Artificial intelligence and machine learning continue to gain a foothold in our everyday lives. Whether for complex tasks like computer vision and natural language processing, or something as basic as an online chatbot, their popularity shows no signs of slowing. Companies have also started to explore deep learning, which is an advanced subset of machine learning. By applying deep neural networks deep learning takes inspiration from how the human brain works. Unlike machine learning, deep learning can actually train its processes directly on raw data, requiring little to no human intervention.
Recent research from analyst firm Gartner noted that the number of companies implementing AI technology has increased by around 270 per cent over the past four years. The return on investment is unmistakable as so many industries have started to implement the technology. However, even with the significant progress and given the nature of AI, that same, once helpful technology could fall into the wrong hands and be used to inflict damage on a company or the end user.
This ongoing battle that pits AI for good versus AI for malicious purposes, may not be something playing out in front of our eyes yet, but its not far off. Thankfully, the cost for implementing malicious AI, at any scale, is still somewhat cost prohibitive and requires tools and skills not readily available on the market. But knowing that it could become reality one day, means that companies should start preparing early for what lies ahead.
Heres a look into what that could look like, and what companies can do now to quell the storm.
When malware uses AI algorithms as an integral part of its business logic it learns from its situation and gets smarter at evading detection. But unlike typical malware that is one program running on a server, for example, AI-based malware can shift and change its behavior quickly, adjusting its evasion techniques as needed when it senses something is wrong or detects a threat to its own systems. Its a capability that most companies simply arent prepared for yet.
One example of situational awareness in AI-based malware came from BlackHat 2018. Created by IBM Security, DeepLocker is an encrypted ransomware that can autonomously decide which computer to attack based on a facial recognition algorithm. And as researchers noted, its designed to be stealthy.
The highly targeted malware hides itself in unsuspecting applications, evading detection by most antivirus scanning programs until it has identified its target victim. Once the target is identified through several indicators, including facial feature recognition, audio, location or system-level features, the AI algorithm unlocks the malware and launches the attack. According to researchers, IBM created it to demonstrate how they could combine open-source AI tools with straightforward evasion techniques to build a targeted, evasive and highly effective malware.
The amplified efficiency of AI means that once a system is trained and deployed, malicious AI can attack a far greater number of devices and networks more quickly and cheaply than a malevolent human actor.
And while the researchers also noted that they havent seen something like DeepLocker in the wild yet, the technology they used to create it is readily available, as were the malware techniques they used. Only time will tell whether something like it will emerge that is, if it hasnt already.
Companies can guard against malware like this by fighting fire with fire, using cybersecurity solutions that are based on deep learning, the most advanced form of AI. Its not enough to just get a firewall or basic anti-virus system, companies need to implement systems that can detect AI based malware and take the necessary steps to prevent harm. But also, to go one step further to achieve longer-term detection and pre-emptively stop continued damage. A necessary task with a future that includes AI-based malware.
Another harmful scenario is when malicious AI-based algorithms are used to hinder the functionality of benign AI algorithms by using the same algorithms and techniques used in traditional machine learning.
Rather than provide any helpful functionality, the malware is used to breach the useful algorithm, and manipulate it as a means to take over the functionality or use it for malicious purposes.
One example comes from several researchers studying adversarial machine learning. They investigated how self-driving cars processed street signs, and whether the technology could be manipulated. And while most self-driving cars have the ability to read street signs and act accordingly, researchers were able to trick the technology into believing it was reading a street sign, in this case a stop sign as a speed limit. This was a simple change that the technology onboard the vehicle couldnt detect as harmful. Taking a step back to look at the implications, it meant that the technology available today in self-driving cars could be exploited into causing collisions, resulting in possible deadly outcomes.
