1. Introduction

Artificial intelligence (AI) can be described as a system that recognizes its surroundings and performs activities increasing the probability of successful completion of objective. AI is an amalgamation of physical intelligence and technology which can be used to obtain desired results. This concept supplies apparatus for resolving complicated and arduous challenges on a computer system [1]. Improved information security controls with embedded AI are beginning to be used to protect organizations from progressively capable threat actors. The motive of AI is to facilitate the ability for computer systems to impersonate the cognitive thinking capabilities of humans in order to replicate their behavior to resolve challenges more expeditiously and effectively than can be accomplished by individuals. Numerous activities including strategizing, migrating, communicating, target and noise identification, creative pursuits, and company operations can be performed by AI [4]. Many methods that can be performed by AI are also relevant to resolving issues in the field of cybersecurity including natural language processing (NLP), machine learning, computational linguistics, and analytics that are both extrapolative and instructive in nature. Typically, AI solutions build their knowledge base through data provided by professionals or generated from transactions executed in existing systems. As additional data is provided to the AI systems which results in gradually more accurate replies which will ultimately surpass human subject matter experts. Within cybersecurity, AI is built from machine learning techniques in order to both recognize and mitigate risks by classifying inbound information as reliable or nefarious [6]. AI can be trained in a few different ways including supervised learning which is when the administrator controls the learning activities of the system, unsupervised learning which is when patterns are identified by the system, and reinforcement learning which makes use of trial and error to resolve issues without feeding the system data.

Futuristic Cybersecurity Defense System.

2. Literature Review

3. Research Methodology

• RQ1: What are the current challenges in cybersecurity that could benefit from augmentation?
• RQ2: What properties of artificial intelligence can benefit cybersecurity?
• RQ3: How can these artificial intelligence properties be integrated with cybersecurity in such a way as to improve the current posture of the security controls?
• RQ4: What are some specific artificial intelligence driven solutions that have been identified to benefit cybersecurity controls?

4. Results and Discussion

• Endpoint Security: Endpoint protection systems is the most frequent type of machine learning (ML) deployed today. AI can be successful in access control for endpoints by utilizing machine learning to understand prior behavioral blueprints in order to generate risk scores. AI can also be effective at controlling security of mobile endpoints through the use of machine learning and zero-trust methodology. Asset management can be a critical issue for organizations as misclassified assets could result in these assets not being included in the scope of critical security controls [18]. AI can enhance information technology (IT) asset management by taking advantage of key capabilities of machine learning. Machine learning can be positioned to decide the safety level of applications and isolating them from other applications in production environment as the levels of safety drop. Organizations can be empowered to forecast, identify, and react to illicit behaviors resulting from the integration of AI and machine learning. Local-to-end points, execution of instantaneous scans of every process with unfamiliar reputation can be performed by AI solutions and powered with machine learning to enhance security [20]. Machine learning can ensure that endpoints are compliant with regulatory requirements and organizational policies by observing behaviors regarding data access and data transmission.

AI-powered endpoint security system.

2. 

Threat Classification: As the challenges in cybersecurity grows, organizations are discovering that AI can add tremendous value in daily security operation regime. There are multiple areas of cybersecurity that AI can enhance which are currently managed using extreme human capital. Novel cyber threats can be discovered by AI through the behavioral analysis of data generating within an organization by networks, computing resources, applications, data sources, and security controls in order to facilitate the rapid response to the threats. As the attack surface has continued to increase including the cloud, mobile devices, IoT devices as well as the classical network and computing endpoints, organizations are obligated to build a larger array of security controls with the addition of new monitoring requirements. The amount of data generated from the broader attack surface and extended security controls in order to enable the monitoring has also significantly grown requiring an extreme time commitment from security personnel in order to identify behaviors of threat actors and patterns related to attack traffic [21]. As the available security personnel and time are limited resources to monitor the various security controls, AI can provide an amplification to resource limitations in order to automate the identification of threats by performing data filtering, eliminating false positives as well as enhancing the data itself which will greatly alleviate the difficulty in analyzing large amounts of data required for current strategies of security operations. AI solutions provides enhanced automation with added efficiency that frees up security personnel to work on other mission-critical responsibilities [24]. Discovery of a new blueprint for malicious activity can be correlated with preexisting bad blueprints to determine the likelihood that the data is of illicit intent with greater efficiency and precision than security personnel can perform. Analysis can also be performed by AI in order to associate data from the various origin points to create an illustration of ongoing malicious actions to enable security personnel to fully comprehend the full extent of the attack.

