Cyber security and AI inspired by the human body

In a recent interview on technology and science, United States President Barack Obama expressed concerns that soon, self-teaching artificial intelligence (AI) can be deployed to attack computers, and ultimately infiltrate America's most sensitive systems. "If you've got a computer that can play Go, a pretty complicated game with a lot of variations, then developing an algorithm that lets you maximise profits on the New York Stock Exchange is probably within sight. Then there could be an algorithm that said, 'Go penetrate the nuclear codes and figure out how to launch some missiles.' If that's its only job, if it's self-teaching and it's just a really effective algorithm, then you've got problems," he said.

Such an ominous reality might have reached Singapore. Late last October, hackers were responsible for shutting down StarHub's broadband services by taking control of networked personal devices to produce a massive spike in Internet traffic that overloaded the telco's servers.

Unprecedented in hyper-connected Singapore, the StarHub attack is just the beginnings of a brewing cyber "war". Technological innovations that have made machines smarter are also being used for nefarious means. As Mr Obama explained, if current AI can play Go, then engineering a program to launch unauthorised nuclear strikes is a fearsome possibility.

The proliferation of the so-called "Internet of Things" has also given rise to the "Internet of Vulnerabilities", where Internet-connected devices facilitate cyber attacks, with the StarHub hack being a prime example. The implications for Singapore companies and the Government are dire if personal devices are so easily compromised: Complete visibility of networks, including machines that are traditionally not covered by cyber defences - such as biometric scanners and coffee machines - is now a must.

Today's highly skilled and well-resourced criminals will likely look to leverage AI-based malware that sneaks in through unconventional means, perhaps through employees' phones, and lies low inside to self-learn and better mimic individual behaviour. If successful, the polymorphic code becomes extremely dangerous - it can constantly avoid detection and continue stealing data. And more insidiously, what if the hostile "insider" alters highly sensitive information? Imagine insider programs that can change medical and financial information, or even data of strategic value such as government records.

Even a single instance destroys the integrity of vital systems and critical infrastructure - the daily essentials that Singaporeans take for granted and rely on.

In real life, infections are not prevented by building thicker and higher walls around homes and workplaces. Instead, the human immune system reacts by identifying and containing infectious germs lurking inside the body, before sending antibodies to neutralise the threats... what organisations need is perhaps an intuitive, immune system-like visibility into the internal workings of the digital network and systems.

Trust in the government is essential for any country but such trust did not fare well last year - hostile cyber attacks regularly made global headlines, ranging from the US$81 million (S$116 million) heist of Bangladesh Bank, to the shutdown of a Ukrainian power plant, to the millions of Yahoo and Google accounts breached. Attacks of such scale are evidence of a new threat era in which "dark" AI will exploit the Internet of Vulnerabilities to steal and change important data.

The "Cyber Doomsday" scenario is made possible because of a fundamental problem: Organisations lack visibility and are clueless on what has been taking place inside their own networks.

Given the gloomy cyber climate, what can Singapore companies and the Government do in the new year? Perhaps ideas shared by Mr Obama during the same interview might be key. He theorised that a better approach to cyber security was to view the current environment as a medical battle between viruses and antibodies, instead of through the traditional notion of building "armour and walls" for cyber defence.

Based on the above approach, one can draw a parallel between advanced cyber threats, and viruses and bacteria that attempt to invade and harm the human body.

In real life, infections are not prevented by building thicker and higher walls around homes and workplaces. Instead, the human immune system reacts by identifying and containing infectious germs lurking inside the body, before sending antibodies to neutralise the threats.

In a similar vein, time and time again companies and governments are exposed to virus-like advanced cyber threats, and so far even the best cyber-defence technology has failed to keep out these attacks.

If Mr Obama's perspectives are to be adopted, what organisations need is perhaps an intuitive, immune system-like visibility into the internal workings of the digital network and systems.

Such "enterprise immune system" technology is pioneered by British cyber-security firm Darktrace, where I work. Darktrace's technology, which is inspired by the human immune system, rejects the one-size-fits-all, outcome-focused approaches of traditional security programs. Instead, a unique combination of advanced mathematics and highly developed machine learning and AI is used to understand every nuance of the host network, allowing the "immune system" technology to differentiate between what is inherent to the host and what is abnormal activity by a disguised invader.

By leveraging machine learning, Darktrace's technology is constantly processing the infinite streams of data at machine speed, allowing it granular visibility into every nook and cranny of the network. The self-learning "enterprise immune system" can thus instinctively spot any malicious activity in real time before any harm can be done.

Furthermore, the technology also has capabilities for creating digital antibodies upon recognition of uncovered threats.

The possibility of sophisticated cyber threats potentially undermining trust in Singapore companies and the Government has never been greater than in the new year. Like the human immune system, designed to adapt, evolve and survive through millennia of deadly diseases, self-learning technology can help Singapore keep apace with evolving threats.

The "immune system" approach has been deployed in organisations across all sectors and has successfully identified tens of thousands of serious cyber incidents. For instance, a small charity in Santa Clara County, California, successfully identified and stopped an in-progress cyber attack that originated as a socially engineered e-mail from a legitimate supplier. Within minutes of applying "immune system" technology, the infected computer was quarantined and taken offline. Legacy tools relying on previous knowledge of threats would not have been able to detect such behavioural abnormalities or early-stage unusual behaviour.

If the small Santa Clara charity, a "soft target" with limited security infrastructure and budget, managed to prevent such an ingenious attack when larger and better-financed organisations have fallen prey, perhaps taking cues from biology this year can be a step forward to address the bleak cyber forecast.


  • The writer is managing director, Asia-Pacific, of Darktrace, a cyber-security firm.
A version of this article appeared in the print edition of The Straits Times on January 06, 2017, with the headline 'Cyber security and AI inspired by the human body'. Print Edition | Subscribe