Adversarial learning can also be applied to subvert and confuse the efforts of computer vision algorithms, NLP (Natural Language Processing) and malware classifiers, which trick the technology into thinking its something else. The process typically injects malicious data into benign data streams with the intent to overwhelm or to block legitimate data. An example of this is a Distributed Denial of Service (DDoS) attack, which is when a cyberattack aimed at a server is purposely overwhelmed with data and internet traffic, disrupting normal traffic or service to that server, effectively bringing it down.
To block the harmful effects of this technology, companies need a system that understands when an algorithm is benign and working properly, versus one thats been tampered. Its not only protecting systems and the overall functionality of the tech, but could be protecting lives, as seen in the stop sign example. This is where advanced AI becomes necessary for analysis capabilities that enable it to understand and identify when something is amiss.
This type of attack is seen when malware runs on the victims endpoint, but AI-based algorithms are used on the server side to facilitate the attack. A command and control server which is used by an attacker to send and receive information from systems compromised by malware can control any number of functions.
For example, malware that steals data and information, which it then uploads onto a command and control server. Once complete, an additional algorithm identifies relevant details e.g. credit card numbers, passwords and the like which it then passes on to the server and ultimately the attacker on the other end. Through the use of AI, the malware can be executed on mass, without requiring any human intervention and be disseminated on a large scale to encompass thousands of victims.
One recent example Deep Instinct researchers uncovered was ServHelper. A new variant of the ServHelper malware uses an Excel 4.0 macro Dropper, a legacy mechanism still supported by Microsoft Office, and an executable payload signed with a valid digital signature. ServHelper can receive several types of commands from its Command & Control server, including: download a file, enter sleep mode, or even a self-kill function that allows it to remove the malware from the infected machine. This is a classic example of hacker groups using increasingly sophisticated methods, such as certificates, to propagate malware and launch cyberattacks.
Similar to the others, its not enough to just put up a firewall and hope for the best. Companies need to think holistically and protect all of an organisations endpoints and devices from Windows through servers and other platforms such as Mac, Android and iOS. An AI-based solution can help by constantly learning from what is or isnt malicious, helping its human counterparts to act once its identified and ideally stopped the harmful malware from spreading and hurting systems more.
Companies are just beginning to grasp that AI and machine learning can help with customer-facing technology and be used to help create stronger defences against a future of AI-enabled attacks. While the future of malware using AI might still be a few years away, companies can prepare themselves now against attacks of the future.
By using these technologies to spot trends and patterns in behavior now, companies can better prepare themselves against a future that employs AI against them. One way to ensure the technological advantage over any potential AI-based threat is a deep learning-based approach, which fights malicious AI with friendly AI.
Unlike other forms of anti-virus that remain stagnant, once implemented, deep learning is highly scalable. This is especially important as AI-based malware can grow and change constantly, and deep learning can scale to hundreds of millions of training samples, which means that as the training dataset gets larger, the deep learning neural network can continuously improve its ability to detect anomalies, no matter what the future will bring. Its truly fighting AI with AI.
