Can artificial intelligence protect us from hackers?

From robotic cars and robotic rescuers, the American research agency Darpa has shifted its focus to robotic hackers.

Agency Darpa, known primarily because it introduced the world to the Internet, from time to time holds competitions for new developments, the purpose of which is to cope with the next "big challenge" of our time.

Competitions are designed to accelerate research in areas requiring priority attention. It was Darpa's ideas that underpinned the serious development of self-driving cars and robots capable of working in disaster zones.

The next step is the Big Cyber ​​Tournament, the purpose of which is to contribute to the creation of software that identifies and eliminates vulnerabilities of other programs before hackers find them and use them.

“At the moment, finding and fixing software vulnerabilities is exclusively human, and it’s a very slow process, ” explains Mike Walker, who leads the Darpa Grand Tournament.

This is a big challenge, he said, due to the complexity of modern software and the fundamental difficulties one computer faces when trying to figure out what another is doing. And this problem was described by the pioneer of computer science Alan Turing.

It was he who predicted that, as the world will be filled with billions of small, interconnected smart machines, there will be a growing need to solve the problem of their mutual understanding.

"The point is that at some point these devices will begin to be used on such a scale that without automation we simply cannot provide effective network protection, " Turing predicted long before the creation of the Internet.

The culmination of the cyber tournament will be this week's Def Con, where seven teams will fight to find out whose hacking program is the best.

How to detonate a Trojan

Of course, automated digital defense systems are not only featured at the Darpa tournament.

Automated virus detection programs are widely used throughout the world.

Symantec's chief technologist, Darren Thomson, said much of antivirus software should be automated simply because attackers have developed a vast array of computer viruses. It is believed that more than 500 million worms, Trojans and other malicious programs have already been launched, and thousands of new ones are emerging every day.

Automated algorithms had to be brought in to the rescue, Thomson explains, because traditional antiviruses were bad at dealing with malware that wasn’t in their database.

"These programs reveal only about 30-40% of all that we protect users from, " the expert explains.

For the rest, cybersecurity companies have always relied on increasingly sophisticated programs to learn to recognize new, unknown viruses using the example of viruses they know.

Algorithms have been added to them that monitor the work of other programs and notify about the danger if something unexpected happens in this work.

Some security systems enclose suspicious programs in a virtual container and use various methods to try to "rip" the malicious code and reveal its intentions.

"We simulate keystrokes and user interaction to convince the virus that it is activated, " says Thomson.

Smart code

The emergence of large amounts of information made it possible to take an important step towards the creation of protection programs that allow intercepting 60-70% of viruses that have gone unnoticed by traditional traditional anti-virus software.

“Learning machines can detect the DNA of viral families, not just individual viruses, ” says Tomer Weingarten, founder and CEO of SentinelOne.

This approach was gleaned from the world of datalogy, or data science, and, according to Wayngarten, has been very successful thanks to the huge database quickly gathered by companies that have begun tracking the behavior of virus-infected computers.

"This is how a large amount of information appeared, and information is repetitive, " the expert explains. "And these are two necessary components for building a very reliable learning algorithm that can distinguish good from bad. If you want to do something harmful, you need to take some steps that will always be different from normal. "

Automating the detection of such abnormal steps is necessary because a person, or even a large group of people, will not be able to identify them quickly enough.

And these learning machines can protect more than just computers.

When it comes to large companies and even governments, cybercriminals seek to infiltrate closed networks in search of tidbits such as customer databases, new product samples, contracts, negotiation details and rates.

This is another situation in which, according to Justin Fire, director of cyber intelligence and cybersecurity company Dark Trace, machines are noticeably ahead of their creators.

"You force a machine to memorize a vast database, and then use high-level computing technology to find a needle in a haystack that shouldn't be there, " Fire explains. "Sometimes a machine can notice a small anomaly that will hide from human eyes."

However, the expert warns, do not delude yourself that the ability of machines to learn is real artificial intelligence.

Of course, this is a step forward, says Fire, but it still takes human intelligence to make a final decision after a machine has noticed something suspicious.

And besides, the ability of machines to learn can be used not only by those involved in defense.

“We had a case when we identified a virus that monitored users and remembered their habits, ” the expert explains. “We can only conclude that this virus was trying to find the most convenient way to extract information without arousing suspicion. machines will start to be used by hackers, the fun will begin. "