The Interweaving of Cybersecurity and Artificial Intelligence

(Published IndRastra Global 22nd Jun 2019)

On September 28, 2018, the Facebook security team disclosed that hackers/criminals had exploited three vulnerabilities in the Facebook site and have managed to steal data of 50 million users [1].

In this article, an effort would be made to acquaint the discerning reader with the fact as to how cybersecurity has now firmly placed itself in the National Security discourse and has attracted emerging technology of artificial intelligence (AI) to strengthen it. It has also been attempted to bring out the interplay between cybersecurity and AI namely; how at first AI was used to keep hackers/criminals/criminals at bay; how the hackers/criminals utilized AI as a countermeasure in breaching cybersecurity; and now how AI is being used to counter AI as the game plays out between cybersecurity engineers and the hackers/criminals and their ilk

The data loss on Facebook through illegal means has occurred in a space that is not physical. It is referred to as ‘cyberspace’ and the crime as ‘cybercrime’ due to the exploitation of vulnerabilities in the ‘cybersecurity’ of the Facebook website. There is a need to define the term cyberspace; however, the term does not have a single agreed-upon definition as yet, as may be clear upon the perusal of the following definitions:

-The word “cyberspace” is said to be coined by William Gibson in his book Neuromancer where he has defined it as, “a consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts… A graphical representation of data abstracted from the banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the non-space of the mind, clusters, and constellations of data.”[2]

-Cambridge dictionary defines it as ‘an electronic system that allows computer users around the world to communicate with each other or to access information for any purpose [3].

-Cyberspace is defined as the interdependent network of information technology infrastructures and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries. Common usage of the term also refers to the virtual environment of information and interactions between people. (DRAFT National Strategy for Trusted Identities in Cyberspace. June 25, 2010) [4].

Damir Rajnovic while writing at Cisco Blogs[5] has provided a consolidated list of various definitions of cyberspace some of them are given below:

-Cyberspace is the virtual space of all IT systems linked at the data level on a global scale. The basis for cyberspace is the Internet as a universal and publicly accessible connection and transport network which can be complemented and further expanded by any number of additional data networks. IT systems in an isolated virtual space are not part of cyberspace. (Germany, Cybersecurity Strategy for Germany, 2011) [6].

-Cyberspace is an interactive domain made up of digital networks that are used to store, modify and communicate information. It includes the internet, but also the other information systems that support our businesses, infrastructure and services. (the United Kingdom, The UK Cybersecurity Strategy, 2011)[7].

The complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form (ISO/IEC 2011)[8].

DamirRajnovic’s analysis of various definitions brings out majoritarian views that; cyberspace contains tangible elements but is virtual; cyberspace includes information whether stored, processed or transmitted; and that internet and networks are not an essential requirement for cyberspace [9].

The National Cybersecurity policy of India observes that ‘the cyberspace today is a common pool used by citizens, businesses, critical information infrastructure, military and governments in a manner that makes it difficult to draw clear boundaries among these different groups. The cyberspace is expected to be more complex in the foreseeable future, with many folds increase in networks and devices connected to it.’[10]

Definitions of some other terms are briefly listed below:


-ISO/IEC 27032 addresses “Cybersecurity” or “the Cyberspace security”, defined as the “preservation of confidentiality, integrity, and availability of information in the Cyberspace” [11].

– The Glossary of Cybersecurity Terms states it as “The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.” And continues to provide an extended definition: “Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompassing the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure” [12].


– An unauthorized user who attempts to or gains access to an information system.


–  A computer hacker whose activity is aimed at promoting a social or political cause.


Dunn in her extensive analysis of Cybersecurity has opined that there are three interrelated discourses, firstly the technical discourse which concerns itself with intrusions into systems and use of malware, the second one is about the cyber-espionage and cyber-crime, and the last one dedicated to the protection of critical infrastructure and cyber-war [15].

