Application of artificial intelligence technologies in information security | Статья в журнале «Молодой ученый»

Отправьте статью сегодня! Журнал выйдет 28 декабря, печатный экземпляр отправим 1 января.

Опубликовать статью в журнале

Автор:

Научный руководитель:

Рубрика: Информационные технологии

Опубликовано в Молодой учёный №8 (507) февраль 2024 г.

Дата публикации: 23.02.2024

Статья просмотрена: 33 раза

Библиографическое описание:

Мещеряков, А. О. Application of artificial intelligence technologies in information security / А. О. Мещеряков. — Текст : непосредственный // Молодой ученый. — 2024. — № 8 (507). — С. 1-4. — URL: https://moluch.ru/archive/507/111488/ (дата обращения: 16.12.2024).



This article examines the use of artificial intelligence in the field of information security, identifies the areas of application, weaknesses and strengths of the technology in information security. The classification of products with artificial intelligence technologies and application scenarios is given.

Keywords : artificial intelligence, neural network, information technology, information security.

В данной статье рассмотрено применение искусственного интеллекта в сфере информационной безопасности, определены сферы применения, слабые и сильные стороны применения технологии в информационной безопасности. Приведена классификация продуктов с технологиями искусственного интеллекта и по сценариям применения.

Ключевые слова : искусственный интеллект, нейросеть, информационные технологии, информационная безопасность.

Over the past few years, artificial intelligence has become quite popular in the field of information technology. It is used wherever there is a huge amount of data, where it is necessary to make a forecast of events, automate the process, etc. The sphere of information security was no exception.

Artificial intelligence is a term used to describe powerful technologies based on machine learning.

Sometimes a neural network is perceived as Artificial intelligence. This is partly a correct judgment, since a neural network is one of the approaches for creating artificial intelligence (see also it can also be attributed simply to machine learning), in which the concept of action as in the neural connections in the human brain. Neurons are trained on the basis of information that arrives, and so is the neural network — it learns from a huge array of data, analyzes, erases chains of cause- and-effect relationships and looks for a pattern in them.

But with all the convenience and simplification of processes, many still have doubts about the use of artificial intelligence technologies in a rather specific area such as information security.

Artificial intelligence has such fast learning and development that breakthroughs are made almost every day, so Artificial intelligence application scenarios in IB is quite a lot:

— analysis of various types of data;

— phishing detection;

— spam detection;

— threat forecasting;

— incident response, etc.

The task of the machines is to collect incoming information, scan the traffic, to study incoming gateways, to assess the level of anomalies in the system, identify weaknesses and gaps in the protection system. To do this, he relies on the already existing experience, which he receives by analyzing a large array automatically processed data, which greatly simplifies the search for threats and the assessment of their danger.

The strengths of AI in information security include efficiency and accuracy, because the influence of the human factor in information processing is zero. AI is capable of processing huge amounts of data that cannot be processed manually, which makes it possible to detect a threat in real time.

In addition to improving efficiency and accuracy, AI is able to automate routine information security processes such as:

— analysis of incidents;

— conducting an analysis;

— incident detection and response, etc.

And examples of AI applications that are already being used in the field of information security include the Web Application Firewall, where AI is used to close vulnerabilities in web applications that have already been discovered, as well as Darktrace Uses machine learning to detect threats. Among domestic companies that use AI technologies, Kaspersky Lab can be distinguished in a number of products that use AI to prevent and detect threats. Despite the fact that the main purpose of AI in information security is to enhance security, at the same time, this technology can also be used by hackers. To demonstrate, you can give several examples:

1. AI entered the masses and gained a large share of popularity among ordinary users with the opening of chatGPT. Hackers began to actively use this AI to explore the possibilities of quickly creating hacking tools.ChatGPT is able to write any code, whether it's code for quick hacking, installing a backdoor on an infected computer for various purposes.

2. The events of December 25–30, 2022, when the compromise occurred The PyTorch- nightly machine learning framework is available on the official website with Python libraries. All users (over 2,300) who are currently a period of time, installed the torchtriton library of this framework, and uploaded malicious code to their projects. This became possible because this malicious library had the same name as the original one, which was uploaded to the official repository, while the site had an advantage over other resources, which allowed a sick number of users to download malicious code into their projects.

The prospects for AI in information security are quite large. Of course, AI will not completely replace information security specialists, but it will allow you to perform tasks more efficiently and faster. There will be a qualitative development of the industry, where all processes will be aimed not at maintaining stable operation, but at improvement.

The products of the companies we selected that use behavioral analysis and predictive analytics technologies can be classified in two directions: by functional and technological type and by use scenarios.

