Businesses today continue to be bombarded by an increasing number of cyberthreats, as hackers become adept at identifying and exploiting vulnerabilities in security systems. A survey by the World Economic Forum ranked data theft and large-scale cyberattacks 4th and 5th in a list of the biggest risks facing our world. With cybercrime regularly hitting the headlines, regulators are implementing new security guidelines and costly fines for violations. Adding to the pressure are consumers who are increasingly prepared to abandon business with a company if they’ve been hit by a data breach. Businesses can’t afford to turn a blind eye to cybersecurity, which has now become a top priority for enterprises.

Attack vs defence: where things stand

The growth of IoT over the last decade has meant that thousands, if not millions, of devices are now contributing to network traffic, and all are potential entry points for attackers. With Gartner predicting that there will be 20.4 billion connected devices by 2020, the potential for unprecedented exposure is only going to continue. Furthermore, the more devices on a network, the more data security analysts have to wade through, making identifying potential threats harder than ever – especially when reports suggest that UK businesses faced a cyberattack every 50 seconds in the second quarter of 2019. While we’re seeing increased awareness around the threat IoT devices can pose, worryingly, cyberattacks on IoT devices have already increased by 300 per cent in 2019.

Compounding the vulnerabilities IoT devices can bring to networks is the nature of cybercriminals, who are constantly evolving their attacks which are becoming increasingly targeted and sophisticated. Furthermore, they’re also collaborating in marketplace environments, sharing tips and advice on how to launch attacks that will cause the most damage.

Most enterprises still rely on traditional approaches to network security to defend against threats. This approach relies on feeding historical data – i.e anomalous activity that was suspicious or malicious – into a learning algorithm so the system knows what to look out for in the future. This enables the system to flag suspicious activity that corresponds to historical data to security teams, and prevent such attacks slipping through the net.

However, this approach is no longer adequate in today’s evolving threat landscape, because it hinders an organisation’s ability to investigate activity that hasn’t been seen before, causing them to miss new attacks. Furthermore, behaviour that is deemed “normal” or “good” within an organisation is constantly evolving, and businesses have to be able to adapt in real time. This legacy approach to network monitoring also places additional stress and burden on security analysts, who don’t have the capacity to sift through the vast amounts of data collected by businesses and identify threats.  It’s no surprise that 56 per cent of senior executives think their cybersecurity analysts are overwhelmed by the sheer volume of data points they need to analyse to detect and prevent threats.

The result? Businesses that can’t identify new and sophisticated attacks, and attackers who are spending an average of 6 months within a network. Clearly, when it comes to enterprise anomaly detection, a change is needed.

Advanced detection: Deep learning & network monitoring

Deep learning powered network monitoring represents a solution to the problem. Increasingly seen as the next generation technology in network monitoring, deep learning is driven by unsupervised algorithms that continuously analyse an organisation’s regular behaviour in order to identify abnormalities. The algorithm is instructed to survey its own infrastructure and proactively search out and unearth the unknown, rather than the known “bad”. This allows businesses to detect unseen threats and take a proactive approach to cybersecurity.

Another advantage of deep learning algorithms is that they have the capability to sift through millions of pieces of data simultaneously in near real-time. The ability to identify anomalous patterns in vast data sets means deep learning network monitoring can perform a level of analysis that’s impossible for humans alone to replicate.

Empowered by deep learning tools, analysts are able to focus on the most rewarding part of their job: the investigation and detection of complex malicious activities. By accelerating access to the information, teams can collaborate and focus on understanding the root cause and the total extent of campaigns against organisations. As a result, security teams’ efficiency is boosted, stress is reduced, cybersecurity analysts’ work is highly valued and the overall organisation security is strengthened.

Businesses can no longer rely on traditional network monitoring methods that provide an inherently binary view of cybersecurity that focuses on good vs. bad behaviour. The volume of data collected by businesses is growing exponentially, and at the same time, cyberthreats are becoming increasingly sophisticated. Add in the fact that cybersecurity teams are under increasing pressure to do more with less and it’s easy to see why enterprises have historically been on the back foot.

Ultimately, deep learning transforms network security from a passive system that is fed seen behaviour, to an active solution that can detect threats in real-time and uncover things not seen before.

The post Boosting enterprise security with deep learning appeared first on Artificial Intelligence.

Ben Gurion, the main international airport in Israel, is one of the most protected airports in the world. It is known for its multilayered security. On the way from the office to the airport, you get caught in the lens of airport cameras. The road curves several kilometers to the terminal, and when you are driving, the security system has enough time to analyze your identity. In case of any signs of danger, you will be intercepted. The system of behavior anomalies analysis in computer systems works the same way. The implementation of these systems is effective in defense. While a perpetrator is running certain commands, an AI-based system can stave off any damage, having identified an intrusion.

