0% found this document useful (0 votes)
25 views4 pages

The Risks and Vulnerabilities of Artificial Intelligence Usage in Information Security

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
25 views4 pages

The Risks and Vulnerabilities of Artificial Intelligence Usage in Information Security

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

2023 International Conference on Computational Science and Computational Intelligence (CSCI)

THE RISKS AND VULNERABILITIES OF


ARTIFICIAL INTELLIGENCE USAGE IN
INFORMATION SECURITY
2023 International Conference on Computational Science and Computational Intelligence (CSCI) | 979-8-3503-6151-3/23/$31.00 ©2023 IEEE | DOI: 10.1109/CSCI62032.2023.00047

Mohammed Mahmoud
Department of Computer Science
University of Jamestown
Jamestown, ND, USA
[email protected]

Abstract—In this paper we will discuss Artificial against risks, ensuring that AI technologies can continue to be
Intelligence, as well as the advantages and challenges it presents an asset, not a liability, in the realm of information security so
with information security. Artificial Intelligence is a long as it is implemented thoughtfully. This comprehensive
transformative force that impacts our daily lives in various exploration highlights the leading role of AI in our modern
forms and technologies. This paper looks at the complex world and the urgency of securing its applications for the
relationship between Artificial Intelligence and information benefit of all.
systems security. The first section explores the fundamental
concepts of AI and its unassuming integration into our everyday II. WHAT IS ARTIFICAL INTELLIGENCE (AI)?
lives, shedding light on the ever-present existence of AI-based
solutions. By inspecting the differences between risks and AI refers to the development of computer systems that can
vulnerabilities, the paper makes clear the importance of perform tasks that often require one or many people to
separating between these terms and proceeds to identify accomplish. These developed computer systems are often
potential threats to server security. created through algorithms and situations which allow
machines to learn from the input data, identifying patterns, and
The remaining part of the paper investigates data mining as adapting from sorting old and newly introduced data [3]. With
an integral aspect of AI's functionality, emphasizing the AI there are three different types that can be created. This AI
importance of robust security measures to maintain security technology includes Machine Learning, Narrow AI, and
against data breaches. Furthermore, it reveals the diverse attack Generative AI.
routes targeting AI systems and highlights the pivotal role of
security in mitigating manipulation and attacks. By offering Machine Learning (ML) is technically a slimmed down
insights into strategies for avoiding vulnerabilities while version of AI but is often still considered AI since machines
harnessing the power of AI, this paper emphasizes the are often programmed to complete tasks that are often
paramount importance of privacy in the context of AI-driven repetitive. AI has become so enhanced that it has become
data collection and utilization. Finally, it presents guidelines for possible to place algorithms and techniques into systems that
businesses to implement monitoring procedures that safeguard will learn from tasks containing data and continue through the
against risks, ensuring that AI technologies remain a benefit process of making decisions without the assistance of human
rather than a liability in the realm of information security. This programming or other specific input. Deep learning often
comprehensive exploration underscores the pivotal role of AI in correlates with ML that creates a similar human brain neural
modern society and the imperative to secure its applications for network that can complete even more complex tasks. For
the benefit of all. instance, Chat GPT uses ML to develop responses and habits
from human developed prompts [3].
Keywords—Artificial Intelligence (AI), information security,
risks, vulnerabilities, threats, security, cybersecurity, data mining, Narrow AI tends to be limited and could be things like
data breaches, attack, privacy. voice assistants, image recognition, and self – driving
automotive vehicles. These are often heavily developed
I. INTRODUCTION programs that react to certain tasks that are fed into the system
In today's tech-driven world, Artificial Intelligence (AI) is that the programs go through to solve the given task [3]. This
a game-changer that impacts our daily lives in immeasurable type of AI does not typically learn much from previous inputs
ways. This paper dives into the intricate relationship between to help with future tasks.
AI and information security, shedding light on its complex
Generative AI tends to be more of a creative tool that
impact. To begin, we will uncover how AI weaves itself into
creates and generates new content such as images, text, audio,
our routines through everyday AI-based solutions, and we will
and sometimes even videos that can mimic or develop their
clarify the difference between risks and vulnerabilities,
own ideas. This type of AI often learns from training models
emphasizing the importance of making this distinction while
in which it identifies the content and patterns within the data.
pinpointing potential threats to server security.
With the patterns it finds, responses are generated through the
Next, we will explore the essential role of data mining in knowledge it gains to make new content that resembles
AI, stressing the need for robust security measures to defend specific patterns or ideas from the models [3].
against data breaches. We will also reveal the numerous ways
AI systems can come under attack and underscore the pivotal III. CYBERSECURITY AND ITS DETAILS
role of security in preventing manipulation and breaches. By To determine the potential risks of cybersecurity, it is
providing practical strategies to avoid vulnerabilities while crucial to understand what cybersecurity is in the first place.
harnessing the potential of AI, this paper underscores the Cybersecurity is often the practice of defending anything
critical importance of privacy in the context of AI-driven data computer related like computers, servers, mobile devices, etc.
collection and usage. Lastly, we will offer guidelines for from malicious attacks [9], threats, damages, or unauthorized
businesses to implement monitoring procedures that protect

