SlideShare ist ein Scribd-Unternehmen logo

icon-aiincs-obusolini201809131800-190310184140.pptx

Als PPTX, PDF herunterladen
Y
yugandharadahiphale2

Ppt

Business
1 von 25
Overview of AI in Cybersecurity Helping to navigate the AI hype, and make informed decisions 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 1
What are we talking about ? 1 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 2
• Machine reproducing human cognitive capabilities such as reasoning, knowledge representation, planning, learning, natural language processing, perception, the ability to move and manipulate • Machine that comes up with novel knowledge that user finds insightful • Enhance human intelligence with technology • processing and structuring huge volumes of data, including analysis of the complex relationships within it • Cybersecurity use case such as sifting through critical alerts, correlating them with other lesser alerts and log entries, pulling packet captures and host activity logs, overlaying external threat intelligence and data feeds, and presenting an analytics package for a human analyst to determine the next actions • 2016, MIT’s Computer Science and Artificial Intelligence Lab (CSAIL): adaptive machine learning reviewing millions of logins each day, and reducing alerts down to around 100 per day • Orchestrate and Automate • AI scales up tasks that humans can perform without a problem to a much larger volume we could ever handle • “Modern” assembly-line robots – replicating repeated mechanical tasks, not necessarily requiring any "intelligence" as such Artificial Intelligence Definition of AI is Difficult AI can’t work without Humans Humans are enhanced by AI Source: PwC 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 3
• AI is Math • Advanced and new application of Statistics • Artificial General Intelligence: intelligence of a machine that could successfully perform any intellectual task • Machine Learning: ability for (machines) to learn without being explicitly programmed – predictions based on data sets • Deep Learning: “New ML” that recognizes patterns - wider range of data resources, less data preprocessing by humans, produce more accurate results • Swarm technology: collective behavior of decentralized, self-organized systems, natural or artificial - Already used in drones and fledgling robotics devices Artificial Intelligence Overview of AI technologies Source: Cellstrat 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 4
Machine Learning • Supervised: given inputs (knowledge and data) and outputs to learn from and provide predictions : Classification problems - lots of training data and feedback from humans • Large data sets – Labeled & Unlabeled • Volume, velocity and variety of data are key • Unsupervised: explores input data without being given explicit outputs and detect anomalies: Optimisation problems • Dimensionality reduction - Association & Clustering of "normal" and "abnormal" entities • Reinforcement learning: learning to perform a task by maximizing reward signals about how well it is performing • Don’t have a lot of training data • Can’t clearly define an end state Overview of ML underlying technologies Source: Saagie 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 5
• Supervised: get reliable data set • For last 20 years, e.g. in network attack detection - MIT LARIAT data set is biased • Consequences • Difficulty in training algorithms • Inability to derterministically label data • Difficult cleaning data • Can resulting in false positives • Unsupervised • Difficult to explain the clusters • Difficult to take expert knowledge into account • Resulting in challenges in finding anomalies in data sets Machine Learning Attention points 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 6 Source: EY
• Explainability • Understand what DL actually learned • Legal challenges • Verifiability • Verifiability of detections • Interpretation of output • Data quality and Bias • Not enough or no quality labelled data • Data cleanliness issues: timestamps, normalization across fields, etc. • Bad understanding of the data to engineer meaningful features • In cybersecurity, data is prone to adversarial input • Knowledge • AI solutions depend directly on the qualifications of people developing the models • Understanding the business, the maths, and IT • No well trained domain experts and data scientists to oversee the implementation Deep Learning Attention points 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 7
AI in cybersecurity 2 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 8
Red and Blue AI • AI versus AI cybersecurity competition DARPA "Grand Challenge” • 2013-2016 – 55M$ event, 3,75M$ prize Winner: Mayhem – its code is now used by the Pentagone and US Defense in war zones • Attack, Defend (Run services and Patch (which created most of problems)) • Red AI is AI based Cybercrime • Next Level Threats (NLT’s) based Cyberattacks. This means cyberattacks which are using artificial intelligence, machine learning and robotics in combination to make attacks even harder to detect and fight against. • Difficult to assess the level of this risk • Most example in the next slidebelow are at the research stage • Could some be already available from the Darkweb ? • Blue Ai is Defensive AI New risks demand new controls 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 9