Nadav Maman, CTO and co-founder, Deep Instinct
See original here:
The cybersecurity battle of the future AI vs. AI - ITProPortal
- Classic reasoning systems like Loom and PowerLoom vs. more modern systems based on probalistic networks - November 8th, 2009 [November 8th, 2009]
- Using Amazon's cloud service for computationally expensive calculations - November 8th, 2009 [November 8th, 2009]
- Software environments for working on AI projects - November 8th, 2009 [November 8th, 2009]
- New version of my NLP toolkit - November 8th, 2009 [November 8th, 2009]
- Semantic Web: through the back door with HTML and CSS - November 8th, 2009 [November 8th, 2009]
- Java FastTag part of speech tagger is now released under the LGPL - November 8th, 2009 [November 8th, 2009]
- Defining AI and Knowledge Engineering - November 8th, 2009 [November 8th, 2009]
- Great Overview of Knowledge Representation - November 8th, 2009 [November 8th, 2009]
- Something like Google page rank for semantic web URIs - November 8th, 2009 [November 8th, 2009]
- My experiences writing AI software for vehicle control in games and virtual reality systems - November 8th, 2009 [November 8th, 2009]
- The URL for this blog has changed - November 8th, 2009 [November 8th, 2009]
- I have a new page on Knowledge Management - November 8th, 2009 [November 8th, 2009]
- N-GRAM analysis using Ruby - November 8th, 2009 [November 8th, 2009]
- Good video: Knowledge Representation and the Semantic Web - November 8th, 2009 [November 8th, 2009]
- Using the PowerLoom reasoning system with JRuby - November 8th, 2009 [November 8th, 2009]
- Machines Like Us - November 8th, 2009 [November 8th, 2009]
- RapidMiner machine learning, data mining, and visualization tool - November 8th, 2009 [November 8th, 2009]
- texai.org - November 8th, 2009 [November 8th, 2009]
- NLTK: The Natural Language Toolkit - November 8th, 2009 [November 8th, 2009]
- My OpenCalais Ruby client library - November 8th, 2009 [November 8th, 2009]
- Ruby API for accessing Freebase/Metaweb structured data - November 8th, 2009 [November 8th, 2009]
- Protégé OWL Ontology Editor - November 8th, 2009 [November 8th, 2009]
- New version of Numenta software is available - November 8th, 2009 [November 8th, 2009]
- Very nice: Elsevier IJCAI AI Journal articles now available for free as PDFs - November 8th, 2009 [November 8th, 2009]
- Verison 2.0 of OpenCyc is available - November 8th, 2009 [November 8th, 2009]
- What’s Your Biggest Question about Artificial Intelligence? [Article] - November 8th, 2009 [November 8th, 2009]
- Minimax Search [Knowledge] - November 8th, 2009 [November 8th, 2009]
- Decision Tree [Knowledge] - November 8th, 2009 [November 8th, 2009]
- More AI Content & Format Preference Poll [Article] - November 8th, 2009 [November 8th, 2009]
- New Planners Solve Rescue Missions [News] - November 8th, 2009 [November 8th, 2009]
- Neural Network Learns to Bluff at Poker [News] - November 8th, 2009 [November 8th, 2009]
- Pushing the Limits of Game AI Technology [News] - November 8th, 2009 [November 8th, 2009]
- Mining Data for the Netflix Prize [News] - November 8th, 2009 [November 8th, 2009]
- Interview with Peter Denning on the Principles of Computing [News] - November 8th, 2009 [November 8th, 2009]
- Decision Making for Medical Support [News] - November 8th, 2009 [November 8th, 2009]
- Neural Network Creates Music CD [News] - November 8th, 2009 [November 8th, 2009]
- jKilavuz - a guide in the polygon soup [News] - November 8th, 2009 [November 8th, 2009]
- Artificial General Intelligence: Now Is the Time [News] - November 8th, 2009 [November 8th, 2009]
- Apply AI 2007 Roundtable Report [News] - November 8th, 2009 [November 8th, 2009]
- What Would You do With 80 Cores? [News] - November 8th, 2009 [November 8th, 2009]
- Software Finds Learning Language Child's Play [News] - November 8th, 2009 [November 8th, 2009]
