This year, WannaCry was one of the most damaging cyber-attacks in history. The estimated cost for this one attack alone could reach 170 Billion Baht. As the world becomes more connected, cyber-attacks will continue to be a big threat to both businesses and governments. AI could be the key to help ensure our computers and servers are kept secure from external threats.

WannaCry caused a lot of media coverage on the scale of the attack, shutting down large telecom companies and hospitals. It is a ransomware that encrypts files on computers that can only be unlocked if you pay the criminal the ransom. It uses
a known exploit in Microsoft Windows, and so it cannot attack computers that have the most up to date version. The big worry is with zero-day attacks; these are attacks that use exploits not yet known by software vendors such as Microsoft.
NSA has developed many tools that target these security holes. But how do you defend against attacks that exploit security weaknesses that you don’t even know exist? People are turning to AI to help us fight the next wave of attacks.

Companies are now employing AI that learn the typical pattern of usage within a computer and servers. When it detects
a behavior that does not conform to this pattern, the AI flags it up and blocks it before it causes any damage. This can also be used to detect anomalies in server networks. This is very useful because it can detect threats even after the attacker has gained access to your servers. Normally these attacks gain entry due to users clicking on malicious links or downloading infected files, actions that are hard to stop using normal firewalls and detection systems. Without some way to detect and stop the attackers after they have entered your system, the attackers can lie in wait and can monitor your actions and even choose to alter your files without your knowledge.

But how do we ensure our cyber defense AI can keep up with the next wave of cyber warfare? The latest research in AI is in the field of Generative Adversarial Networks (GANS). GANS could be implemented in cybersecurity by creating an attacker AI to try and slip by the defender AI without notice. Imagine a thief trying to trick the police and rob a bank. The attacker AI will improve itself to try and trick the defender AI, But at the same time, the defender will improve its ability to detect these disguised attacks. It is a competitive game where each side will try to outsmart each other. At Sertis we have also been using GANS but for more health oriented goals, such as building better detectors for cancer and Alzheimer. By allowing AI to improve itself without too much human intervention, GANS will have huge implications in the development of smarter AI.

Given these advances in AI and more frequent cyber-attacks, we need to start employing advanced technologies such as AI in our cyber defenses. Without it, we are leaving ourselves much more exposed than we think. Without realizing, your servers may already be infiltrated by someone waiting for the right time to attack. Some may view this as overly cautious, but in the world of cyber security, only the paranoid survives.

This article first appeared in Thai on Think Data Science Column at Bangkok Biz News.

Written by Tee Vachiramon