Red AI • Malware creation: speed up creation & Enhance evasive capabilities • Customized undetectable malware using Elon Musk's OpenAI (2017 Defcon) • Extension on polymorphic malware: modify code on the fly based on how and what has been detected in the environment • Smart botnets • Self learning botnets: actions based on local intelligence and exchanges between botnets • Smarter zombies: act without the botnet C&C instructions • Advanced spear phishing: text-to-speech, speech recognition, and natural language processing (NLP) for smarter social engineering • Train on genuine emails and make convincing scams • “Automated End2End spear phishing on Twitter”: success rate varying between 30 and 60 % (Black Hat USA 2016) • Counter threat intelligence • DDoS TI: raising the noise floor generates a lot of false positives to common machine learning models -> once a target recalibrates its system to filter out the false alarms, the attacker can launch a real attack that can get by the defensive ML • Unauthorised access: Breaking current CAPTCHA (98% success) • Poisoning machine learning engines • 2017: convolutional neural networks (CNNs) attacked to produce false (but controlled) results through CNNs like Google, Microsoft, and AWS • Using AI to classify victims and optimize RoI • Condition based Cyberattacks e.g. Cyberattacks using Blockchain based smart contracts 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 10 H(igh) – M(edium) – L(ow) risk S(hort) – M(iddle) – L(ong) term Estimations H – S M – M H – S M – M M – S M – S ? – S M – S
Blue AI Source: Raffael Marty AI seems to be the best defense against Red AI • Is this a new frontier of information warfare ? Most probably the asymmetric, instantaneous nature of cyberattacks demand the adoption of autonomous defense systems that could act in response to an attack in an early stage • Wannacr, NotPetya etc. • This will probably generate an AI arms race – what will be the consequences in the long term, especially as big government actors join the cyber wars • Resources will be key: money, expertise, processing capabilities, access to « big data » - e.g. Google’s Chronicle service offering could impact radically the Blue AI industry with : • Speed and Scale: massive compute and storage to create more intelligence out of security-related • Enhance Human Abilities: ML capabilities to find patterns in huge volumes of data that aren’t easily spotted by humans Most Blue AI uses a mix of different technologies such as • Classification identifies which category a new piece of data belongs to • Anomaly detection trained on a historical data set then look for anything new or unusual • An anomaly might not be a malicious activity • Training needs to be refreshed regularly, since employees, networks, and other systems change over time. • Cluster analysis looks at a much larger variety of factors and behaviors than a human can, and update the clusters in real time • still usually takes a human to look at the clusters or anomalies and determine what they mean 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 11
• Malware detection: use large collection of software that's already been divided into malware and legitimate applications, and tell whether a previously unseen app is malicious • Google: ML to analyze threats against mobile endpoints • Microsoft: multi layered (endpoint & cloud), multi ML endpoint defense • Anti Spam • Intrusion Detection & Prevention • Characterizes the network traffic, and automatically generates signatures for blocking the attack • Deep neural networks can create a model to detect attacks with strong accuracy • Vulnerability management: identifying, prioritizing and helping to remediate existing vulnerabilities • User and Entity Behavior Analytics (UEBA): based on analysis of network traffic, internal and external behaviors, data access and a wide range of other functions and activities. • Data classification: ease compliance with data privacy and data protection regulations • Amazon Macie automates tracking the data to identify, classify and protect sensitive pieces of information such as personally identifiable information (PII), personal health information (PHI), regulatory documents, API keys, secret key material and intellectual property • Cyber Threat Intelligence (CTI): behavior categorization for Threat Intelligence • Arizona State University uses machine learning to monitor traffic on the dark web to identify data relating to zero-day exploits • New generation of honeypots Blue AI Source: Infotechlead 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 12
• Automated remediation • For the recommendations that carry the lowest risk to the company, or that offer the highest benefit • DARPA 2016 Grand Challenge • Orchestration framework • Allows one security system to trigger an action on a different system, without requiring a human intervention (e.g. log into individual systems and manually execute commands) • Will demand that “basics” practices are in place, such as security playbooks • Intrusion Detection & Prevention - Autonomous incident response • Watch as security professionals deal with security issues • Gather enough historical data to make meaningful predictions • Intrusion Detection & Prevention - Automatic self assessment and remediation: learn attack behaviors that can evade Intrusion Detection Systems (IDS), thereby enabling the automated creation of data from which an IDS system can learn • Automated pen-testing • Blockchain could enhance data integrity, digital identities, enable safer IoT devices to prevent DDoS attacks, etc. Blue AI emerging usages Some in R&D, other already provided by start-ups 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 13 Source: Microsoft
Thoughts on solutions Brief look into commercial cybersecurity with AI solutions 3 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 14