The computer and network disruptions are a result of various types of malware which invariably keeps pace with the countermeasures and indicates the sophisticated know-how of the malware designers. The attacker virtually carries out a tailor-made attack after assessing the vulnerabilities of the target, and the motivation could be anything from publicity to harassment to criminal intent. However, a substantial percentage of such attacks, including advanced persistent threat attacks, have not been so sophisticated that they could not be detected or stopped after detection. Christensson has defined Cyber-crime as  ‘a criminal activity done using computers and the Internet’ [16]. It’s an expansive definition which covers all aspects of illegal activities perpetrated using computers and the internet. This definition implicitly includes identity theft and ransom. Techopedia defines cybercrime as “… a crime in which a computer is the object of the crime (hacking, phishing, spamming) or is used as a tool to commit an offense (child pornography, hate crimes).”

Cybercriminals may use computer technology to access personal information, business trade secrets or use the internet for exploitative or malicious purposes. Criminals can also use computers for communication and document or data storage. Criminals who perform these illegal activities are often referred to as hackers/criminals. Cybercrime may also be referred to as computer crime [17].  Digit in their technical guide has listed twelve significant cybercrimes which include, hacking (e.g. SQL injections, cross-site scripting), Virus dissemination, logic bombs, denial of service attacks, phishing, web jacking, email spam and bombing, identity theft, software piracy among others. This implies that any illegal activity; e.g. child pornography, cyber fraud or net extortion; carried out utilizing electronic means is a cybercrime [18].  However, the vagaries of the attribution problem—that is the difficulty in precisely determining those perpetrating a cyber-attack as well as identifying their motivating factors continue to pose a formidable challenge.

Cyberspace component would play a role in future conflicts between nations, but it may not be the only component of the war, it may be better to identify such conflicts as conflicts where in cyberspace component lies on the critical path of events leading to success. Dunn, therefore, cautions against the loose use of the term cyber-war, lest it led to an atmosphere of unnecessary insecurity and tension between states [19].

Is cybersecurity a national security issue?

Some authors like Thomas Rid, argue that cyberwar does not meet the triple criterion of war as is known today, namely; potentially violent, as a means to an end, and being political. He categorically states that no cyber ‘incident’ has ever taken a single life, and never will because of the many obstacles that prevent the possibility of a kinetic effect [20].  On the other hand, New York Times in 2012 has quoted the then-Defense Secretary Leon E. Panetta; concerning destructive capabilities of a cyber-attack; as stating that “cyber-actors launching several attacks on our critical infrastructure at one time, in combination with a physical attack.” Would result as a “cyber-Pearl Harbour that would cause physical destruction and the loss of life, an attack that would paralyze and shock the nation and create a profound new sense of vulnerability.”[21] Irandoost in his essay[22] has extensively analyzed the diametrically opposite views that exist on the possibility of cyberwar and has given a balanced view gleaned from the works of Kristan Stoddart[23]. The view is that when cybersecurity is scrutinized on the technical aspects, it is found that trends and evidence indicate that there is a substantial ‘potential’ for damage from cyber-attacks. Various incidents like the Stuxnet in Iran targeting nuclear enrichment facilities, attack on Estonia in 2007 targeting communications and financial systems, attack on command and control systems in Georgia in 2008, attacks on Sony and Facebook among others leads Irandoost to surmise that there is an increasing trend towards ‘potential’ cyber incidents of a wide-ranging scale, harming nations at a strategic or political level[24].

Malicious cyber activity

The Council of Economic Advisers, in their document ‘The Cost of Malicious Cyber Activity to the U.S. Economy, February 2018’[25]  have brought out that:

-malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.-damages from cyber-attacks and cyber theft may spill over from the initial target to economically linked firms, thereby magnifying the damage to the economy.

-and cyber-attacks against critical infrastructure sectors could be highly damaging to the U.S. economy.

Given the aforesaid, the USA has incorporated cybersecurity as an integral part of its National Security Strategy.

