Security in the age of artificial intelligenceHow A.I. will make our world more secure … or vulnerable
Filip Maertens (Faction XYZ) ● [email protected]
The various disciplines in artificial intelligence (‘A.I.’)
Deep Belief Networks
Computer Vision
Audio Signal Processing
Natural Language
Some of the things we are working on. Our projects.
• LookingatsensorsonawristbandandlearnwhenahumanislikelytoshowsignsofdepressionorPTSD
• Lookingatcardata(CANBUS)andpredictwhatcarpartsarelikelytofailintheforeseeablefuture
• BuildingatransferlearningnetworkthatisabletomakecookingrecipesbylookingatYouTubevideos
• Basedonsmartphonehandling,buildapersonalprofileforauthenticationpurposes
• Buildinganaturallanguageprocessingenginethatiscapableofgeneratingnaturallanguagetodialoguewith
humancounterparts
• LearnhowhumanshandleanapplicationanddynamicallychangetheflowsothattheUXevolvesandbecomes
morenaturalwithoutadditionaldevelopmenttime
The basics of learning
• Learningistheprocessofimproving withexperience atsometask
• Improving overtask,T
• Withrespecttoperformancemeasure,P
• Basedonexperience, E
Learning how to filter spam
T =IdentifyspamemailsP =%offilteredspamemailsvs%offilteredhamemailsE =adatabaseofemailsthatwerelabelledbyusers/experts
The basics of machine learning
Sensors, cameras, databases, firewall,
IDS, email, etc.
Measuring devices
Noise filtering, Feature Extraction,
Normalization
Preprocessing
Feature selection, feature projection
Dimensionality reduction
Classification, regression, clustering, description
Model learning
Cross validation, bootstrap
Model testing
P
Supervised UnsupervisedVS
Target / outcome is knownclassification – regression
probability distribution in statistics, P(X/Y)
Target / outcome is unknownclustering – decomposition
density estimation in statistics, P(X,Y)
US$ 19Trillion in global GDP due to the Internet of
Everything by 2020
Cisco & GE US$ 300Billion incremental revenue by 2020
Gartner
40.9billion
connected devices by 2020
155million
connected cars by 2020
100million connected light bulbs
by 2020
+1trillion
connected sensors by 2020
2.5billion
smartphones by 2020
$12billion
wearable market size by 2020
New data paradigm is growing exponentially
Observed, real time, signal data Declared, structured data
VS
An evolution towards intelligent defenses
Computing & Data Paradigm
Detection Paradigm
1980s 1990s 2010 2016 +
Local computing
environment
Networked computing
environment
Big data and batch
processing
Ubiquitous data
streaming
Rule based detection
Rule & Heuristic
detection
Rule, Heuristics
and ML
Deep Learning, ML
and […]
More scalabilityand adaptability is
required !
Applying machine learning to security domains
Behavioral analytics
SupervisedUnsupervised
Continuous
Batch
Insider threat
detection
Network anomaly
detection
C2 detection
Spam Filtering
Malware Detection
Ruleset Generation
Network Traffic
Profiling
IOT security
Emerging security solutions by machine learning
Detecting and blocking hacked IOT devices
Preventing execution of malicious software and files
Light-weight prediction and classification models that can run on low powered
computing devices (“on-chip”) according to edge computing principles.
Example: CyberX, PFP Cybersecurity, Dojo-Labs
High performance classification of multi-dimensional data points.
Example: Phantom, Jask, Siemplify, Cyberlytic
Improving Security Operating Center (SOC) Operational Efficiency
Extract new features from unknown files and detect even the slightest code
mutations.
Example: Cylance, Deep Instinct, Invincea
Emerging security solutions by machine learning
Quantifying Cyber Risks
Process and classify millions of data points to build predictions on risk and
formulate the best possible mitigation practices.
Example: Brightsight, myDRO, Security Scorecard
Network Traffic Anomaly Detection
Analyzing millions of meta-data points, both of internal and external networks;
learn baseline patterns and uncover breaking patterns.
Example: DarkTrace, BluVector, Vectra Networks
Data Leak Prevention
AI capabilities to automatically classify information might, brings a new
generation of DLPs.
Example: Harvest.ai, NeoKami
Next generation security solutions with deep learning
Context Aware Security
Use data enriching and profiling to identify contradictory elements in a transaction of
a user.
Example: Brightwolf (Stealth)
Implicit Behavioral or Continuous Authentication
Learning and analyzing how handling of a smartphone or other device is considered
to be acceptable/normal or not.
Example: BioCatch, Bionym, BehavioSec
MANY MORE
The temporary state of affairs
Unsupervised learning helps to cluster new and emerging patterns
Human experts review, label and classify this new intelligence
Supervised learning retrains models with the new intelligence
General weaknesses of machine learning
Find and exploit weaknesses before or during the feature extraction or dimensionality reduction phase
Mimicry Attacks: Two different faces, yet OK result
Future attacks techniques might target human experts and coerce them to “wrongly” train classification systems
Degrade the classification system by persistent feeding with decoy data to decrease quality of training data
GDPR: When laws clash with machine learning
Right to be forgottenRight to
explanationAutomated individual
decision making
Hard to explain. How can decisions (predictions) be explained, when they
are the result of complex neural networks, which are black boxes ?
Tomorrow’s attackers may very well be A.I. driven
Genetic Algorithms (GA) to find best malware fitness
for maximum damage
Self Organizing Maps (SOM) to remove centralized C&C
structures
Deep Fuzzing that automatically finds complex
vulnerabilities
RNNs perform Mimicry Attacks to bypass AI driven
behavioral detections
Use game theory principles to define target outcome T, and use machine learning techniques to maximize the
AUC (“Area Under ROC Curve”)
A.I. are better, faster and more intelligent to engage in adversarial
activities, including warfare
Morality systems. An answer to deep cyber security challenges
Morality. Morality systems are required to keep A.I. systems in check and provide a framework to match with desirable outcomes.
Survivability. Even when an autonomous system is hacked, we expect these degraded systems to be able to still make potentially moral decisions by themselves.
Security in the age of artificial intelligenceHow A.I. will make our world more secure and vulnerable
Filip Maertens (Faction XYZ) ● [email protected]