3. 

Risk Analysis: After a threat has been identified, a risk assessment must be performed in order to understand the actual risk of the threat with the lens focusing on any existing security controls overlapped on top of the identified threat. Understanding this risk allows security teams to understand the potential effect this threat could have on the organization’s operations and allows the response team to determine the appropriate course of action required for remediation [23]. AI with machine learning can assist with the risk assessment process in order to guide a proper reaction to the threat identified with the appropriate context understanding the current organizational security ecosystem.

AI Risk Analysis within an organization’s IT environment.

4. 

Remediation Guidance: Using machine learning, AI solutions can create security rubrics and signatures making them self-sufficient and less contingent on human configuration while becoming more successful in blocking novel threats. Security personnel allocate much of their working time toward applying patches which is becoming an extremely tedious process in terms of both time and resource management [22]. AI can lower risk through a patch management implementation that automates the discovery, prioritization, and remediation of vulnerabilities excluding excessive manual work. In the current environment, after the risk is understood regarding the threat, real-time security event alerts can be triggered with automated procedures in order to kick off remediation activities by humans to address identified security issues in a prudent timeframe. Machine Learning can also be utilized in order to appropriately analyze security control related data in order to identify threats, subsequently machine learning can be recruited to perform substantial processing driven by monitoring and evaluating previous actions performed by human security analysts. This training of the AI engine can augment the system’s capability to orchestrate remediation activities. Recurring actions can also be automated by AI and machine learning. This use case would cover notifications when remediation actions need to be expedited with a low-risk of error and where the AI platform has high confidence regarding the threat [25]. This capability provides much needed relief given the industry deficiency of experienced cybersecurity experts.

5. 

Automated Malware Detection: Software whose goal is to interfere with a company’s infrastructure through exploitation of attached devices [28]. Using machine learning, AI systems can automatically detect brand new malware through analysis of empirical data where traditional malware identification makes use of signature matching. Patterns in previous security incidents and related alerts can be discovered using AI which will enhance the currently deployed security strategy as well as defend an organization’s infrastructure from this attack in future.

This heat map diagram represents the intensity of AI systems' activities in scanning and detecting malware within a network. The heat map is divided into rows with each representing a specific activity related to malware detection and columns that indicate the level of intensity for those activities.

The role of AI in detecting social engineering attacks.

7. 

Boosting Optimization: As discussed earlier, security personnel is a limited resource and are normally overburdened with the pure volume of alerts that require attention making incident response prioritization a gruesome task. AI cannot be perceived as a backfill for incident responders; however, it can be used for prioritization of the security incidents that occur. AI can help simplify the work of security personnel by prioritizing security alerts which controls resource allocation by ensuring that threats with the greater risks are given higher priority.

8. 

Recognizing Cyberattack Trends: Many threat actors will place information regarding attacks against organizations within social media platforms. The capability of AI can be used to identify trends from social media in order to determine the popularity of different attacks across various business sectors as well as the attacks that cybersecurity professionals have categorized as the gravest concern [26]. Analysis at this level and scale is implausible for security personnel, but AI can assist companies with mining beneficial insights out of large quantities of data in order to identify cyberattack trends.

9. 

Artificial Intelligence for IT Operations (AIOps) Infrastructure: AIOps platform can be used by security personnel to procure a great amount of clarity around data security. These platforms can perform observation as well as directly combat threats [26]. AIOps can categorize large amounts of data originating from a variety of infrastructure components in order to identify threat actors regardless of behavioral attributes in different situations. Probable attacks can be identified and stopped before they become successful with an AI implementation that analyzes a large dataset encompassing both normal traffic as well as illegitimate traffic in order to forecast and mitigate threats prior to their occurrence.

10. 

Authentication using Biometrics Technology: Facial recognition systems used for authentication are becoming more dependable as software development teams are enhancing this capability using AI. Machine learning builds a model for biometric authentication using facial recognition centered around associations and blueprints. The strength of an AI-powered facial recognition system is that it remains competitively operational with facial hair growth, hairstyle alteration, donning an accessory such as a hat.

11. 

Access Control Management: Access control methods can be enhanced through AI integration. For instance, illicit behavior and abnormal sign-on requests can be located by machine learning in order to find possible security incidents. Also, password management can be augmented to recognize inadequate passwords and automatically instruct end users to improve the password quality.

12. 