Cybersecurity finds a place in the US’ National Security Strategy

Carlota Garcia Encina in his working paper[26] has carried out a relatively detailed study of the US National Security Strategy 2017 (NSS)[27]. He has brought out that cybersecurity is an essential feature in three of the total four pillars of the NSS. At page 11, NSS heeds the requirement to ‘confront the challenge of terrorists and criminals “going dark” and using secure platforms to evade detection’ and therefore the need to find synergies with the private sector. Under the second pillar, the NSS categorizes China’s actions are as ‘cyber-enabled economic warfare’ (NSS p. 20). Under this pillar, there is an important correlation between cybersecurity and prosperity of the USA. At page 18, NSS stresses that ‘economic and personal transactions are dependent on the “.com world”, and wealth creation depends on a reliable, secure Internet’ this, in turn, would imply that challenges of cybersecurity present a threat to the economic security of the USA.

The third pillar emphasizes the need for investments in rapid response capabilities against cyber-attacks. The NSS brings out that the cyber capabilities of Russia are characterized as ‘destabilizing’ (NSS p. 26) and that ‘through modernized forms of subversive tactics, Russia interferes in the domestic political affairs of countries around the world’[28].

Cybersecurity Trends for 2018.BojanaDobran has compiled predictions in respect of cybersecurity trends for 2018 made by 32 experts in the field [29]. The trends bring out that:

-There is a need to focus on the behavior of the user as the user is the weakest link in the chain. -Inadequate cyber hygiene is being followed by personnel, and they need to be trained and sensitized to cybersecurity aspects. The organizations also have inadequate numbers of cybersecurity personnel.

-There is a requirement to focus on the protection of essential data using data encryption and data security technologies to prevent access to it after a breach occurs. Passwords need to be more secure, or a move towards a password-less future could be made. The storage of data in the cloud needs to be strengthened by regular audits and restricting permissions on cloud resources.

-Organized or state-backed hacking is on the rise.

-The hackers/criminals are already using artificial intelligence tools for malware dissemination and data retrieval. Ransomware attacks utilize the latest technologies. Identity thefts and personal information continue to have massive demand in the black market.

Data Breaches in 2018

Some of the significant breaches compiled by Barkly include that of Exactis, a marketing and data aggregation firm based in Florida; it had left a database exposed on a publicly accessible server leading to the breaching of 340 million records in June 2018. In March 2018, Under Armour realized that hackers/criminals had gained unauthorized access to MyFitnessPal, and 150 million records were breached about users’ diet and exercise. 92 million records of genealogy platform MyHeritage were found on a private server in June 2018. In April 2018 Facebook intimated 87 million members that their data had been shared [30], besides as already indicated elsewhere Facebook has had a breach of data pertaining to 50 million users, at the end of September 2018.

Artificial Intelligence (AI)

Artificial intelligence has not yet been defined in a manner which is globally acceptable. Some of the definitions are:

– “The branch of computer science that is concerned with the automation of intelligent behavior” [31].

-“The art of creating machines that perform functions requiring intelligence when performed by people” [32].

– “The study of how to make computers do things at which, at the moment, people are better” [33].

– “The study of mental faculties through the use of computational models” [34].

The various applications of AI include speech recognition, natural language processing, expert systems, neural networks, intelligent robotics, gaming, and 3D vision. However, the current developments are primarily based on Machine learning (ML). ML has evolved from the study of computational learning theory, pattern recognition, and artificial intelligence. It is a subfield of computer science [35].  It was defined in 1959 by Arthur Samuel as a “Field of study that gives computers the ability to learn without being explicitly programmed”. Machine learning (ML) relies upon utilizing algorithm constructions to perform predictive analysis of data [36]. Machine learning tasks fall in to three basic categories namely [37]; Supervised learning is one in which the computer is presented with example inputs and their desired outputs, and the goal is to learn a general rule that maps inputs to outputs; Unsupervised learning is one where no labels are given to the learning algorithm, leaving it on its own to find structure in its input; and Reinforcement learning is one where a computer program interacts with a dynamic environment in which it must perform a specific goal [38].

AI and National Security

AI finds mention in the US National Security Strategy 2017 under ‘Information Statecraft’ (NSS pg. 34-35) as ‘Risks to US national security will grow as competitors integrate information derived from personal and commercial sources with intelligence collection and data analytic capabilities based on AI and machine learning’.  In April 2017, an Algorithmic Warfare Cross-Functional Team (AWCFT) was established to accelerate the US Department of Defense (DoD)’s integration of big data and machine learning. The aim is to turn extensive data available with DoD into intelligence which can be actioned upon rapidly [40].