2769-5654/23/$31.00 ©2023 IEEE 266


DOI 10.1109/CSCI62032.2023.00047
Authorized licensed use limited to: Universidad Industrial de Santander. Downloaded on October 16,2024 at 03:04:29 UTC from IEEE Xplore. Restrictions apply.
access. Cybersecurity often refers to the set of tools, practices, branch of new problems, including legal and ethical policies
and guidelines to protect the systems in need of protection. being corrupted.
Overall, cybersecurity tends to typically concern itself with
understanding the threats and attacks that can come from VII. HOW VULNERABLE ARE AI-BASED SECURITY SYSTEMS
malicious intent then developing practices to prevent and TO ATTACKS AND MANIPULATION?
protect from said attacks [1]. Different AI-based security systems [12][13] are
susceptible to a variety of attacks and manipulation. Physical
IV. TYPES OF SECURITY RISKS objects, data poisoning, model replication, and exploitation of
Security Risks for Systems like computers, servers, software flaws are a few ways that AI is being attacked. These
mobiles, etc. can often develop anywhere. Often, most of the methods can manipulate the AI system into believing
threats involved with cybersecurity are easily detectable or something that is false. From a security standpoint, that is a
easily stoppable. You could place these threats into two huge risk and as AI becomes more common in critical security
distinct groups: the software/code-based types, and personal roles, the vulnerabilities increase.
interaction. Either way these threats, depending on what is at
risk, are still profoundly serious and can have major AI-based security systems do have options to help lessen
repercussions [1]. the vulnerability, from extensive development from within a
company's own development to relinquishing the process to a
Your code/software-based threats include malware, company that focuses directly on AI-based development
ransomware, backdoor, malicious bots, denial of service security systems [14]. These companies tend to have more
(DoS), and computer viruses. Overall, these types of attacks than 20,000 AI experts that can format a system specifically
tend to be created by humans, but are often coded or for a company’s use. These companies often have AI that
programed to trap someone within to gain access to private optimizes analyst time through accelerating threat detection,
and valuable information. Granted the people behind the protecting user identity and information, all while keeping
attacks are still in control of the scenario, they often have a set cybersecurity informed and in charge [2]. Sourcing the AI side
goal in mind with their software or program. of a security system can help relinquish time from an area and
place it into another that could use significant improvements.
The personal interaction types of threats often come from
This can help reduce company costs and optimize productivity
people gaining access to information through personal ways.
within the workplace.
This can be from threats like social engineering, phishing,
cryptographic attacks, insider threats, hacking, or something VIII. WHAT ARE THE POTENTIAL PRIVACY RISKS ASSOCIATED
like data breaches. These tend to be done by the person WITH AI-DRIVEN SECURITY SYSTEMS?
specifically, looking through software to gain access or
convincing certain people to leak information that would There are a variety of security risks involved with AI
make the company or program vulnerable from attacks. security systems [4]. From people stealing your information
to people being able to use that information to create havoc in
V. HOW DO YOU CLASSIFY A RISK OR A VULNERABILITY IN everyday life. With AI being used for everything, people can
INFORMATION SYSTEMS? be tracked, and eventually studied in multiple ways since their
data can be placed in a database to find out everything about
To understand the differences between risks and
you. Even if people try to limit their interactions with AI, it is
vulnerabilities [10][11], you must know the meaning of each
found everywhere making it possible for data like social,
first, and then identify potential threats to the server. A
common, and personal to be managed and potentially leaked
vulnerability is a weakness in your system or practices. A risk
to the public.
is the likelihood that someone will exploit that vulnerability to
harm your information or organization. These could include IX. HOW CAN ORGANIZATIONS ENSURE THE ETHICAL USE OF
natural disasters like floods and earthquakes, human threats AI TO AVOID REPUTATIONAL AND LEGAL RISKS?
like data breaches and insider threats, or technical threats like
software vulnerabilities and hardware failures. As it is There are a few things that an organization can do to
commonly known, the system risk analysis chart can help ensure the ethical use of AI information security to avoid
dictate your highest impact and likelihood for data reputational and legal risks [15-17]. As with any aspect of a
maintenance. It is also worth knowing what data needs more business (or any other group), you need to set out guidelines.
precautions and prioritization. Names and public information To do this well, make sure the rules and expectations are clear
may be considered less sensitive, and not need many layers of and explicit. This will help the organization remain
firewalls and security. While Social Security Numbers accountable and value privacy. Additionally, an organization
(SSNs), medical history, or phone numbers will need much must implement monitoring procedures. This monitoring
more extensive security walls and password authentication process should be continuous to keep up with an ever-
factors. changing digital world. Through proper measures, like means
to detect unethical behavior, an organization can avoid any
VI. COULD BIG DATA MINERS CAUSE A LEAK OF PERSONAL negative results when using AI.
OR BUSINESS DATA?
X. WHAT SECURITY AWARENESS TRAINING CAN AN
Big Data mines can cause a potential leak of personal or ORGANIZATION OR GOVERNMENT BODY IMPLEMENT TO
business data. Mining involves collecting and analyzing large MAINTAIN INFORMATION SYSTEMS?
volumes of data, which can include sensitive information. If
proper data security measures are not in place, or if there are Organizations and governing bodies can implement
vulnerabilities in their systems, it is possible for data miners several security awareness training courses into their policy
to inadvertently or maliciously expose or leak this data, manuals for employees, contractors, and partners to adhere to.
leading to privacy and security breaches. This could open a First, password security is a common safeguard to administer;
enforcing members to change passwords every 180 days is

