Artificial Intelligence in Cybersecurity

January 14, 2025

Introduction

AI has become one of the fastest-evolving threats to cybersecurity since the advent of Large Language Models (LLMs). Previously, attackers relied on the dark web or manual methods to develop malware. Now, many black hat hackers and software engineers are leveraging AI tools to create innovative malware and ransomware. As these threats increase, so do defense innovations. While automated defense systems improve, certain elements of cybersecurity remain irreplaceable.

AI as a Defense Mechanism

Although AI tools can help mitigate these risks, their limitations necessitate human involvement. According to an article written in Forbes by Danny Jenkins, “AI can identify that behavior, but it can’t determine whether it’s a legitimate backup process or a ransomware attack. Backing up files for protection and copying files to extort a ransom look identical from a behavioral standpoint.” The solution lies in utilizing human judgment to analyze behavioral data and detect risks that AI alone cannot discern. AI is a knowledge-based tool that utilizes patterns and protocols to create solutions for potential threats using LLMs.

Human Detection: An Irreplaceable Asset?

Humans excel where machines fall short due to their ability to apply inductive reasoning. Humans can deduce conclusions that machines may miss by analyzing broader datasets and context. AI systems apply rules to knowledge graphs using discrete neural algorithmic reasoning to detect anomalies and alert administrators. However, attackers innovate to bypass existing rules and protocols. Humans identify these malicious innovations by examining data outside predefined system parameters, enabling them to address vulnerabilities undetectable by algorithms.

What are IDS & IPS?

IDS stands for Intrusion Detection System, and IPS stands for Intrusion Prevention System. According to IBM, “IDS can help accelerate and automate network threat detection by alerting security administrators to known or potential threats, or by sending alerts to a centralized security tool.” An Intrusion Prevention System monitors network traffic and implements measures to mitigate malicious intrusions. Alerts generated by IDS or IPS are often sent to an organization’s SIEM (Security Information and Event Management) system, where administrators interact with them through a centralized dashboard. IDS and IPS can work together as IDPS (Intrusion Detection and Prevention Systems).

AI vs AI: A Necessary Precaution?

AI-based IDS protection is a rapidly growing field. New AI-based IDS systems, like APELID, are being developed to improve real-time intrusion detection. A Science Direct article describes APELID, which combines Augmented Wasserstein Generative Adversarial Networks (AWGAN) with Parallel Ensemble Learning-based Intrusion Detection (PELID). The system incorporates a sandbox-based malware analyzer. Rigorous experiments using datasets such as CSE-CIC-IDS2018 and NSL-KDD demonstrated APELID’s effectiveness in detecting intrusions in real-time. However, challenges remain, including issues with imbalanced datasets and latency in large-scale networks.

Another AI-based Intrusion Detection System (IDS) option is “Vectra,” which uses machine learning models that continuously adapt to new threats. According to Priya Naveen of Cyber Security News, “Vectra utilizes AI-based detection and response with machine learning models that continuously learn and adapt to new threats.” Vectra’s Network Detection and Response (NDR) functionality is pivotal in modern cybersecurity.

Common IDS Attack Vectors

Attackers are learning with each failed attempt, how to breach network security. Common attacks include spoofing, distributed denial-of-service (DDoS) attacks, operator fatigue, and phishing techniques such as vishing and smishing. Organizations must first acknowledge their vulnerabilities to address and secure them effectively.

Conclusion

In an age where new attack vectors emerge rapidly, organizations must implement robust measures beyond traditional authentication, authorization, and accounting. As both offensive and defensive strategies evolve exponentially, vigilance is essential in the fight for network and data security. Technology continues to advance, but human expertise remains critical when addressing gaps in algorithmic detection and ensuring a resilient cybersecurity posture.

References
  1. Danny Jenkins, Forbes Technology Council. “The Growing Risk of AI-Generated Cyber Attacks” https://www.forbes.com/councils/forbestechcouncil/2024/12/13/the-growing-risks-of-ai-generated-cyberattacks/
  2. IBM Security Team. “What is an Intrusion Detection System (IDS)” https://www.ibm.com/think/topics/intrusion-detection-system
  3. Hoang V. Vo, Hanh P. Du, Hoa N. Nguyen. “APELID: Enhancing real-time intrusion detection with augmented WGAN and parallel ensemble learning.” https://www.sciencedirect.com/science/article/abs/pii/S0167404823004777
  4. Priya Naveen, Cyber Security News. “25 Best Intrusion Detection and Prevention Systems (IDS & IPS) in 2024” https://cybersecuritynews.com/intrusion-detection-prevention-systems/
Victor Cruzat, Information Security Analyst