The Interweaving of Cybersecurity and Artificial Intelligence

The rapid advances in AI and their commercial accessibility have ensured that AI and cybersecurity have got interwoven at various levels. AI is being used to reinforce cybersecurity, on the other hand, the hackers/criminals are using AI to break through traditional cybersecurity systems. Also, recently AI has been seen to be used by hackers/criminals to counter the AI secured cyber systems. In the following section, an overview of all three types of cases would be presented for better appreciation.

AI in aid of cybersecurity/defense

AI utilizes a large number of concepts like Machine Learning, Fuzzy Logic Control Systems, and Artificial Neural Networks (ANNs), among others. each of which singly or in combination are theoretically amenable for designing an efficient cyber-defense system. The designed AI cyber defense system should proficiently monitor the network in real time and must be aware of all the activities that are being carried out by the network. The system should be able to heal and protect itself. It should have self-diagnostic capabilities and sufficient inbuilt redundancies to function satisfactorily for a specified period [41].

Horowitz, Allen et al.  in their report ‘Artificial Intelligence and International Security’ for the Center for a New American Security have discussed in brief about the areas where AI is found to be strengthening the cybersecurity aspects, and these are being brought out in the next couple of paragraphs [42]. Defense Innovation Unit Experimental (DIUx) launched a project called VOLTRON to harness commercial technologies and breakthrough artificial intelligence to detect and patch previously unknown vulnerabilities in DoD weapon systems. Companies were required to respond to a single-sentence solicitation: “The Department of Defense (DoD) is interested in systems to automatically find previously unreported vulnerabilities in software without source code and automatically generate patches to remediate vulnerabilities with minimal false positives.” Within a year the DIUx has awarded contracts to four companies, and their tools are being prototyped in the US Armed Forces [43].

Using AI to Discover New Cyber Vulnerabilities and Attack Vectors

AI/ML is being utilized to predict locations in files which are likely to be susceptible to a mutated malware based upon learning from previous attacks. For discovering security vulnerabilities, adversarial networks and neural networks techniques have been demonstrated to forecast which types of inputs could breach the system.

AI is also being utilized to verify, test, validate and secure existing vulnerabilities like SQL injection which have not been remedied using traditional techniques.

Machine learning can be applied to cybersecurity under supervised and unsupervised categories. Under the supervised category, ML has made a significant difference in cases where a large amount of ‘good’ labeled data is available and hardly any progress where such data is unavailable. In the unsupervised learning case, approaches like association, clustering and dimensionality reduction can be utilized for easier analysis of large data sets. However, this type of learning has limited use when tasked to detect ‘attacks or anomalies’ [44].

Bruce Schneier has forecast some of the capabilities that the AI could acquire in the near future these include; discovering new vulnerabilities in systems for patching and exploiting by defensive and offensive systems; reacting and adapting to adversary’s actions; and Identifying strategic and tactical trends from large datasets and using those trends to adapt attack and defines tactics [45].

Use of AI by Hackers/criminals to breach cybersecurity

HP’s 2018 Cybersecurity Guide: ‘Hackers/criminals and defenders harness design and machine learning’ has brought out that every day 6 million to 11 million new malware infections are recorded on computers which run a single antivirus software running just one type of antivirus software.6 About 700 phishing attacks are launched for a scammer to steal personal data or gain access to a business network, and a new malware specimen emerges on the Internet about every four seconds [46]. Sochenda Huang has forecasted that a single hacker would be able to use AI to anonymously program a large-scale attack on billions of machines, from the comfort of his/her own home. He further states that the use of AI in hacking would be to multiply the effect of an attack by enabling hitting on more targets in a lesser amount of time. With the easy availability of AI coding could be put to malicious use as machines instead of humans would do it [47]. AI technology can increase the efficiency of social engineering attacks by the potential to automating target customization and matching targeting data to the phishing message [48].