267

Authorized licensed use limited to: Universidad Industrial de Santander. Downloaded on October 16,2024 at 03:04:29 UTC from IEEE Xplore. Restrictions apply.
common, as well as an organization-wide two-factor response. Traditional incident response processes often
authentication system. Second, device security instructs involve manual, time-consuming tasks that can be a
employees to secure their devices with regular software bottleneck when timely action is required. AI brings a
updates and antivirus protection. For example, at the transformative solution by automating the tedious aspects of
University of Jamestown, faculty are required to change incident response, enabling organizations to respond with
passwords often, avoid using duplicate passwords, as well as agility and efficiency. An article from the Global
using DUO mobile for authentication. The employee Cybersecurity Association tells us that in incident response,
handbook also includes, “Employees of the University have AI can efficiently automate tasks like “gathering information,
no legitimate expectation of privacy in the University’s identifying affected systems, and notifying stakeholders” [5].
computer system.,” meaning all the information withheld in
the members devices are surveilled to uphold the policies. As highlighted by the cybersecurity company SISA,
Third, regular training updates keep employees informed "Automating the Incident Response (IR) process with AI
about evolving cybersecurity threats and trends. The U.S. makes it way easier to resolve more incidents at greater speed,
Department of Health and Human Services provides less time, and of course, with automation, it's less effort for the
cybersecurity awareness and role based training courses for team members” [6]. The integration of AI in incident response
is a force multiplier for security teams, providing them with
anyone to take to keep their awareness of potential threats on
high alert. Different organizations will have different the ability to analyze vast amounts of data rapidly, identify
structures, but it would be useful to take a cybersecurity and patterns, and respond to threats proactively.
phishing training session. Lastly, although AI is not a recent One significant advantage of AI in incident response is its
technology, many groups have no grasp on how to identify its capability to detect and respond to cyber threats in real-time.
use from humans’ work. Companies like CYBR host AI Traditional methods often rely on pre-defined rules and
security and phishing attack simulations for employers to signatures, which may not be agile enough to adapt to
“strengthen security culture” and train employees to identify evolving attack techniques. AI, particularly ML algorithms,
and report attacks. can continuously learn from new data and adapt to emerging
threats, making them a valuable asset in staying ahead of cyber
XI. WHAT DATA ENCRYPTION AND PRIVACY TOOLS COULD adversaries.
BE IMPLEMENTED WHEN USING AI IN INFORMATION
SECURITY? Moreover, AI can play a crucial role in threat intelligence,
helping security teams stay informed about the latest cyber
When using AI in Information Security, it is important to threats and vulnerabilities. By analyzing large datasets from
consider data encryption and privacy rules with implemented various sources, AI systems can provide actionable insights,
encryption protocols to protect sensitive data in transit and at allowing organizations to fortify their defenses against