AI deployment is not so rosy in the world of cybersecurity. Hackers move forward and adopt it as well. The U.S. intelligence community reports that artificial intelligence actually works in cybercriminals’ favor.

Let’s go over a few areas for hackers deploying machine learning and find out which cybersecurity measures should be taken.

Data Gathering

Every single breach starts with data gathering. Hackers maximize the chances of success by gaining more information. They classify users and select a potential victim thoroughly using several classification and clustering methods. This task can be automated.

How can you protect yourself from being their victim? It goes without saying that your personal information must not be available in open sources, so you should not publish an awful lot of information about yourself on social networks.

Phishing

Neural networks can be trained to create spams that resemble a real email. However, in order for this to work, it is better to know the sender’s behavior. This can be achieved through network phishing that provides hackers with easy access to personal information. Research from BlackHat about automated spearphishing on Twitter proves this idea. This tool can increase the success of phishing campaigns up to 30% — which is twice as much as traditional automation and similar to manual phishing.

How can you protect yourself from phishing? You could just mail a question to a sender. Hackers have become savvier, however, and can analyze your message and respond appropriately so that you are sure that the account is not compromised. Nowadays systems are not complicated but it will not be long before smart chat bots communicate with you like your friends do.

The most actionable recommendation is to ask the user through other channels and messengers if he or she sent the message. There is little chance that several of his or her accounts are compromised at once.

Voice Fabrication

The new generation of AI-based companies like Lyrebird can create fake audio files and videos that can mimic any voice. It can help perpetrators in social engineering.

Frankly speaking, it seems nothing can protect you from these wild tricks, as believing that everything that is written or spoken is fabricated undermines confidence in all the information you receive.

CAPTCHA Bypass

A simple captcha test can be automatically resolved. Some computers promise over 98% accuracy. “I’m Not a Human: Breaking the Google reCAPTCHA” is a fascinating paper that was delivered at a BlackHat conference.

How can you protect yourself? Object recognition captchas are dead. If you choose a captcha for your website, it is better to try MathCaptcha or its alternatives.

Password brute force is yet another area where cybercriminals can deploy machine learning. You might hear about a neural network that generates texts based on the trained texts. You can give this network, say, a list of Eminem’s songs, and it will create a new song.

The same idea can have wide applicability to generating passwords. Researchers at MIT have taken this approach, applied it to passwords and received good results. An approach that was mentioned in one of the latest papers called “PassGAN” represents GANs (Generative Adversarial Networks) to generate passwords. Cybercriminals consider this idea a more promising one after recent reporting from 4IQ suggesting the existence of a database of 1.4 billion passwords from all breaches.

Use complicated passwords and exclude simple ones. Avoid those from the database. The only secure random passwords are those built on shortened sentences and mixed with special characters.

Malware

In 2017, the first publicly known example of AI for malware creation was proposed at Peking University in Beijing, when the authors created a MalGAN network.

It resembles our reality, where viruses mutate resulting in new flu epidemics. What counts here is that people who care about their health catch them less. The same happens with computers. Regular hygiene, or in the online, never visiting insecure sites, saves people from viruses most of the time.

Cybercrime Automation

Savvy hackers apply machine learning to other areas. In certain criminal tasks, there something called Hivenet, which refers to smart botnets. If cybercriminals manage botnets manually, Hivenets can change behavior depending on circumstances. They resemble parasites living in devices and deciding who will be next to use victims’ resources.

It is essential to change a default password to protect IoT devices from most attacks.

Conclusion

The ideas above are only some examples of the ways hackers can use machine learning.

Aside from using more secure passwords and being more careful while following third-party websites, I can only advise paying attention to security systems based on AI in order to be ahead of perpetrators. A year or two ago, everyone had a skeptical attitude toward the use of artificial intelligence. Today’s research findings and its implementation in products prove that AI actually works, and it’s here to stay.

The post Seven Ways Cybercriminals Can Use Machine Learning appeared first on Artificial Intelligence.

It was 1956 when attendees at the Dartmouth conferences created the field of Artificial Intelligence (AI), opening the storm gates for creativity and imagination in Hollywood, and across the scientific world. Everyone wanted to know if AI would be the key to our civilisation’s future or the key to open Pandora’s box, enabling robots to wreak havoc upon mankind. Since then AI has exploded into our lives and language as graphic processing units (GPUs) have made parallel processing faster, cheaper and more powerful. Processing power, combined with enormous amounts of data and nearly infinite storage of information, has launched us into unimagined applications of AI.

