Is Machine Learning the best way to defend web3 from exploits?

High-level data breaches are an open secret in crypto, and the trend is likely to persist into the foreseeable future as cybercriminals find new and sophisticated attack vectors to fill their coffers. 

To this point, losses originating from a number of cryptocurrency hacks skyrocketed 60% over the first seven months of 2022. This is in large part due to funds being stolen from decentralised finance (DeFi) protocols.   

An AI solution 

Last October, a record $718 million were stolen from DeFi protocols, stretching across 11 different hacks. On aggregate, hack-related losses hit the $3 billion mark for 2022, making it the biggest year for hacking on record, per data from blockchain analytics firm Chainalysis. Now, experts believe that artificial intelligence (AI) and machine learning (ML) could alleviate these concerning cybersecurity threats.  

A piece of the puzzle 

This is where machine learning algorithms come in. Specifically, ML-driven privacy systems are designed to learn and adjust to a protocol’s regular network activity. Once enough data is aggregated and processed, a baseline norm is established. From this, suspicious deviations from the norm would be flagged and submitted for further inspection. 

There are two types of ML systems that can be used:  

1. Supervised ones that can learn to generalize from past attacks. 

2. Unsupervised ones that can detect unknown attacks, alerting cybersecurity personnel of any deviations from the norm. 

Considering that such systems are well within current technological capabilities, ML-ready tech. will likely become a crucial component of threat detection and defence in the crypto sector. Notably, ‘crypto’ is a misnomer, as the term encompasses Web 3.0 projects, decentralised finance and hard money like Bitcoin and Litecoin, among other things – all of which will have their own distinct interactions with cybersecurity systems.  

Regardless, bad actors will face increased scrutiny in an automated fashion, which may be countered with automated attacks further down the line. So far, all automated (or deliberate) attacks against thoroughly decentralised proof-of-work blockchains have failed. 

The total market capitalisation of the AI cybersecurity sector, of which ML is a major subset, is expected to grow at a compound rate (CAGR) of 23.6% over the next five years, hitting a cumulative total of $46.3B by 2028. 

On a technical level, ML systems allow security experts to identify threats quickly by making use of data sets at faster speeds than human accounting. Over time, such systems develop a bias, augmenting older heuristics with the latest data, making them more efficient and less error prone. 

To this end, the industry must make web3.0 more appealing for data scientists; something which can be done through a mixture of education and financial incentives. Consequently, it would become easier to respond to hacks and threats before the problem can compound and turn into an extinction-level-event for a protocol. 

In fact, when ML platforms detect malicious activities within a web3 system, they can block a malicious entity from further exploiting a protocol. For instance, Forta is a decentralised monitoring network that can detect threats and anomalies on DeFi, NFT, governance, bridges, and other web3 systems in real-time. 

Current Challenges 

Most ML platforms are driven by data scientist, and herein lies an implementation challenge. While web3 has garnered developer support, it has not been able to bring data scientists into the fold. This is unfortunate given the mountains of readily available data in crypto. Research opportunities open the door to solve real-world problems, which ought to be an appealing prospect for data scientists.  

A majority of data science engagement in the cybersecurity realm circles around identifying attacks and suspicious on-chain activity. While the work involves vital elements such as threat detection, time-series analysis and supervised classifiers, there are applications beyond monitoring. One area is making today’s systems more secure and reliable. For instance, an ML algorithm could be deployed to detect third-party anomalies such as bot and spam detection, irregular data patterns as well as reorganise existing systems and behaviour analytics. 

Here are a couple of main impacts that these technologies have on today’s cybersecurity frameworks: 

-Efficient vulnerability management 

Most protocols cannot keep up with today’s threats. Conventional means of managing vulnerabilities are aimed at responding to incidents after hackers have successfully exploited a loophole. But machine learning systems can identify vulnerabilities automatically. 

ML-powered behaviour analysis tools can pseudonymously look at user behaviours across transactions, detect anomalies and point in the direction of an unknown attack. In essence, this could help safeguard assets before an issue has been reported – in real time. 

Over time, ML will likely be used in the context of auditing and monitoring as deep learning systems become commonplace. This will undoubtedly have serious privacy implications, considerations and concerns which will have consequences of their own. 

-Quick threat detection  

Traditional security systems use attack signature-based indicators to figure out threats. This is a highly efficient method for known problems, but it’s not great at finding newer and emerging attack vectors. Having said that, both ML and conventional attack-signature detection models are useful, and can be used in tandem to minimise false positives.  

Machine learning is known for its predictive capabilities and efficient data analysis methods, which makes their usage for inefficient blockchains all the more important. This is of course, with respect to real blockchains, not decentralised-in-name only chains. ML could also work to enhance a blockchain’s automatic data verification procedures to identify fraudulent transactions. 

This is all considered in the context of good-faith progress. So it is unlikely that a central bank or traditional financial institution will use these capabilities in the benevolent descriptions provided in this text. 

Looking Ahead 

As cyber-threats emerge and attack grow more sophisticated, projects will need to implement better external threat-detection models. Organisations will be expected to respond to hacking events in real time, and also take certain remedial measures similar to ‘white-hat-hacking’, but from an AI-based model. 

Regardless, AI/ML technology is certainly not a panacea. Privacy concerns will emerge, systems security will continue to develop and a delicate balance inching towards a more secure decentralised future will evolve. Needless to say, it will certainly be interesting to see what the future holds.