Botnet Protection: Botnets can present a significant threat to an organization’s systems through account hijacking, data fraud, and creating fake accounts. It is possible for AI and machine learning to craft a defense against botnets as they can be trained to identify malicious bots, real end-users, and good bots from the stream of online web traffic. This capability empowers cybersecurity personnel to understand the characteristics of malicious traffic in order to establish diligence and defensive mechanisms against illegitimate bot traffic [29].

13. 

Breach Risk Projection: An organization’s technology asset inventory can be gathered and related to potential threats to determine the infrastructure components and applications that are at significant risk of attack and exposure. AI can provide awareness regarding weaknesses in an organization’s infrastructure and applications so that appropriate tactical and strategic steps can be taken to improve security controls as well as processes. Performing this planning will allow an organization to better understand the overall threat landscape and align both security controls and staffing in an efficient manner ensuring that resources are allocated using appropriate prioritization.

14. 

Threat Response Exhaustion: Security personnel can experience exhaustion which may result in the manifestation of additional security issues if not addressed in an appropriate manner. This condition is often the result of an array of security controls transmitting a bombardment of alerts to the security teams requiring decisions to be made and actions to be performed [31]. AI can be used to prioritize the incoming alerts in order to streamline security operations ability to manage the threats in the most applicable way. In addition, machine learning can be enabled to take prudent action to manage certain types of alerts.

15. 

Minimization of Human Configuration Inaccuracies: One of the main causes of cybersecurity issues can be directly attributed to human error. There are multiple reasons for this including the layering of security controls and human fatigue given the need to manage patching and day-to-day administrative tasks [30]. Issues that manifest themselves as the infrastructure is renovated, adjusted, changed can be identified by tools with embedded AI. These tools can provide opportune guidance regarding issues that are identified to humans. Using this guidance, the cybersecurity teams can also procure mitigation alternatives or enable AI systems to alter configuration attributes to remediate the identified risk.

16. 

Automation of Repetitive Tasks for Human Efficiency: During security incidents requiring threat response, the extent of the threat can change swiftly. This rate of change may hinder human response given precipitous complications. However, AI and machine learning are unfazed by any unanticipated change of direction and will respond without any interruption.

17. 

Threat Response Time: Threat actors have received a significant advantage from recent technological advancements which has resulted in attacks becoming more common as well as moving in a more expeditious fashion. Response from security operations can be delayed from the beginning of the incident which could lead to substantial amount of damage [32]. AI enabled security can collect information regarding the attack in order to organize the data and perform analysis and deliver a concise report. This provides quick recommendation for the security teams to take preventative measures to limit the damage caused and potentially stop similar attacks from occurring in the future.

18. 

Insider Threat Detection: Personnel who are allocated access to confidential data and further make use of this access to transfer since the sensitive information to users outside of the organization that are unauthorize to access the material are referred to as an “internal threat”. Insider threats can be a crippling outcome for organizations, but AI offers the ability to identify and mitigate this risk. Through predictive and behavioral analysis, employees performing actions that are suspicious can be detected. In this way, AI can stop security incidents from occurring.

19. 

Cyber Threat Intelligence: Cyber threat intelligence stands to benefit from AI in several ways including the accumulation, manipulation, and examination of data. AI makes it possible to improve data curation in order to establish confirmation with additional providers. AI can further transform the cyber threat intelligence into a series of defensive steps that can be taken from strategic, tactical, and operational level of cybersecurity. Data can be collected from network security control applications by AI in order to compare this data to information available from elsewhere. It is expected that malware discovery will be enhanced by AI including the ability to classify different variants to an appropriate malware family by identifying some hidden attributes that are not noticed when humans examine the malware sample [16]. The following diagram will illustrate the flow of data from network security controls through AI processing leading to actionable cyber threat intelligence.