AI has not evolved into the broad, general use originally imagined in 1956, when scientist and citizen alike imagined AI would enable machines to capture “every aspect of learning or any other feature of intelligence…,” and ultimately outthink humans in every aspect of our lives. The concept was unworkable due to the enormous amount of computing power needed to parse, store, identify or tag the information, and then retrieve it. AI has evolved much more narrowly through two key subsets, or subfields: that of machine learning and deep learning, which have given us the breakthroughs we enjoy today.

As scientist began addressing limitations in technology, they slowly developed the pathway for machine learning throughout the 1980s and into early 2000s, enabling machines to take data and “learn” for themselves by focusing more directly on the issue of using algorithms to parse the data, learn from it, and then make a prediction or take an action concerning the world. Early machine learning approaches included the use of ‘decision trees’ for learning, inductive logic programming, clustering, reinforcement learning, and Bayesian networks. None of these approaches achieved the envisioned AI goals. A machine learning concept known as ‘computer vision’ did, however, develop as one of the machine learning applications with very useful potential for operations. By hand-coding classifiers, such as edge detection filters, computer programmes could identify objects such as road signs from the sign’s shape, colour or recognition of the letters. From these recognition classifiers, computer scientists could then develop algorithms categorising particular signs, thereby enabling the machines to “learn” to differentiate between them, so as to “think” about taking a particular action. This approach worked great under certain, ideal conditions but until recently was too inflexible or error-prone to be of much practical help in foggy, rainy, or snowy conditions.

It was not until 2010 when ‘Deep Learning’ was introduced that AI, using narrow AI in which machines are skilled at one particular task, really began to take off. Deep learning uses some machine learning techniques to solve problems through the use of neural networks that simulate human decision-making. Only through the advent of massive “big data” sets to train the machines to identify the huge number of parameters used by a learning algorithm have we been able to make advances in this field. Previously, programmers provided a set of rules by which the algorithms operate. By being able to quickly sort through huge amounts of data to recognise certain characteristics, deep learning has enabled us to advance text-based searches, provide fraud detection, spam detection, and handwriting recognition as well as conduct image searches, speech recognition, and street view detection.

Because of these advances, machines can be trained in image recognition in some scenarios to provide better recognition than humans. These applications have been used to identify indicators for cancer in blood and tumours through MRI scans. They have also been demonstrated in Google’s AlphaGo game, where DeepMind AI beat world champion Lee Sedol in four out of five games of the Chinese game Go. Advances in synthesisable AI by resear­chers at Louisiana State University in collaboration with Florida International University are enabling other applications to be incorporated in driverless cars, pharmaceutical preparation, preventative healthcare and a variety of other programmes.

Andrew Ng, an AI pioneer at Google and an adjunct professor at Stanford University, recently said, “AI is the new electricity, with the capacity to transform every major industry”, and our lives.

Fighting crime

Digital forensics and the fight against crime will be no exception to the rule, as criminals incorporate more advanced cyber methods to commit crime and law enforcement agencies push to gain a counter-advantage. Digital Evidence & Electronic Signature Law Review published a study asserting, “Digital forensics is an area that is becoming increasingly important in computing and often requires the intelligent analysis of large amounts of complex data…AI is an ideal approach to deal with many of the problems that currently exist in digital forensics.”

Deep learning is finding its way into the development of sophisticated systems for DNA sequence matching, innovative new methods for cybercrime detection using mobile devices, and for assisting with identity recognition, digital and physical signature recognition, and terrorists’ cyber operations. Researchers at Florida International University’s School of Computing and Information Sciences are collaborating with a team at the University of Florida to develop new hardware and tools to assist forensics experts in the field by providing advanced technology for data collection, identity verification and evidence processing of biometric data.

This is an exciting new area that will increasingly touch our lives over the next few years. The revolution has begun!

The post AI and Deep Learning: new revolution in digital forensics appeared first on Artificial Intelligence.

Machine learning is perhaps the hottest buzzword in cybersecurity today. The artificial intelligence technology is deployed by cybersecurity firms in an effort to keep pace with the evolution of cyberattacks, as machine learning algorithms are able to improve predictability the more it is used.

But according to Guy Caspi, CEO of cybersecurity company Deep Instinct, machine learning is no longer enough in an age of unprecedented evolution and volume of cybercrime.