rest. The Advanced Encryption Standard (AES) is the industry potential exploits before they can be leveraged by attackers.
standard for data encryption, using three sets of cryptographic
algorithms, or ciphers, to encrypt and decrypt a block of In conclusion, integrating AI into incident response is not
messages. These sets range from 128-bit, 192-bit, and 256-bit just a modernization of processes; it is a strategic imperative
ciphers, and a secret key, to cover the information embedded. in the face of an ever-evolving cyber threat landscape. As
IBM Security Guardium is a data security platform that uses organizations continue to grapple with the inevitability of
AES-256 and is ranked the leading system four years in a row. cyber-attacks, leveraging AI empowers them to respond
It ensures compliance with privacy regulations and standards effectively, mitigate risks, and safeguard critical assets in an
when handling organization personnel information. Another era where time is a critical factor in the battle against cyber
important protocol to uphold is the data lifecycle management threats.
of each department. Reduce the volume of sensitive
information when creating data necessary for business XIII. HOW CAN AI BE USED TO MAKE AUDITING BOTH MORE
purposes, this minimizes potential risks and ensures SECURE AND MORE EFFICIENT?
compliance of regulations. Conduct regular audits of data The integration of AI into security auditing processes can
access, modifications, and usage; all information must trail revolutionize how organizations assess and enhance their
back to a team member and device. Establish regular data security postures. According to the IT Briefcase, "Because AI
backup procedures to mitigate data loss due to deletion or tools can ingest, analyze, and spot patterns in vast amounts of
corruption and test data recovery processes. Adhering to these data, they enable auditors to test more thoroughly and
basic rules can enhance security and privacy when integrating efficiently” [7]. This capability enables auditors to conduct
AI into organization practices. more thorough and efficient security tests, addressing the
challenge of dealing with substantial amounts of data in
XII. AI AS A PART OF INCIDENT RESPONSE traditional auditing processes.
We live in a world that evolves and moves faster than we
AI-driven auditing goes beyond periodic assessments by
can keep up with. There is perhaps no industry impacted more
enabling continuous monitoring of the IT environment. ML
by response time than cybersecurity. The fact of the matter is
algorithms allow for adaptive analysis, ensuring that audits
that bad people will inevitably engage in malicious activities
remain effective in the face of evolving cyber threats.
despite the safeguards we implement to protect against them.
It is nearly impossible to prevent a cyber-attack with 100 Furthermore, AI's proficiency in pattern recognition
certainty. That means that such attacks are a matter of 'when,' enhances security auditing by identifying deviations from
not 'if,' for most organizations. To properly defend against normal patterns in user behavior, network traffic, and system
these attacks, time is of the essence. activities. This proactive approach to anomaly detection
In the dynamic landscape of cybersecurity, leveraging AI streamlines the identification of potential security breaches
has emerged as a strategic approach to enhancing incident and policy violations. The website Nanonets says “By
producing detailed reports on suspicious activities, AI audit

