Artificial Intelligence in Cybersecurity

Artificial intelligence (AI) isn’t new. The term was first coined in 1956. Even before that, different cultures have always had their own ideas about “robots.” But progress in the area of AI stalled for many years, in part thanks to AI skeptics. We can thank IBM for once again sparking real interest in AI: First in 1997 when the computer Deep Blue defeated a chess champion and again in 2011 when Watson won Jeopardy!

Since then, artificial intelligence hasn’t seemed to slow down. It’s now gone from the technology of science fiction to real-world applications.

AI is now a part of the way modern technology functions on a daily basis, and that includes DNSFilter.

What is artificial intelligence?

Artificial intelligence is when we give a machine the ability to perform tasks that are traditionally done by humans. While that can cover a wide range of applications, the type of artificial intelligence we want to focus on when talking about cybersecurity is related to machine learning.

Machine learning is the method by which an AI learns. An AI will use machine learning to identify patterns and make decisions, with varying degrees of human supervision.

How does artificial intelligence work?

While machine learning can work in a variety of different ways and the steps can be complicated, this is the general process:

• The AI is programmed to perform a task (e.g., detecting malicious websites)
• The AI is given the data necessary to perform its task (e.g., examples of malicious sites and benign sites)
• The AI performs the task it was programmed to do
• The AI is judged on how well it performed that task
• Based on how well it performed the task, the AI comes away with new learnings

A great example of this is an AI tasked to create a picture of a hamburger. It’s given thousands of pictures of cheeseburgers so it understands what a hamburger generally looks like. It then creates a picture of a cheeseburger, repeatedly.

Here’s what it looks like when an AI learns how to make a hamburger:

We’re not joking, none of those were real hamburgers.

Within an AI, there are essentially two brains: The brain that learns and does the work, and the brain that takes in the data and judges the work. These two brains speak to one another after a task is complete (or after a picture of a cheeseburger is generated).

The AI will do whatever it can to make the task it performs closely match the examples it was given.

The part of the AI meant to judge its own work might look at those pictures of hamburgers and recommend making the burgers look a little less messy if it thinks that will make them match the original data better.

AI in action

By embracing artificial intelligence in cybersecurity, companies can improve their systems more rapidly. DNSFilter’s machine learning algorithm allows us to continuously increase the number of malicious sites detected on a daily basis as opposed to relying on static, human-generated lists of malicious sites.

As of January 2020, there were over 1.74 billion websites on the internet. During a three-month period in 2019, 20 million new domains were registered—that’s roughly 217,391 new domains per day.

If you only rely on lists of malicious sites curated by humans, do you think you’d be able to keep up with categorizing 200,000 new domains every day? That’s a job for AI.

Let’s take a look at some of the sites our AI has categorized as deceptive.

⚠️Compromised websites

A website that’s compromised is one that a black hat hacker has taken over. Hackers will take down the original site, stripping out all of its original content, and rebrand the site as their own with a message.

This usually occurs on WordPress sites that are not configured correctly and are easy to infiltrate.

Some of the more famous instances of websites being compromised were done by the group Anonymous, who have vandalized a large number of websites since the late 2000s.

These sites are dangerous because hackers may decide to infect the site with malware or forced downloads that might be transferred to a visitor of the site.

⚠️Credential phishing

Phishing occurs when someone attempts to gain unauthorized access to someone’s account, usually in an effort to steal their money. One of the more common phishing sites hackers set up are pages that mimic a company login page that someone might use daily, like Gmail or Office 365.

In the example above, our AI caught a deceptive page that meant to trick the user into thinking it is their OneDrive account. This method is particularly misleading as not only does the page provide five options for a person to enter personal credentials, but the URL is set up on a Google APIs site. Because this is a legitimate domain, some machine learning algorithms, and certainly many static lists, would miss this deceptive site altogether.

⚠️Templates

If you look closely at the image above, you’ll notice something strange. This isn’t a completed website. This is just a template. If you were able to click on the page, the links don’t go anywhere and the text is just nonsense.

Why is this a problem?

Template sites, or boilerplate sites, are set up to mimic a new webpage and will have some type of malware hidden on a link within the site. You won’t find anything wrong on the homepage of this site, but the deeper you get the more likely you are to stumble onto something malicious.

A human combing through sites might miss that this site is deceptive. Luckily, our well-trained AI caught this one before our customers became affected.

What does this mean for you?

At DNSFilter, we’re regularly training and perfecting our AI to notice new types of deceptive sites that haven’t been reported anywhere else before. We’re creating intelligent systems that protect us from these new threats before your systems are compromised, instead of after. That means we find them first, before our customers.

Find out how you can start relying on artificial intelligence in cybersecurity and start your free trial of DNSFilter today.

‍