Adversarial examples

Adversarial examples are inputs to machine learning models that an attacker has intentionally designed to cause the model to make a mistake. Adversarial examples show that many modern machine learning algorithms can be broken in surprising ways. These failures of machine learning demonstrate that even simple algorithms can behave very differently from what their designers intended [49]. Security engineers are regularly using statistical machine learning. However, the intelligent attackers attempt to ensure that machine language algorithms fail by using deceptive tactics akin to optical illusions to trick them into misbehaving. The winning of the game, therefore, lies in how well the moves of the adversary can be anticipated. To counter this step of the adversary, ‘adversarial machine learning’ is the design of machine learning algorithms such that they can thwart these refined attacks and study the capabilities and shortcomings of attackers [50].


In this article, an attempt was made to acquaint the reader as to how the cybersecurity arena has now moved from the developer’s regime to become a National Security issue especially since the cybersecurity breaches being experienced today have assumed humongous proportions and there also appear to be state-backed cyber-attacks carried out to cripple the critical infrastructure of nations. The discussions also bring out that cybersecurity is not only keeping pace with emerging technologies like AI, it is also putting a strong demand upon them to innovate and develop applications to make cybersecurity stronger. Since this is playing out in the commercial domain, it is not surprising to note that the hackers/criminals and their ilk are also keeping pace with such developments and are devising matching countermeasures using the same emerging technologies. The development mentioned above has led to a situation wherein it is observed that AI has not only strengthened cybersecurity but has got interwoven with cybersecurity at various levels so much so that it now finds a place, albeit a tiny one, in the National Security discourse. Since AI is in its infancy as of now, it would be interesting to see the future developments in this field.


[1]  Swati Khandelwal. Facebook Hacked — 10 Important Updates You Need to Know About. The Hacker News. 28 Sep 2018. [Accessed: 30 Sep 2018].

[2] Tech Terms. [Accessed: 25 Sep 2018].

[3] Cambridge Dictionary. [Accessed: 25 Sep 2018].

[4] DRAFT National Strategy for Trusted Identities in Cyberspace. June 25, 2010. 20 Sep 2018].

[5] DamirRajnovic. Cyberspace – What is it? Cisco Blogs. 26, July 2012 [Accessed: 10 Sep 2018].

[6] Germany, “Cybersecurity Strategy for Germany.” Feb-2011. [Accessed: 18 Sep 2018].

[7] United Kingdom, “The UK Cybersecurity Strategy.” Nov-2011.

Click to access uk-cyber-security-strategy-final.pdf

[Accessed: 18 Sep 2018].

[8] ISO/IEC, “ISO/IEC FCD 27032 – Information technology — Security techniques — Guidelines for cybersecurity,” Oct-2011. [Accessed: 25 Sep 2018].

[9] 5 ibid.

[10] National Cybersecurity Policy -2013. The Ministry of Electronics and Information Technology (MeitY) Government of India. 25 Sep 2018].

[11] ISO/IEC 27032:2012 — Information technology — Security techniques — Guidelines for cybersecurity. 20 Sep 2018].

[12]Glossary of Cybersecurity Terms. Scott 25 Sep 2018].

[13] 12 ibid.

[14] 12 ibid.

[15] Dunn Cavelty, M.Cyber-Security. Contemporary Security Studies, Allan Collins, ed., Oxford University Press, 2012 (Textbook entry). 15 Sep 2018].

[16] Christensson Per. “Cybercrime Definition.”TechTerms. (2006). Oct 1, 2018].

[17] Techopedia. 25 Sep 2018].

[18] Digit. 25 Sep 2018].

[19] 15 ibid.

[20] Rid, T., 2012. Cyber War Will Not Take Place. Journal of Strategic Studies, Vol 35, Issue1, 2012 pp. 5-32.

[21] Miller, E. B. & Shanker, T., Panetta Warns of Dire Threat of Cyber-attack on U.S. New York Times. 25 Sep 2018].

[22] Daniele HadiIrandoost. Cybersecurity: A National Security Issue? E-International Relations Students. May 3, 2018. 15 Sep 2018].

