Machine learning is already making significant contributions to security, helping to detect and correct vulnerabilities, identify suspicious behavior, and better contain zero-day attacks. However, any and all of these gains could be lost if and when these advances are repurposed by those seeking to uncover and exploit security vulnerabilities rather than defend them.
In the very near-future, machine learning is likely to be re-deployed by cyber-attackers looking to develop and distribute more dangerous and malicious threats. Worse still, this escalation might have already happened and we just don’t know about it yet.
A Cylance poll held during the Black Hat USA infosec convention saw sixty-two percent of surveyed attendees agreed that there was a high possibility that AI could be used by hackers for offensive purposes within the coming year.
McAfee said as much in their recent 2018 Threats Predictions Report. According to them, there are already plenty of black-box attacks that don’t follow established patterns and, eventually, it’s expected that security researchers will reverse engineer one of these solutions and find hard evidence that machine learning has been turned.
McAfee Labs Vice President Vincent Weafer says that they “expect to see more advancements in the use of machine learning and analytics by attackers to accelerate and sharpen social engineering attacks—phishing, fraud, spyware, and scams—across more industry sectors than they can do today using manual reconnaissance techniques. Business email compromise scams will make use of machine learning to appear more legitimate to their targets.”
In addition, “we may see ‘target acquisition as a service’ providers leverage the increasing volume of personal information that has been leaked from multiple data breaches in past years to identify and qualify targets.”
They aren’t the only vendor looking to raise awareness of the threat. Symantec CTO Nick Savvides says that 2018 will be “the first year where we will see AI versus AI in a cybersecurity context. Cyber criminals will use AI to attack and explore victims’ networks, which is typically the most labour-intensive part of compromise after an incursion.”
Machine learning also has the potential to enhance the existing tactics employed by such cyber-criminals. Machine learning could make phishing attacks more difficult to identify or allow attackers to effective at gaining unauthorized access through a users connected devices once one set of credentials have been stolen.
Perhaps the scariest thing here is that, much like the unmapped positive potential, the potential damage that machine learning could do is difficult to fully comprehend at this early stage. Even in many of the best case scenarios, applications of machine learning will likely see the arms race between the cyber-security and cyber-criminal worlds ratchet up to a faster pace than ever seen before.
Again, this isn’t to say that the experts aren’t already preparing. McAfee speculate in their 2018 Threats Predictions Report that machine learning, AI, and game theory can be used to to probe for vulnerabilities in both our software and the systems we protect in order to counteract new strains of machine learning-powered threats.
Basically, they aim to beat cyber-criminals at their own game by developing better machine learning-based systems for vulnerability detection - discovering and amneding issues before they can be exploited.
Other ways in which machine learning can be used to neutralize its offensive capabilities have also been raised. In an interview with Gizmodo, Recorded Future Chief Technology Officer Staffan Truvé discussed the possibility of using machine learning and natural language processing to detect when an attack is being planned and discussed on criminal forums - predicting threats before they happen.
He said that “bad guys [with AI] will continue to use the same attack vectors as today, only in a more efficient manner, and therefore the AI based defence mechanisms being developed now will to a large extent be possible to also use against AI based attacks."
So while it’s clear that machine learning has enormous potential to empower cyber-criminals and swing the advantage in their favor, it’s latent promise to give cybersecurity vendors better tools to counteract that threat can’t be dismissed either.
As cliche as it might sound: the only certainty here is that machine learning is going to change everything.