Improving Cybersecurity Through Artificial

Intelligence and The Risks Involved

z
Roorkee(UK), India Sasaram(Bihar), India
[email protected] [email protected]

y a
Abstract—Over the past decade, there has been a substan- 2016, the Mirai malware infected hundreds of IoT devices

e
tial increase in cyberthreats, with cybercriminals demonstrating forming a powerful botnet for a devasting DDoS attack. The
heightened sophistication. Traditional security controls, including IDPS struggles with configuration challenge and false alarms.

N
advanced tools like Intrusion Detection and Prevention Systems
(IDPS), are proving inadequate in the face of these highly skilled Traditional IDPS can be divided into 2 parts: Intrusion
attackers. The deployment of Artificial Intelligence (AI) offers a Detection System and Intrusion Prevention System. Signature-
promising solution to enhance the efficacy of security measures. based systems rely on known threat databases, while anomaly-

i
AI, particularly through Machine Learning (ML) techniques, has based systems asses network behaviour for intrusion. The
the potential to significantly improve the detection rates of IDPS problem with signature-based system is that they are limited to
systems

k
Index Terms—Cybersecurity, artificial intelligence, machine recognizing known threats, and both the systems suffer from
learning, deep learning, deep belief network, IDPS, botnet false alarms due to the diversity of network traffic. This creates

a
a need for more advanced tools. These tools use Machine
I NTRODUCTION Learning (ML) like Artificial Neural Network (ANN) and

Z
The ever-developing landscape of cybersecurity, as men- Genetic Algorithms (GA).
tioned by Myrian Dunn Cavelty, underscores the threat of ML-based IDPS introduces approaches like Artificial Neural
attacks faces individuals and organizations alike. Due to the Network (ANN) which mimics the human brain behaviour to
advancement of technology, cybercriminals are becoming in- recognise complex patterns and deviations from the natural be-
credibly complex and outpacing traditional security measures. haviour. Unlike signature-based systems, ML-based IDPS does
Due to this cybersecurity experts have turned towards AI to not depend upon a predefined database and offers adaptability
counter new and evolving threats. towards new threats. Deep Learning Models like the Deep
AI is a branch of computer science which refers to the Belief Network (DBN) for intrusion detection alongside the
simulation of human intelligence in machines that are pro- Restricted Boltzmann Machine (RBM) and Back Propagation
grammed to think, learn, and perform tasks autonomously. AI (BP) neural network layer can be used to reduce false alarms
encompasses various other branches like Machine Learning and lead to a more accurate result.
(ML). ML teaches machines how to make decisions, and To solve the issues that arise due to the dynamic nature of
its growth has facilitated the development of techniques for botnets, Xuan Dau Hoang and Quyng Chi Nguyen have pro-
detecting tumours and enhancing cybersecurity protocols, in- posed a two-phase detection model. In the training phase, the
cluding the identification of malware in networks and phishing ML algorithm collects DNS query data from bots within the
emails. Another significant AI branch is Deep Learning (DL), botnet, extracting domain names associated with botmasters
a type of ML known for its prowess in pattern recognition and who control these devices. Once the training phase concludes,
predictions. the system proceeds to the detection phase, where the results
Cybersecurity experts are leveraging ML and DL techniques of the analysis determine the legitimacy of DNS queries. The
to address challenges in areas like Botnet Detection and classifier distinguishes between legitimate queries and those
Intrusion Detection and Prevention Systems (IDPS). While associated with a botnet, showcasing the model’s ability to
these AI-based technologies offer significant advantages, their adapt and identify evolving threats.
integration into organizational frameworks raises implications The system proposed by Aymen Awadi and Bahari Belaton
that cybersecurity experts must carefully navigate to ensure follows a similar trend i.e. they proposed a multi-phased
cyber safety. approach for botnet detection. In their first phase, a signature-
based database algorithm is employed, differing from the first
C YBERSECURITY PROBLEMS THAT AI CAN SOLVE approach. The second phase involves gathering data from
Some of the long-standing issues with cybersecurity include the botnet to detect ongoing attacks. Although s approach i
botnets employed for Distributed Denial of Service (DDoS) s effective for attack detection, it lacks the integration of
and Intrusion Detection and Prevention System (IDPS). In machine learning which limits its ability to detect IP addresses
changes and seemingly legitimate behaviours. digital environment from evolving threats to regulate the
Companies like Fortinet use a cutting-edge threat detection proliferation of AI code
system called the Self-Evolving Detection System (SDES).
C ONCLUSION
SDES relies on continuous training through ML and DL which
enhances its accuracy over time. cybersecurity, especially in areas such as intrusion detection
and prevention systems (IDPS) and botnet detection, has great
R ISKS OF USING AI potential to improve defense mechanisms.
Machine learning (ML) has proven to be a particularly
Artificial intelligence (AI) is the cornerstone of modern effective technique within IDPS, demonstrating the ability to
cybersecurity, providing innovative solutions to combat cyber reduce false positives, increase accuracy, and adapt to new