Let's list the main types:

— EDR (Endpoint Detection and Response) — detection platforms attacks on workstations, servers, any computer devices (endpoints) and rapid response to them. With the help of AI technologies, products in this category can detect unknown malware, automatically classify threats and respond to them independently by transmitting data to the control center. AI makes decisions based on a common knowledge base accumulated by collecting data from multiple devices. Some products of this type They use AI technologies to mark up data at endpoints and further control their movement in order to identify internal threats.

— NDR (Network Detection and Response) — devices and analytical platforms that detect attacks at the network level and allow you to quickly respond to them. Using the accumulated statistics and database knowledge about threats, products of this type are identified using technology AI threats are in network traffic and can automatically respond to them appropriately by changing the configuration of network devices and gateways. Some of the products of this type specialize in protecting cloud providers and their infrastructure. Additional usage scenario AI in network protection is the analysis of email traffic for phishing.

— UEBA (User and Entity Behavior Analytics) — systems for behavioral analysis of users and information entities. They detect cases of unusual behavior and use them to detect internal and external threats. The main scenario for the use of AI technologies in UEBA—type products is automatic detection anomalies in behavioral models (deviation from the norm or compliance with the threat pattern) for users and various entities of information systems. The identified anomalies are classified by AI as various threats and risks to business. Abnormal behavior can be detected for monitoring and access control purposes, fraud detection among customers or employees (anti- fraud), protection of confidential data, verification of compliance with certain regulations and regulations.

— TIP (Threat Intelligence Platform) —early warning platforms threat detection and response based on a large number of different data (Data Lake) and indicators of compromise (IoC).The use of AI makes it possible to increase the effectiveness of identifying unknown threats at an early stage; the scenario is very similar to the operation of SIEM systems, but it is aimed at external data sources and external threats.

— SIEM (Security Information and Event Management) — solutions that monitor information systems, analyze security events coming from network devices, information security tools, IT services, the infrastructure of systems and applications, and help to detect information security incidents. In systems of this class, a huge amount of data from various sources accumulates, and the use of AI technologies makes it possible to identify anomalies by heuristic methods and reduce false positives when data patterns and models change. The use of AI in SIEM systems allow you to achieve a very high level of automation.

— SOAR (Security Orchestration and Automated Response) — systems, allowing to identify threats to information security and automate incident response. In solutions of this type, unlike SIEM systems, AI helps not only to analyze, but also to automatically respond appropriately to identified threats.

— Application Security tools — systems, allowing you to identify threats to the security of application applications, manage the further cycle of monitoring and eliminating such threats. The main scenario for the use of AI technologies in application protection systems is the automatic collection of information about vulnerabilities, attacks and infections available in open sources, and automation of protective actions based on its results: vulnerability scans, changes in protection rules for web applications, threat detection and changes in the risk model.

— Antifraud — systems that allow you to identify threats in business processes and prevent fraudulent transactions in real time. In fraud protection systems, AI technologies are used to identify deviations from established business processes, thereby helping to quickly respond to possible financial crime or vulnerability of processes. The use of AI in such systems is especially relevant, as it allows you to quickly adapt to changes in the logic and various metrics of business processes, as well as use the best practices in the industry.

Having analyzed all of the above, I would like to note that in our time, when technological progress is not just walking, but flying forward, it is necessary to look for new methods of information protection, one of which is we can also consider AI. But, like all AI technologies, it must be used in a reasonable amount. AI will increase the security of the system, but subject to constant human supervision (an information security specialist).

On the other hand, it carries a danger to the systems, since it can be used for hacking, which will lead to information leakage. Therefore, for the integration of AI into the system security system, a mandatory point will be not only the constant supervision of a specialist over data processing, but also constant checks before implementation, and throughout the entire process of AI operation in the system

References:

1. Применение технологий искусственного интеллекта в информационной безопасности [Электронный ресурс] - URL: https://www.anti-malware.ru/analytics/Technology_Analysis/using-artificial intelligence-technologies-in-information-security#part3 (дата обращения 12.11.2023)

2. Машинное обучение в сфере информационной безопасности — это движение в правильном направлении? [Электронный ресурс] - URL: https://habr.com/ru/companies/infotecs_official/articles/778220/ (дата обращения 12.11.2023)

3. Искусственный интеллект в информационной безопасности [Электронный ресурс] — URL: https://infobezopasnost.ru/blog/articles/iskusstvennyj-intellekt-v-informatsionnoj bezopasnosti/ (дата обращения 12.11.2023)

4. Искусственный интеллект и машинное обучение в кибербезопасности — прогноз на будущее [Электронный ресурс] — URL: https://www.kaspersky.ru/resource-center/definitions/ai-cybersecurity (дата обращения 12.11.2023)

Основные термины (генерируются автоматически): SIEM, URL, информационная безопасность, искусственный интеллект, UEBA, Электронный ресурс, EDR, NDR, SOAR, машинное обучение.