[23] Stoddart, K., Live Free or Die Hard: U.S.–UK Cybersecurity Policies. Political Science Quarterly, 131(4) 2016, pp. 803-842.

[24] Stoddart, K., UK Cybersecurity and Critical National Infrastructure Protection. Political Science Quarterly, 131(4) 2016, pp. 803-842.

[25] 8 ibid.

[26] The Council of Economic Advisers, The Cost of Malicious Cyber Activity to the U.S. Economy. February 2018. 25 Sep 2018].

[27] Carlota GarcíaEncina. The Trump Administration’s National Security Strategy. Working Paper 14/2018 – 13/7/2018. Real Instituto Elcano. 10 Sep 2018].

[28] National Security Strategy of the United States of America. White House. Dec 2017. 20 Sep 2018].

[29] 26 ibid.

[30] BojanaDobran. Cybersecurity Trends: 32 Experts Make Predictions. Phoenix NAP Global IT Services.26 February 2018. 10 Sep 2018].

[31] David Bisson. The 10 Biggest Data Breaches of 2018… So Far. Barkly Blog. Jul 2018 01 Sep 2018].

[32] Luger, G.F. and Stubblefield, W.A. Artificial Intelligence: Structures and Strategies for Complex Problem Solving. Benjamin/Cummings. Redwood City, California, second edition.

[33] Kurzweil, R. The Age of Intelligent Machines. MIT Press, Cambridge, Massachusetts. Rich, E., and Knight, K. Artificial Intelligence. McGraw-Hill, New York, second edition.

[34] Charniak, E., & McDermott, D. Introduction to artificial intelligence.Addison-Wesley Longman Publishing Co., Inc. Boston, MA, USA ©1985, ISBN:0-201-11945-5

[35] Britannica. [Accessed: 25 Sep 2018].

[36] Ron Kohavi; Foster Provost (1998). “Glossary of terms”. Machine Learning. 30: 271–274.

[37] Russell, Stuart; Norvig, Peter. Artificial Intelligence: A Modern Approach (2nd ed.). Prentice Hall. ISBN 978-0137903955.

[38] Kulshrestha S. The Challenge of Military Artificial Intelligence. SP Military Year Book 2016-17 (at page 101). 25 Sep 2018].

[39] National Security Strategy of the United States of America. White House. Dec 2017. 10 Sep 2018].

[40] Deputy Secretary of Defense Memorandum Establishment of an Algorithmic Warfare Cross-Functional Team (Project Maven). April 26, 2017. 30 Sep 2018].

[41] Kulshrestha, S., “Artificial Intelligence and Cyber Defense” IndraStra Global Vol. 003, Issue No: 08 (2017) 0041. | ISSN 2381-3652[Accessed: 30 Sep 2018].

[42] Horowitz, Allen et al.  Artificial Intelligence and International Security. Center for a New American Security. July 2018. [Accessed: 30 Sep 2018].

[43] Zach Walker. VOLTRON: Disrupting DoD Cybersecurity with Artificial Intelligence August 2, 2018. [Accessed: 22 Sep 2018].

[44] Raffael Marty. AI in Cybersecurity. Towards Data Science. [Accessed: 26 Sep 2018].

[45] Bruce Schneier. Artificial Intelligence and the Attack/Defense Balance. IEEE Computer and Reliability Societies. March/April 2018 [Accessed: 10 Sep 2018].

[46] Hackers/criminals and defenders harness design and machine learning. HP Inc.2018.

[47] Sochenda Huang. Cyber Criminals’ Exploitation of Artificial Intelligence. International Risk Assessment and Horizon Scanning Symposium 2017. 25 Sep 2018].

[48] John Seymour and Philip Tully, “Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter.”[Accessed: 25 Sep 2018].

[49] Attacking Machine Learning with Adversarial Examples. Open AI. [Accessed: 30 Sep 2018].

[50] Ling Huang, Anthony D. Joseph et al. Adversarial Machine Learning. In 4th ACM Workshop on Artificial Intelligence and Security (AISec 2011), pages 43–57, Chicago, IL, USA, October 2011. 10 Sep 2018].