G DATA researchers recently found that last year a new malware specimen surfaced every 4.6 seconds. In the first quarter of 2017, it reduced to every 4.2 seconds, meaning millions and millions of new malware surfaced every year. Data from the IT-Security Institute found 127.5 million malware samples last year, and while there is evidence that number may decline for 2017, researchers warned that these cyberattacks are becoming more sophisticated.

“We are living in this reality when, five years ago, you had only 10,000 new malware per day,” said Caspi in a recent interview with PYMNTS. “It was digestible by the big vendors. But today, it’s mission impossible.”

Considering this volume, machine learning can no longer adequately rise to the cybersecurity demands of today’s large organizations, the executive said.

That’s because with machine learning, you still need human intervention to identify what the algorithms are supposed to be looking for.

“In machine learning,” Caspi explained, “you still need pre-processing of someone who knows very well what you want to implement. For example, if you’re looking at facial recognition, you need someone able to identify, in every face, the specific features that are important to differentiate this face from any other face. This process is still done manually.”

Experts that know exactly what they want an algorithm to identify will see a good result when implementing such a tool, the executive noted. But this is time- and resource-intensive, and with attacks flooding in, time and resources are of the essence.

Dependence on human intervention is also quite inefficient, Caspi noted.

“We as humans only think in linear patterns. This is how our [brains have] been built,” he said. “In cyber, and many other domains, the most complex problems, ideas, attacks or vulnerabilities are coming from non-linear patterns.” Further, he continued, by having a human decide what these algorithms need to detect, they are unable to cover their bases when a new type of attack emerges.

Today’s cybersecurity offerings are also inefficient when it comes to what to do when a possible threat has been detected. It takes several minutes in the cyber defense process to open a file that could contain malicious malware once it’s been identified by cybersecurity software, and then the decision has to be made as to whether there is a legitimate threat or not.

“It takes a very long time to digest in corporate America, in which there are tens of thousands of employees and millions of files,” Caspi said. Machine learning-based solutions have to have a human tweak the technology to constantly stay up-to-date with what it should be searching for, sometimes based on attacks that have already happened.

Here’s where Caspi said deep learning improves upon some of these challenges: The technology allows algorithms to determine themselves what they should be looking for, meaning deep learning can be more agile as more and different malware comes onto the scene to threaten corporate security.

“You don’t need to decide in advance what you are looking for,” he said. “You don’t have limitations like this. We don’t open any file to scan every piece for information.”

The CEO highlighted the recent NotPetya attack, which he said Deep Instinct was able to block without any pre-processing, and without any prior history of the attack in its systems.

“This proves that deep learning is resilient to these new mutations of malware,” he said.

But the challenge today is that deep learning is quite complex to implement and deploy.

“The barrier to entry of deep learning versus machine learning remains extremely high,” he said. Part of that is because machine learning relies on only two or three algorithms; deep learning deploys tens of algorithms, and complex math. But the ongoing evolution of corporate cybercrime means cybersecurity companies may no longer be able to afford relying solely on machine learning.

Recent cybersecurity attacks like WannaCry led to a spike in stock prices; reports last May said companies including FireEye, Sophos and ETF saw their own surges in the immediate wake of the event. But Caspi also pointed to declines in market value in the long-term for some cybersecurity companies (FireEye, for example, missed earnings and revenue expectations in its Q4 2016 report). Caspi said this is because these businesses can no longer keep pace with the current cybersecurity climate that demands greater agility, and at the same time, greater efficiency.

Analysts picked up a merger and acquisition (M&A) boom in the cybersecurity industry last year, and it shows no signs of slowing: This month alone, Symantec revealed agreements to acquire Fireglass as well as Skycure (both of which are also based in Israel), a move Caspi said is part of the companies’ efforts to integrate cybersecurity for different platforms, including mobile and web, under a single roof.

“The whole industry is going to change,” the CEO said. “We’ve sees a lot of M&As in the last 18 months, because cybersecurity vendors realize they need one platform to address different attacks.”

Organizations don’t want to have to implement dozens of cybersecurity solutions to cover all of their bases, he added; they want a few vendors that can do it all — and that includes detection and prevention. As M&A activity continues, and as industry players shift their capabilities to meet unprecedented challenges, Caspi said Deep Instinct hopes to IPO in a few years, too, banking on its ability to deploy deep learning in this space and evolve with industry trends. The good news: Deep Instinct raised $32 million from venture capitalists earlier this month, so the company could be well on its way.

“The industry is going to change dramatically in the amount and size and the feature-richness of technology of cybersecurity companies,” he said. “It will be very interesting and challenging to see how it evolves.”

The post Diving Deeper Than Machine Learning To Combat Corporate Cyberattacks appeared first on Artificial Intelligence.