The artificial intelligence security solution is not really as secure as you think
by Ready For AI · August 18, 2018
In the complex Internet environments and applications, is it possible to use artificial intelligence security solutions to improve security?
Artificial intelligence security solutions have been gradually adopted
In Gartner’s 2017 report on emerging technology maturity curve, ubiquitous artificial intelligence has become a hot spot, and artificial intelligence in the security field also has brought new opportunities for industry development. Artificial intelligence relies on its automation and powerful data analysis capabilities to possible to achieve faster and more accurate vulnerability discovery and repair. For this reason, more and more enterprises and security vendors are beginning to use their AI technological to combat network security threats and network anomaly detection, and upgrade network security detection systems.
It must be affirmed that artificial intelligence is beneficial to network security. As the WannaCry virus has ravaged the world, people have finally seen the power of ransomware and dare not relax their vigilance. The malware continues to mutate like a virus, security researchers find it almost impossible, to develop an appropriate response strategy without using artificial intelligence.
But, any technology has its own limitations, and artificial intelligence is no exception.
Artificial intelligence may not be suitable for low power devices
In fact, most IoT devices are typically low-power and can only perform small amounts of data calculations. If a malicious attacker has implanted malware at this level, it can be said that artificial intelligence is basically unable to cope. The reason is that artificial intelligence requires a lot of memory, computing power and a large amount of data to work. It must be sent the data to the cloud for processing to receive the response of the AI program, but the IoT devices usually do not have these conditions. Of course, future chips may be to have the ability to process data locally, but at least it still can not do this now.
The car AI can automatically alarm and provide the location of the vehicle in the event of a car accident, but it does not change the fact that an accident has already occurred. That is to say, the automatic alarm of the vehicle may save time compared to the passerby, but it still cannot prevent the collision of cars. Artificial intelligence can only help detect where something is abnormal before the device is completely out of control, or in the worst case, prevents you from losing control of the entire IoT infrastructure.
Artificial intelligence can't analyze unknown things
The real world is diverse and the changes are uncontrolled. So AI can run well on a tightly controlled network, but it can’t function properly in an unknown environment other than ‘network’. I think that artificial intelligence security solutions have at least four major pain points to address:
- Shadow IT
- BYOD project
- SaaS system
- Employee
No matter how much data we inject into the AI , we must solve these four pains points at the same time , and this is an almost impossible task . Especially in a company, there are always employees that open corporate office mail on their personal laptops through an insecure Wi-Fi network, then sensitive data may be lost . In the face of this situation, artificial intelligence does not even know that what happened . Usually that the company’s internal applications can be protected by AI to prevent users from misuse, but the terminal devices used by employees cannot be protected. Not only that , but how do you introduce AI for a cloud system that only provides a smartphone app based on SaaS but does not provide enterprise access control and real-time logging ? So under these circumstances , enterprises have no way to successfully use artificial intelligence to ensure information security.
Artificial intelligence can be deceived by artificial intelligence
It is conceivable that while security personnel used AI to optimize threat detection, attackers are can also trying to evade detection with AI. On the one hand, enterprises use AI to obtain higher accuracy attack detection ability. On the other hand, attackers use AI to develop smarter and evolved malware to evade detection. This kind of malware uses AI to escape the detection of AI, and once the malware successfully scams the company’s AI attack detection system, it can do any destructive action in the company network without triggering any alarms. Even later the malware is detected, the security line of the enterprise has already been penetrated, and the damage has already been caused.
In the latest survey released by Cisco, we saw that 39% of CISOs said their companies rely on automation for network security, 34% of them said their companies rely on machine learning, and 32% of them said they are still highly dependent on the workforce. Although these CISOs are very optimistic about AI, in addition to being able to identify malicious behavior, AI has few other application scenarios in the security field. Therefore, artificial intelligence is still not a rule changer of the security field now.
Conclusion
Artificial intelligence relies on learning to evolve, which also leaves it with too much uncertainty in dealing with unknown problems. The problems in the security field are usually caused by unknown factors (viruses or attack), and artificial intelligence may only be able to learn and master the judgment after the event, then use it for the next prediction. Of course, this is also an important advancement for traditional security solutions.