- Artificial Intelligence in Games [Article] - November 8th, 2009 [November 8th, 2009]
- Artificial Intelligence Resources - November 8th, 2009 [November 8th, 2009]
- Alan Turing: Mathematical Biologist? - April 25th, 2012 [April 25th, 2012]
- BBC Horizon: The Hunt for AI ( Artificial Intelligence ) - Video - April 30th, 2012 [April 30th, 2012]
- Can computers have true artificial intelligence" Masonic handshake" 3rd-April-2012 - Video - April 30th, 2012 [April 30th, 2012]
- Kevin B. Korb - Interview - Artificial Intelligence and the Singularity p3 - Video - April 30th, 2012 [April 30th, 2012]
- Artificial Intelligence - 6 Month Anniversary - Video - April 30th, 2012 [April 30th, 2012]
- Science Breakthroughs - April 30th, 2012 [April 30th, 2012]
- Hitman: Blood Money - Part 49 - Stupid Artificial Intelligence! - Video - April 30th, 2012 [April 30th, 2012]
- Research Members Turned Off By HAARP Artificial Intelligence - Video - April 30th, 2012 [April 30th, 2012]
- Artificial Intelligence Lecture No. 5 - Video - April 30th, 2012 [April 30th, 2012]
- The Artificial Intelligence Laboratory, 2012 - Video - April 30th, 2012 [April 30th, 2012]
- Charlie Rose - Artificial Intelligence - Video - April 30th, 2012 [April 30th, 2012]
- Expert on artificial intelligence to speak at EPIIC Nights dinner - May 4th, 2012 [May 4th, 2012]
- Filipino software engineers complete and best thousands on Stanford’s Artificial Intelligence Course - May 4th, 2012 [May 4th, 2012]
- Vodafone xone™ Hackathon Challenges Developers and Entrepreneurs to Build a New Generation of Artificial Intelligence ... - May 4th, 2012 [May 4th, 2012]
- Rocket Fuel Packages Up CPG Booster - May 4th, 2012 [May 4th, 2012]
- 2 Filipinos finishes among top in Stanford’s Artificial Intelligence course - May 5th, 2012 [May 5th, 2012]
- Why Your Brain Isn't A Computer - May 5th, 2012 [May 5th, 2012]
- 2 Pinoy software engineers complete Stanford's AI course - May 7th, 2012 [May 7th, 2012]
- Percipio Media, LLC Proudly Accepts Partnership With MIT's Prestigious Computer Science And Artificial Intelligence ... - May 10th, 2012 [May 10th, 2012]
- Google Driverless Car Ok'd by Nevada - May 10th, 2012 [May 10th, 2012]
- Moving Beyond the Marketing Funnel: Rocket Fuel and Forrester Research Announce Free Webinar - May 10th, 2012 [May 10th, 2012]
- Rocket Fuel Wins 2012 San Francisco Business Times Tech & Innovation Award - May 13th, 2012 [May 13th, 2012]
- Internet Week 2012: Rocket Fuel to Speak at OMMA RTB - May 16th, 2012 [May 16th, 2012]
- How to Get the Most Out of Your Facebook Ads -- Rocket Fuel's VP of Products, Eshwar Belani, to Lead MarketingProfs ... - May 16th, 2012 [May 16th, 2012]
- The Digital Disruptor To Banking Has Just Gone International - May 16th, 2012 [May 16th, 2012]
- Moving Beyond the Marketing Funnel: Rocket Fuel Announce Free Webinar Featuring an Independent Research Firm - May 23rd, 2012 [May 23rd, 2012]
- MASA Showcases Latest Version of MASA SWORD for Homeland Security Markets - May 23rd, 2012 [May 23rd, 2012]
- Bluesky Launches Drones for Aerial Surveying - May 23rd, 2012 [May 23rd, 2012]
- Artificial Intelligence: What happened to the hunt for thinking machines? - May 25th, 2012 [May 25th, 2012]
- Bubble Robots Move Using Lasers [VIDEO] - May 25th, 2012 [May 25th, 2012]
- UHV assistant professors receive $10,000 summer research grants - May 27th, 2012 [May 27th, 2012]
- Artificial intelligence: science fiction or simply science? - May 28th, 2012 [May 28th, 2012]
- Exetel taps artificial intelligence - May 29th, 2012 [May 29th, 2012]
- Software offers brain on the rain - May 29th, 2012 [May 29th, 2012]
- New Dean of Science has high hopes for his faculty - May 30th, 2012 [May 30th, 2012]
- Cognitive Code Announces "Silvia For Android" App - May 31st, 2012 [May 31st, 2012]
- A Rat is Smarter Than Google - June 5th, 2012 [June 5th, 2012]