268

Authorized licensed use limited to: Universidad Industrial de Santander. Downloaded on October 16,2024 at 03:04:29 UTC from IEEE Xplore. Restrictions apply.
software empowers auditors to proactively address financial [7] How AI is Changing the Security Audit Process | IT Briefcase. (n.d.).
misconduct, ensuring greater integrity and compliance” [8]. Retrieved November 23, 2023, from https://www.itbriefcase.net/how-
ai-is-changing-the-security-audit-process#:~:text=AI
In conclusion, the incorporation of AI into security [8] Gopal , L. (2023, August 1). How is Artificial Intelligence Used in
auditing represents a paradigm shift, offering efficiency gains, Auditing? Nanonets AI & Machine Learning Blog.
continuous monitoring capabilities, and adaptive analysis. https://nanonets.com/blog/using-artificial-intelligence-in-audits/
This transformation empowers auditors to conduct more [9] Abdullahi, M., Baashar, Y., Alhussian, H., Alwadain, A., Aziz, N.,
Capretz, L. F., & Abdulkadir, S. J. (2022). Detecting Cybersecurity
comprehensive assessments, respond promptly to security Attacks in Internet of Things Using Artificial Intelligence Methods: A
incidents, and fortify organizations against dynamic Systematic Literature Review. Electronics (Switzerland), 11(2).
cybersecurity challenges. https://doi.org/10.3390/electronics11020198
[10] Dewan, A. M. (2013). Hazards, risk, and vulnerability. Springer
XIV. FUTURE WORK Geography, 9789400758742, 35–74. https://doi.org/10.1007/978-94-
007-5875-9_2
For further research, we believe we could go more in depth
[11] Joern, B. (2007). Risk and vulnerability indicators at different scales:
with describing threats and how they can affect security Applicability, usefulness and policy implications. Environmental
systems. We could also venture into privacy risks that come Hazards, 20p-31p.
with the threats and how they could further impact someone’s [12] Moustafa, N. (2021). A new distributed architecture for evaluating AI-
daily life. Another avenue, would be more details about the based security systems at the edge: Network TON_IoT datasets.
ethical and unethical sides of AI usage where certain ideas Sustainable Cities and Society, 72.
could lead into more, or fewer, legal troubles. https://doi.org/10.1016/j.scs.2021.102994
[13] Bertino, E., Kantarcioglu, M., Akcora, C. G., Samtani, S., Mittal, S., &
REFERENCES Gupta, M. (2021). AI for Security and Security for AI. CODASPY 2021
- Proceedings of the 11th ACM Conference on Data and Application
[1] Tsochev, G., Trifonov, R., Nakov, O., Manolov, S., & Pavlova, G. Security and Privacy, 333–334.
(2020). Cyber security: Threats and Challenges. 2020 International https://doi.org/10.1145/3422337.3450357
Conference Automatics and Informatics, ICAI 2020 - Proceedings.
https://doi.org/10.1109/ICAI50593.2020.9311369 [14] Sarker, I. H., Furhad, M. H., & Nowrozy, R. (2021). AI-Driven
Cybersecurity: An Overview, Security Intelligence Modeling and
[2] “IBM Consulting.” IBM, https://www.ibm.com/consulting Accessed Research Directions. SN Computer Science, 2(3).
22 Nov. 2023. https://doi.org/10.1007/s42979-021-00557-0
[3] “Risks of AI & Cybersecurity: Risks of Artificial Intelligence.” [15] Yu, S., & Carroll, F. (2021). Implications of AI in National Security:
Malwarebytes, 22 Nov. 2023, Understanding the Security Issues and Ethical Challenges. Advanced
https://www.malwarebytes.com/cybersecurity/basics/risks-of-ai-in- Sciences and Technologies for Security Applications, 157–175.
cyber-security https://doi.org/10.1007/978-3-030-88040-8_6
[4] Alhayani, Bilal, et al. “Effectiveness of artificial intelligence [16] Li, X., & Zhang, T. (2017). An exploration on artificial intelligence
techniques against cyber security risks apply of IT industry .” Elsevier application: From security, privacy and ethic perspective. 2017 2nd
, 16 Feb. 2021. IEEE International Conference on Cloud Computing and Big Data
[5] AI in Cybersecurity: Incident Response Automation Opportunities. Analysis, ICCCBDA 2017, 416–420.
(2022, January 9). SISA. https://www.sisainfosec.com/blogs/ai-in- https://doi.org/10.1109/ICCCBDA.2017.7951949
cybersecurity-incident-response-automation-opportunities/ [17] Taddeo, M. (2019). Three Ethical Challenges of Applications of
[6] Admin. (2023, September 22). AI will bring revolution in the Cyber Artificial Intelligence in Cybersecurity. Minds and Machines, 29(2),
Incident Response - GCA. Global Cybersecurity Association (GCA). 187–191. https://doi.org/10.1007/s11023-019-09504-8
https://globalcybersecurityassociation.com/blog/ai-will-bring-
revolution-in-the-cyber-incident-response/

269

Authorized licensed use limited to: Universidad Industrial de Santander. Downloaded on October 16,2024 at 03:04:29 UTC from IEEE Xplore. Restrictions apply.

You might also like