Ключевые слова

information technology, information security, artificial intelligence, neural network

Похожие статьи

Artificial intelligence: concept of neural networks

The present article aims to reveal historical background of a concept «neural networks» and its importance in information technology. The author carried out literature review according to the development of the concept «neural network». As the produc...

Features of management in virtual business environment with the use of informational and communicational technologies

Hypotheses, goals, objectives scientific research conducted, as well as its structure and the main blocks of issues addressed how to systematize the knowledge of the theory of Infocom-management.

The role of teaching technologies in the development of speech and written speech in the English language

This article discusses the formation of language learning skills in the process of learning English to improve independent writing skills of students using information technology and the development of their creative abilities.

The use of modern technologies in a logotherapy center

This article explores the application of modern technologies in the field of speech therapy. Special attention is paid to analyzing the effectiveness and practical significance of technological innovations in speech therapy rooms, as well as their im...

Effective application of pedagogical methods and technologies in music culture classes

This article provides recommendations on the content of the use of advanced, effective, interactive methods and technologies in the lessons of «music culture» in general secondary schools, as well as on the methods of teaching the lesson, the technol...

Modern social and economic terms

Number of new modern social and economic terms is growing fast due to forced development of our society and economic relations. Main aim of the scientific article is to determine and depict distinctive features of modern social and economic terms and...

Use of modern technologies in the foreign language lessons in primary education

This article discusses the use of modern technologies in foreign language lessons in the initial stage of training such as a group work, an educational dialogue, project activities and modern information technologies.

Description of the principles of integral foreign language teaching in the system of continuing education

This article analysis the current state of reforms in the system of higher education, analysis of legal documents on higher education, the work carried out by the state to expand the needs of young people in learning a foreign language.

About some problems of specialized terminology in teaching foreign language

This article considers about the specialized terminology as a special genre of human intellectual activity, fixing the results of cognitive activity and performing an acquaintance with the basic concepts of a particular branch of knowledge. As specia...

The role of emotional intelligence in foreign language classes: fostering growth and connection

The article examines the concept of emotional intelligence in general and the role of learning a foreign language as a way to develop emotional intelligence in particular. The author discusses the importance of emotional intelligence for a modern stu...

Похожие статьи

Artificial intelligence: concept of neural networks

The present article aims to reveal historical background of a concept «neural networks» and its importance in information technology. The author carried out literature review according to the development of the concept «neural network». As the produc...

Features of management in virtual business environment with the use of informational and communicational technologies

Hypotheses, goals, objectives scientific research conducted, as well as its structure and the main blocks of issues addressed how to systematize the knowledge of the theory of Infocom-management.

The role of teaching technologies in the development of speech and written speech in the English language

This article discusses the formation of language learning skills in the process of learning English to improve independent writing skills of students using information technology and the development of their creative abilities.

The use of modern technologies in a logotherapy center

This article explores the application of modern technologies in the field of speech therapy. Special attention is paid to analyzing the effectiveness and practical significance of technological innovations in speech therapy rooms, as well as their im...

Effective application of pedagogical methods and technologies in music culture classes

This article provides recommendations on the content of the use of advanced, effective, interactive methods and technologies in the lessons of «music culture» in general secondary schools, as well as on the methods of teaching the lesson, the technol...

Modern social and economic terms

Number of new modern social and economic terms is growing fast due to forced development of our society and economic relations. Main aim of the scientific article is to determine and depict distinctive features of modern social and economic terms and...

Use of modern technologies in the foreign language lessons in primary education

This article discusses the use of modern technologies in foreign language lessons in the initial stage of training such as a group work, an educational dialogue, project activities and modern information technologies.

Description of the principles of integral foreign language teaching in the system of continuing education

This article analysis the current state of reforms in the system of higher education, analysis of legal documents on higher education, the work carried out by the state to expand the needs of young people in learning a foreign language.

About some problems of specialized terminology in teaching foreign language

This article considers about the specialized terminology as a special genre of human intellectual activity, fixing the results of cognitive activity and performing an acquaintance with the basic concepts of a particular branch of knowledge. As specia...

The role of emotional intelligence in foreign language classes: fostering growth and connection

The article examines the concept of emotional intelligence in general and the role of learning a foreign language as a way to develop emotional intelligence in particular. The author discusses the importance of emotional intelligence for a modern stu...

Задать вопрос