Artificial Intelligence and Cyber Crime – A Curate’s Egg

Author : Prakarsh (NLIU Bhopal)

Co – Author : Riya Khanna (NLIU Bhopal)

INTRODUCTION

Mankind has continuously strived to not only understand the creation of life but also to create life itself. Artificial Intelligence (Hereinafter ‘AI’) has been one of the greatest steps taken towards creation of a fabricated consciousness. AI has been a pivotal creation and whenever there is such a creation it is always coupled with the dichotomy of it being used for desirable or undesirable reasons. AI is a self-evolving entity and has the ability to learn, take decisions and act independently, it has the potential to overhaul the situation of cybersecurity as we know it. When we do come to the question so as to how it will be used, there can be two different scenarios, one where it promotes cybersecurity and one where it prevents it. There is no middle ground as its affect in cyberspace is inevitable. With the advancement of humanity into the age of technology there is a pressing need to extensively discuss the ways it will affect the present state of affairs in every field including the field of law.

AI triggered cyberattack is not an uncertain phenomenon anymore. All the requirements required such as complex malware, skilled cybercriminals, sophisticated systems etc. to effect such attacks are already in place. Almost every sphere of life has an online dimension to it thereby making it susceptible to all kinds of cyber-attacks additionally almost every individuals and organizations data is available in the cyberspace thereby making it a goldfield for any data theft activities. This threat has been acknowledged on various international platforms such as the G-7 Summit on AI, OECD’s Ethical AI principles, European AI and Privacy guidelines, EU’s GDPR etc.

However, there is also the bright side to AI uses which can help predict cyber-attacks by monitoring data activity and prevent them before they even happen.

There is a lot to be discovered in the field of cyberspace and AI which needs to be delved into and in this blog the authors will attempt to shed light on the immediate ways in which AI might influence Cybersecurity.

A NOT SO EMPTY THREAT

Machine learning can be a serious threat because it essentially holds the power to impersonate and mimic any user’s behavior. This brings us to the possibility of AI malware being used for phishing activities. Phishing is a classic example of online fraudulent activity; however, it may now be supplemented by machine learning algorithms and turn a simple phishing code into one that can send emails from any user’s account which may not be distinguishable from the user’s usual mails due to the code duplicating the user’s nuances in writing. Through AI one may mimic the mailing pattern of influential organizations such as banking or insurance institutions, which then can be used to send mails aimed at stealing data from the receiver.

Further, AIs have the ability of processing data at abnormally high rates as compared to other codes. If an AI malware is released into the data banks of any institution it can adapt to the environment, technically becoming invisible. While blended into the background it can process large amounts of data and send it to the user while maintaining its camouflage. With the increase in institutions that have data grids as their heart and soul, they stand at the risk of completely collapsing in case of a data theft attack.

Another risk lies in AI itself. Any platform that uses AI can be subjected to a specific type of attack designed to strike AIs known as ‘Adversarial AIs’. These are designed to trick any AI program to misidentifying or misclassifying objects. With creations like Self-Driving cars and Facial Recognition security systems, tricking the system into making mistakes can lead to a lapse in security. Hackers can make a pedestrian which the Smart-Car was supposed to identify, invisible to it or they can distort a facial recognition software to identify any face as the user’s face thereby letting the hacker walk right into the system without raising any alarms.

Ergo, when we talk about cyber-attacks in general, these attacks usually require proficient technicians focusing on a particular target by modifying the malware to retrieve particular data stored and bypass specific security provisions that the target system may have integrated. However, with the exceptional data processing speed and self-evolving abilities that AI has introduced, the attacker simply has to create a single code which he can then release among multiple systems where they can adapt accordingly as required. The efficiency of the attacks is going to take a substantial and unanticipated leap, surpassing any security provisions currently in use, and that is precisely why we need to engage in developing counter-mechanisms immediately.

