This is part-1 of a 2 part series that discusses the use of Artificial Intelligence (AI) to compromise web applications. This part introduces the concept of AI and its use for destruction by cybercriminals.
The speed at which cybersecurity has evolved over the last decade has taken everyone by surprise. Different types of threats and methods of attack have been surfacing consistently, hitting the web applications at an alarming rate. Unfortunately, the foundations of web application design were not laid with security in mind. Therefore, the dispersed design and web servers continue to pose challenges to security professionals.
If the correct security measures are not in place, the existing well-known threats that have been around for years will infuse application downtime and data breaches. Here the prime concern is that if security professionals are unable to protect themselves against today’s web application attacks, how would they fortify against the unknown threats of tomorrow?
The challenges that we see today are compounded with the use of Artificial Intelligence (AI) by cybercriminals. Cybercriminals already have an extensive arsenal at their disposal but to make matters worse, they now have the capability to combine their existing toolkits with the unknown power of AI.
AI and Machine Learning (ML) that were invented to improve lives, are now being used to break into web applications – the front door to your network. This type of machine-based automated attack has never been seen before. The rise of machine-based attacks is not something to be dealt with in distant future, it is a type of attack that security professionals must prepare for right now.
As the day one step, security professionals must defend themselves against the unknown type of attacks that a machine can throw at the application. Where is the quickest and easiest place to begin your defense strategy? The answer is; right at the web application level.
What is Artificial Intelligence?
Artificial Intelligence is part of a broad branch of computer science, which involves creating systems that can function automatically and independently.
The most complex system known to man is the human brain, and in the past, the most powerful systems could not match its sophistication. The prime goal of AI is to match with the power of the human mind. It aims to create a mind that thinks exactly in the same way as the human mind. Will the intelligence of the human race be matched by the intelligence of a machine?
The field of AI has expanded very quickly over the last few years. No one accurately knows the effect on web applications once the hackers get their hands on it, to manipulate its powers to cause destruction.
Artificial Intelligence in DDoS
Artificial Intelligence combined with DDoS is game-changing and we are beginning the see the launch of AI-based DDoS attacks. If the existing application stacks and underlying infrastructures are not able to efficiently deal with existing DDoS, how do we expect these web applications to withstand a newly improved type of automated machine-based DDoS attack?
Before we address some of the immediate solutions, we need to safeguard the web application. Therefore, let us first examine the evolution of DDoS and how quickly it has evolved from a human to a machine-based attacker.
Part 2 will discuss the evolution from human to machine based DDoS attacks. It specifically delves into how to prepare for such attacks while keeping low positives and negatives to industry standard low.
*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Matt Conran. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/trm6-_xftPc/