5. Conclusions and Future Study

List of Abbreviations

References

1. Murugesan S (2022). The AI-Cybersecurity Nexus: The Good and the Evil. IT Professional, 24(5), September 2022, pp. 4-8. [CrossRef]
2. Tolido R, Thieullent AL, Van der Linden G, Frank A, Delabarre L, Buvat J, Theisler, J, Cherian, S, & Khemka, Y (2019). Reinventing Cybersecurity with Artificial Intelligence. Capgemini. Available via https://www.capgemini.com/wp-content/uploads/2019/07/AI-in-Cybersecurity_Report_20190711_V06.pdf, Accessed: April 22, 2023.
3. Muppidi S, Fisher L, and Parham G (2023). AI and Automation for Cybersecurity: How Leaders Succeed by Uniting Technology and Talent. IBM Institute for Business Value. Available via https://www.ibm.com/downloads/cas/9NGZA7GK, Accessed: April 22, 2023.
4. Zeadally S, Adi E, Baig Z, & Khan IA (2020). Harnessing Artificial Intelligence Capabilities to Improve Cybersecurity. IEEE Access, vol. 8, pp. 23817-23837. [CrossRef]
5. Zid B, Zid I, Lou X, and Waedt K (2023). Consideration of Artificial Intelligence for Cybersecurity Aspects of I&C Systems. ICONS-318, Feb. 2023. Available: https://conferences.iaea.org/event/181/contributions/15703/attachments/8560/11392/ICONS-318.pdf, Accessed: April 22, 2023.
6. Fortinet (2020). Help Wanted: Next-generation AI for the Emerging Threat Landscape AI-based Threat Detection and Response Can Relieve Overwhelmed Security Staff While Mitigating Risk. FORTINET, Feb. 2020. Available via https://www.fortinet.com/content/dam/fortinet/assets/white-papers/wp-next-generation-ai.pdf, Accessed: Apr. 22, 2023.
7. Iqbal A & Malik M (2023). Deep Learning and Artificial Intelligence Framework to Improve the Cyber Security. Available via https://www.researchgate.net/publication/368821713_Deep_Learning_and_Artificial_Intelligence_Framework_to_Improve_the_Cyber_Security, Accessed: Apr. 22, 2023.
8. Bezombes P, Brunessaux S, & Cadzow S (2023). Cybersecurity of AI and Standardisation. ENISA, Mar. 2023. Available via https://www.enisa.europa.eu/publications/cybersecurity-of-ai-and-standardisation/@@download/fullReport, Accessed: Apr. 22, 2023.
9. Darraj E, Sample C, & Justice C (2019). Artificial Intelligence Cybersecurity Framework: Preparing for the Here and now With AI. European Conference on Cyber Warfare and Security, pp. 132-141,XIII, 2019. Available via https://www.proquest.com/conference-papers-proceedings/artificial-intelligence-cybersecurity-framework/docview/2261017088/se-2/, Accessed: Apr. 22, 2023.
10. Townsend K (2023). Cyber Insights 2023 | Artificial Intelligence. SecurityWeek. Available via https://www.securityweek.com/cyber-insights-2023-artificial-intelligence/, Accessed: Apr. 22, 2023.
11. Booz Allen Hamilton (2021). Cyber and AI: 2021 Technology Spotlight. Booz Allen. Available: https://www.boozallen.com/content/dam/boozallen_site/sig/pdf/white-paper/cyber-and-ai.pdf, Accessed: April 22, 2023.
12. Johnson A & Grumbling Y (2019). Implications of Artificial Intelligence for Cybersecurity. National Academies Press, Washington DC, 2019. [CrossRef]
13. Krasser S, Kantchelian A, & Baggett D (2019). Currently Deployed Artificial Intelligence and Machine Learning Tools for Cyber Defense Operations. In 2019 Artificial Intelligence and Cybersecurity Operations at NAP.edu. National Academies Press, 2019, pp. 22-28. Available via https://nap.nationalacademies.org/read/25488/chapter/4, Accessed: Apr. 22, 2023.
14. PricewaterhouseCoopers (2023). Balancing Power and Protection: AI in Cybersecurity and Cybersecurity in AI - PwC Middle East. PwC. Available via https://www.pwc.com/m1/en/publications/documents/pwc-balancing-power-protection-ai-cybersecurity.pdf, Accessed: Apr. 22, 2023.
15. Sagar SB, Niranjan S, Kashyap N, & Sachin DN (2019). Providing Cyber Security using Artificial Intelligence – A survey. In 2019 3rd International Conference on Computing Methodologies and Communication (ICCMC), Erode, India,, pp. 717-720. [CrossRef]