POSSIBLE WHITE KNIGHT FOR CYBERSECURITY

Just as AI-systems require novel cybersecurity tools and techniques to enhance their reliability; cybersecurity can use AI to augment its efficiency. AI can be utilized to identify and categorize a sundry of attacks and inform adaptive responses (it can discover the discrepancies rapidly and   know how to fix them) at scale. AI can be maneuvered to develop particular defensive aspects of cyber security more efficiently. Combating spam and detecting malware are key instances of the same. Utilizing artificial intelligence for the purpose of cyber security yields finer solutions while interpreting enormous quantities of data, making security operations more systematized. Through such operations, cyber threats can be predicted well in advance. Artificial intelligence augments cyber security through few aspects, including machine learning, risk identification, access securing and fast responses.

There are various procedures of Artificial Intelligence incorporated with Cyber Security which can forestall certain security breaches. Expert system is one amongst them. It is a technique of AI through which the decision-making capacity of humans under the Cyber area is augmented. It was the first successful instrument of Artificial Intelligence. For biometric verification frameworks, AI could improve precision and diminish attacks. It can be utilized alone or related to a secret key and is as of now being utilized in most new cell phones. Ergo, AI contribution in the form of biometric logins is significant to ensure cyber security.

Deep learning is a trailblazing discipline of AI, the other name of deep learning is Neural network. It works comparably to the working of Human Brain. It is domain-independent and can find out about different kinds of information. On the same lines, if this idea is applied in Cyber Security, the framework acts as domain-oriented and can undoubtedly recognize whether a stored file is malicious or legitimate without human collaboration. Its main advantages are that it forestalls certain malignant agents entering into the Cyber region and protects the systems from specific attacks.

Intelligent Agents is another technique of AI. It is also known as Abstract Intelligent Agents (AIA). It consolidates sensors and actuators to demonstrate the framework and operates as a Computer program. Thermostat is a prime instance of the same. It is used as a shield against the Distributed Denial of Service (DDoS) attacks.

Recently, numerous Digital Security organizations are programming AI frameworks to extract malware and viruses that have blended themselves into the system background.

AI can reason and recognize any lurking threats, for example, malware, fabricated IP locations, or other virus files. In addition, AI can likewise scrutinize different sites or any user activity to predict whether they will indulge in illegitimate behaviour. At the end of the day, AI frameworks can anticipate and perceive an attack before the real digital attack strikes.

Artificial intelligence (AI) and machine learning (ML) applications are being implanted into the cyber set-up of corporations—particularly in Security, detection and response (IDR).

Recently, The Data Security Council of India carried out a joint report wherein it has highlighted its efforts to fuse AI with ‘Digital war rooms’ of various associations. India therefore has demonstrated its intentions of connecting AI innovation with Cybersecurity in the near future.

CONCLUSION: BALANCE OF SCALES

AI is like a coin; it inherently has two sides. In our opinion the balance slightly tips over to the positive uses of AI. It is not easy to think of anything that cannot be used in an untoward manner hence, it all comes down to what countermeasures do we have in place to deal with such delinquency. There is enough research available to give a fair idea regarding what threats might AI and machine learning pose for Cybersecurity, a few have also been highlighted in the blog. This gives private institutions and governments a head-start in developing measures before the technology comes into mainstream illegitimate use.

The measures highlighted in this blog are still rudimentary to be implemented on a wider level. Nevertheless, before there are publicly and commercially available protective measures against such attacks, organizations can have an AI integrated into their Cyber Security Center. If they invest in the preliminary AI measures available at this incipient stage, it will be easier for them to evolve their security along with the development of AI.

It should be urged that private companies that heavily rely on online data err on the side of caution and invest in security schemes crafted for AI powered attacks. It may be in the form of a dynamic system inspection software which can detect even the slightest inconsistency in the background. While average users will have to be extra careful with respect to the information they divulge to any platform.

For now, all we can do as an average user of technology is to be aware of the situation and the developments and accordingly gauge how careful we have to be while the respective institutions work on making protection profitable.