z
threats. However, integrating it into your work environment threats. Deep learning (DL), especially when combined with
comes with various risks. This summary covers the com-

a
deep belief networks (DBNs), can improve the performance
plexities of AI in cybersecurity, recognizing its benefits and of IDPS systems, with increased computational power leading

y
highlighting the complex challenges it poses. to better accuracy and better results.
On the double-edged sword of AI in cybersecurity, Zielzien- Applying ML to Botnet Detection represents a two-phase

e
ski aptly explains that while AI systems strengthen defenses model that uses a learning phase and a discovery phase to
against cyberattacks, they also create new vulnerabilities that analyze domain queries used by botmasters. Technologies such

N
can be exploited by hackers. Consumers looking to improve as k-Nearest Neighbor and Random Forest have been proven to
their security measures may be unaware of the new risks accurately detect botnets, reduce false positives, and improve
associated with new technology, leaving them unwittingly the overall efficiency of botnet detection systems. However,
vulnerable to attacks. This is exacerbated by the fact that users it is important to be aware of the potential drawbacks and

i
tend to miss security patches, leaving unpatched applications challenges associated with widespread application of AI in

k
running in the background. cybersecurity.
Widespread access to AI-related information has democ- Extending AI tools within an organization’s cybersecurity

a
ratized knowledge about its programming. Authors such as framework can unintentionally expand the attack surface and
Miles Brundage and Shahar Avin argue that simply restricting provide additional attack vectors for cybercriminals to exploit.

Z
the distribution of AI code does not limit its malicious use, Furthermore, the integration of AI introduces new vulnerabil-
as motivated attackers may resort to espionage to obtain such ities and increases the potential for sophisticated attacks as
code. It is argued that it cannot be completely prevented. cybercriminals become more proficient in using her AI tools.
However, efforts to reduce the risks posed by less capable AI’s ability to mask malicious intent in network probing
actors using AI can be achieved through a combination of and malware distribution poses a challenge for cybersecurity
measures such as strengthening system security, responsible experts. To mitigate these risks, robust policies governing the
disclosure of developments, and increasing threat awareness adoption of AI in an organization’s cybersecurity strategy
among policymakers. are essential. Cybersecurity professionals must proactively
Establishing regulations to curb widespread use of AI code develop and enforce strict policies to ensure the responsible
has proven to be a complex task for policymakers. The threat use of AI. These policies should include continuous moni-
is becoming increasingly common as cybercriminals become toring, regular updates, and adaptive strategies to deal with
more sophisticated in exploiting AI for malicious purposes. evolving threats. The symbiotic relationship between AI and
In 2016, the Defense Advanced Research Projects Agency cybersecurity is promising, but making it a reality requires
(DARPA) held a bug-hunting competition with a capture-the- a careful and cautious approach to protecting against the
flag (CTF) game that uses automated AI tools to identify and evolving cyber threat landscape.
fix internal bugs.
Since then, the MIT researcher has been using his AI to
detect threats and alert security experts so they can take
proactive measures. The progressive integration of AI into
cybersecurity will not only impact cybercriminals, but also
state actors. Using AI, these attackers can quickly exploit
unknown vulnerabilities and filter sensitive information for use
against nation states.
Therefore, AI has gone beyond its role as a defense tool
and is proving to be a new weapon in cyber espionage.
In summary, the benefits of AI in cybersecurity come with
complex risks, and mitigating vulnerabilities requires a nu-
anced approach. Policymakers recognize that a comprehensive
strategy requires a combination of technological advances,
responsible practices, and increased awareness to protect the