safe and malicious traffic that would have otherwise gone undetected to a human analyst.

The neural network was trained on a large dataset comprised of both normal and malicious table entries, and then tested against five different types of DDoS attacks, including various traffic flooding attacks and slow-connection HTTP attacks, where attackers try to bog down a server by sending it very lengthy requests.

As is true for most deep learning uses, developing a reliable DDoS detection model depends largely on gathering enough quality training data.

As the authors note:

In the case of a small data scale, the relevance ratio of the DL model in the face of flooding attacks has a slight advantage [in comparison to traditional detection methods], but it has not shown its detection advantage in other aspects. The detection performance is not outstanding.

But as the system was scaled to larger datasets, the researchers found that the deep learning model eventually became more accurate and made fewer errors than other established DDoS detection tools, including those based on other machine learning algorithms, including support vector machines (SVM) and decision trees.

Human support needed

Deep learning systems are very good at handling classification and prediction tasks, as long as they’re dealing with data that is statistically similar to their training examples.

But as soon as they meet novel situations that vary from what they’ve previously seen, they behave in unexpected ways.

“Although some achievements have been obtained in this research, there are still some shortcomings,” the authors of the paper note. “The DL model of this research also needs a certain degree of human adjustment, and it cannot be completely intelligent.”

The paper has not been peer-reviewed, and the authors have not released the code and data for examination by industry experts, so it’s hard to independently verify the accuracy of their model.

But using machine learning algorithms to address the growing threat of DDoS attacks has become a growing area of interest, and several projects have already shown promising results.

Other efforts in the field range from simple machine learning models that detect compromised IoT devices in networks to SVM models that analyze OpenFlow tables for malicious behavior.

The post Going deep: How advances in machine learning can improve DDoS attack detection appeared first on Artificial Intelligence.