16. Vähäkainu P, & Lehto M (2019). Artificial Intelligence in the Cyber Security Environment. ResearchGate. Dec. 2019. Available via https://www.researchgate.net/publication/338223306_Artificial_intelligence_in_the_cyber_security_environment_Artificial_intelligence_in_the_cyber_security_environment, Accessed: Apr. 22, 2023.
17. Belani G (2022). The Use of Artificial Intelligence in Cybersecurity: A Review. IEEE COMPUTER SOCIETY. Available via https://www.computer.org/publications/tech-news/trends/the-use-of-artificial-intelligence-in-cybersecurity/, Accessed: Apr. 22, 2023.
18. Columbus L (2019). 10 Ways AI And Machine Learning Are Improving Endpoint Security. Forbes. Available via https://www.forbes.com/sites/louiscolumbus/2019/09/25/10-ways-ai-and-machine-learning-are-improving-endpoint-security/?sh=4ca87ee62db0, Accessed: Apr. 22, 2023.
19. Sibanda I (2022). Why Artificial Intelligence Is the Future of Cybersecurity. Impact Networking. Available via https://www.impactmybiz.com/blog/ai-and-cybersecurity-future/, Accessed: Apr. 22, 2023.
20. The Hacker News (2023). How to Use AI in Cybersecurity and Avoid Being Trapped. The Hacker News. Available via https://thehackernews.com/2023/02/how-to-use-ai-in-cybersecurity-and.html/, Accessed: Apr. 22, 2023.
21. Korolov M (2022). Top Three Use Cases for AI in Cybersecurity. Data Center Knowledge. Available via https://www.datacenterknowledge.com/security/top-three-use-cases-ai-cybersecurity, Accessed: Apr. 22, 2023.
22. Holdeman E (2023). Cybersecurity: The Benefits and Threats of AI Technology. GovTech, Available via https://www.govtech.com/em/emergency-blogs/disaster-zone/cybersecurity-the-benefits-and-threats-of-ai-technology/, Accessed: Apr. 22, 2023.
23. Gray L (2021). 5 Interesting Applications of AI in Cyber Security in 2023. OnlineCourseing. Available via https://onlinecourseing.com/ai-on-security/, Accessed: Apr. 22, 2023.
24. Fortra’s TS (2023). AI in Cyber Security: Pros and Cons | Terranova Security. terranovasecurity.com. Available via https://terranovasecurity.com/ai-in-cyber-security/, Accessed: Apr. 22, 2023.
25. Prakash M (2023). AI in Cyber Security: Use Cases, Advantages. www.knowledgehut.com. Available via https://www.knowledgehut.com/blog/security/ai-in-cyber-security/, Accessed: Apr. 22, 2023.
26. Columbus L (2023). Experts predict how AI will energize cybersecurity in 2023 and beyond. VentureBeat. Available via https://venturebeat.com/security/experts-predict-how-ai-will-energize-cybersecurity-in-2023-and-beyond/, Accessed: Apr. 22, 2023.
27. Kangas S (2022). Why AI is the key to developing cutting-edge cybersecurity?. World Economic Forum. Available via https://www.weforum.org/agenda/2022/07/why-ai-is-the-key-to-cutting-edge-cybersecurity/, Accessed: Apr. 22, 2023.
28. Newman J (2022). Artificial Intelligence in Cybersecurity: Use Cases & Future. www.itransition.com. Available via https://www.itransition.com/ai/cyber-security/, Accessed: Apr. 22, 2023.
29. Kaspersky (2020). AI and Machine Learning in Cybersecurity - How They Will Shape the Future. www.kaspersky.com. Available via https://www.kaspersky.com/resource-center/definitions/ai-cybersecurity/, Accessed: Apr. 22, 2023.
30. Joshi K (2022). How AI is Changing Cybersecurity: New Threats & Opportunities. Emeritus Online Courses. Available via https://emeritus.org/blog/cybersecurity-how-ai-is-changing-cybersecurity/, Accessed: Apr. 22, 2023.
31. BlackBerry (2023). Artificial Intelligence (AI) for Cybersecurity. www.blackberry.com. Available via https://www.blackberry.com/us/en/solutions/endpoint-security/cybersecurity-ai#kinds/, Accessed: Apr. 22, 2023.
32. Ravichandran H (2023). Council Post: How AI Is Disrupting And Transforming The Cybersecurity Landscape. Forbes. Available via https://www.forbes.com/sites/forbestechcouncil/2023/03/15/how-ai-is-disrupting-and-transforming-the-cybersecurity-landscape/?sh=278f0b064683/, Accessed: Apr. 22, 2023.
33. Rathnayake D (2022). Artificial Intelligence, a new chapter for Cybersecurity?. TripWire. Available via https://www.tripwire.com/state-of-security/artificial-intelligence-new-chapter-cybersecurity/, Accessed: Apr. 22, 2023.