The National Institute of Standards and Technology have had plans to move to a vulnerability scoring method that uses IBM’s Watson artificial intelligence system by October 2019. So far, Watson stumbled when evaluating new and complex vulnerabilities. AI is sneaking in to cyber security business. Does it make us stronger or more vulnerable?

AI in its recent form and development is a powerful tool but contains some risks and ethical questions we should be aware and consider. We should not just trust learning AI methods like a magic black box. The decision-making should be “transparent”. We need to understand how it works and have command over it. At the same time, our officials’ main concern is not anymore that hackers will steal data, but that they will change data. This follows that users will unwittingly rely on false information.

There are shortcomings we need to be aware if AI will be used even further for Cyber-security defenses. It will have a limited protection capability against zero-day exploits and new advanced threats. The algorithmic learning needs data from past and it does not exist from new variants of malware that does not match past malware. To be sure to catch all possible incidents could lead in worst case higher rate of false positives. To eliminate them ends up for doing lot of hands on work. On the other hand, we might start trusting the AI too much and loose the control and understanding why and how it does the decision making. The final question if something bad happens would be: who is responsible?

At the same time, we are harnessing our cyber-protection using AI, the black-hats do not just twiddle their thumbs. New threats can be introduced via AI either expanding the existing threats or developing new attacks. Malicious activity behavior could learn on the fly and change its behavior if it is detected. Knowing the learning mechanism of a defender it could be outsmarted or confused. If the attacker would manage to generate volumes of false positives the intended service would not be available anymore.

Where we stand now? Collaborative malwares are already here. Early 2019 it was reported how combined attack with Vidar stealing a wide variety of data and GrandCrab finishing the job encrypting the infected system and setting a ransom demand. Very handy collaboration. Surely, we have also many companies who are offering their learning (AI) approaches for Cyber-security defense.

Our rationale is that we need to harness better tools for protecting our valuable assets and services. CS-AWARE[i] aims to increase the automation of cybersecurity awareness approaches for local public administrations (LPAs). It collects cybersecurity relevant information from sources both inside and outside of monitored LPA systems. It performs advanced big data analysis to set this information in context for detecting and classifying threats and to detect relevant mitigation or prevention strategies. Key lesson we have learned so far is importance collaboration and information sharing. We have seen this on the level of external authorities but also already with different actors on the local level. We are investigating this even further in another H2020 project, CinCan (Continuous Integration for the Collaborative Analysis of Incidents), where we also try to promote sharing and reporting vulnerability information between different countries’ CERT organizations.

Juha Röning
Oulu University

[i] A Cybersecurity Situational Awareness and Information-Sharing Solution for Local Public Administrations based on Advanced Big Data Analysis: The CS-AWARE Project

Schaberreiter, Thomas and Röning, Juha and Quirchmayr, Gerald and Kupfersberger, Veronika and Wills, Christopher C. and Bregonzio, Matteo and Koumpis, Adamantios and Sales, Juliano Efson and Vasiliu, Laurentiu and Gammelgaard, Kim and Papanikolaou, Alexandros and Rantos, Konstantinos and Spyros, Arnolt In: Challenges in Cybersecurity and Privacy – the European Research Landscape. RIVER PUBLISHERS SERIES IN SECURITY AND DIGITAL FORENSICS River Publishers, Netherlands, pp. 149-180 ISBN 978-87-7022-088-0 (Hardback); 978-87-7022-087-3 (Ebook) (2019)