Artificial Intelligence has learned to track down hackers

Artificial Intelligence and Systems Based onThis technology is increasingly used in real life. However, often their scope is limited to the analysis of large volumes of data or complex calculations. But why not use AI in his, one might say, “natural habitat”? In the digital world? Perhaps something like that was thought by experts from the Massachusetts Institute of Technology (MIT) and the University of California at San Diego (UCSD) when creating an AI that would prey on hackers.

Can hackers resist artificial intelligence?

How will artificial intelligence catch hackers?

IP hijacking is becoming more popularform of cyberattacks. This is done for a variety of reasons: from spamming and malware distribution to stealing cryptocurrency and bank card information. According to some estimates, only in 2017, such incidents affected more than 10 percent of all domains in the world. Even large players like Amazon and Google were hit. What can we say about smaller companies.

Interception PreventionIP addresses are usually taken already when the attack is complete. But what if these events could be predicted and subsequently traced by intruders? Guided by this thesis, a team of specialists analyzed the methods used by "serial crackers" and trained their neural network to calculate suspicious activity. As a result, she was able to identify approximately 800 suspicious networks and found that some of them systematically seized IP addresses for many years.

To transfer data between different gatewaysDynamic Routing Protocol (BGP) is used. However, it has two main drawbacks: lack of authentication and basic source verification. This makes it available for hacker attacks. Having provided the AI ​​algorithm with data on past attacks, we trained the artificial intelligence model to identify key characteristics of hackers. Such as, for example, multiple IP blocking. - says the lead author of the work, Cecilia Testart.

The team of creators of the new algorithm. From left to right: David Clark, Cecilia Testart and Philip Ritcher

Let’s explain a little how hackers work. And how does the capture of IP addresses. In hijacking BGP, an attacker roughly “convinces” nearby networks that the best way to reach a specific IP address is through their hacker network. By passing this data through their network, hackers can intercept and redirect traffic for their own purposes. The developers of the algorithm themselves cite this analogy: it's like trying to call someone on a landline phone. You can be told that you can sign up at the institution closest to you by a specific number. However, you do not know that such establishments exist and are much closer to your location.

See also: Hackers circumvented one of the most complex security systems

To better define attack tactics, a groupscientists first extracted data on the work of network operators over the past few years. Based on this, they were able to deduce a correlation between hacking addresses and bursts of Internet activity of hackers. After that, it remained only to “feed” this data to the machine learning system and “train” the AI. By the way, if you are interested in the subject of AI and everything related to it, we recommend that you subscribe to our page in Yandex.Zen. Various materials on this subject are regularly published there.

The work of a team of scientists is the first step in creatingautomatic cybercrime prevention system. In the future, the algorithm will only improve. Scientists are planning to present a full report on the work done and a demonstration of a functioning AI to search for hackers this October at the International IT Conference in Amsterdam. A little later, they also promise to post on the GitHub portal a list of suspicious networks they discovered.