• Cloud, Blockchain, and now AI ? • “Cool” products have to have AI • AI is Math (advanced and new application of Statistics) • not software • AI cybersecurity solutions depend directly on the qualifications of people developing the models • Data scientists, often PhDs in Math and Computer Science, sometimes with (pending) pattent • And Cybersecurity experts, with knowledge of Cyber Threats and the most appropriate types of defenses • Hence not limited to IT development profiles • Scarcity of the profiles • Hiring and retaining is a major challenge • Industry, projects and compensation (incl. equities) are key • Salaries for Data scientists are sky rocking, and not all companies can compete • Start-up are more able to provide equities to top talent but less able to • Develop mature piece of software with this cutting edge technology • Have access to big data Quantum leap of AI software Difficulty to develop AI solutions Source: Wikipedia 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 15
CISO’s shopping list 80+ companies securing the future with AI Source: CB Insights Anti Fraud & Identity Management: secure online transactions by identifying fraudsters, e.g. ML proactively detects fraud in financial transactions or fraudulent users on websites and in mobile Mobile Security: e.g. identify and grade risky behavior in mobile apps including known and unknown malware, new malware used in targeted attacks, corporate data ex-filtration, and intellectual property exposure, mostly cloud based Predictive Intelligence: e.g. predictive and preventive security against advanced cyber threats with predictive execution modeling Behavioral Analytics / Anomaly Detection: detect anomalous behavior from insiders and external threats in organizations’ systems and networks in order detect cyber-attacks, e.g. with digital fingerprints from an end-user’s behavior through monitored keystrokes, mouse behavior, and anomaly detection Automated Security: e.g. automate security tasks across 100+ security products and weave human analyst activities and workflows together Cyber-Risk Management: More focus on defining cyber risk appetite and cyber risk tolerance, to better enable business considering the cost of security controls App Security: securing applications e.g. By helping developers secure applications by finding, fixing, and monitoring web, mobile, and networks against current and future vulnerabilities, with formal analysis and machine learning IoT Security: e.g. AI-powered asset-protection software for the safety, security, and reliability of the IoT; machine learning to identify hidden recording devices or transmitters in a conference room, and allow for a preemptive response to data theft. Deception Security: e.g. proactively deceiving and disrupting in progress attacks by detecting and fighting cyber attacks by creating a neural network of thousands of fake computers, devices, and services that act like a fog and work under the supervision of machine learning algorithms.
A few points to look at Looking into relying on AI ? • Asses your threats and risks – are AI based solutions the best answers to some of them ? • What is your current maturity in cybersecurity ? Up to where can you climb the ladder from detective, preventative or even predictive controls? • How does it learn ? • Learning ‘on the job’ within the user’s environment or the provider’s ? • What volume of data is required ? How often is retraining needed ? • What's the mechanism for collaboration with human ranking ? • What are the error rates ? • False positive, and false negative • Is the error rate acceptable to achieve detection ? Automatic remediation ? • Can it detect, cluster, classify and make predictions that • (complexity) would not have been possible by humans alone, and • (scale) reduce the amount of human intervention and analysis required, • (latency) in a timeframe not achievable by humans only ? • Consider the risks of an AI solution - AI security is still nascent, as its control framework • Data input validation issues are not uncommon • What are the risks of DL models ? Of black box proprietary solutions? 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 17
SO WHAT ? Takeaways for the ordinary CISO 4 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 18
What conclusions for your cybersecurity strategy ? • Stressed and stretched IT security teams look to automation of cybersecurity tasks for relief • Orchestration and integration of existing cybersecurity solutions is also necessary • Scarcity of cybersecurity experts look for support from augmented (AI to support humans) if not autonomous intelligent (AI without humans) to increase efficiency, and be able to meet more complex, massive and time sensitive threats • Evolution of the role of cybersecurity staff • Use the complex enterprise context to ascertain the results of AI systems • Human intervention will most probably be required to provide specific expert knowledge or when an action can have severe consequences • AI solutions should be fully integrated and consistent with the existing Cybersecurity and IT processes to be efficient • Ensure cyber risk management is fully integrated into Operational Risks • Some change management might be required to benefit fully from the expected Innovation and quality improvement and cost reduction • Do AI cybersecurity systems bring new risks ? Can we compensate with existing controls or do we need to develop new ones ? People, Process and Technology wide Source: BDO Global 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 19
Much more work required in this nascent field 5 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 20
AI • Understand skills and training that are going to be necessary • Enable responsible widespread use of data by defining a framework of interoperable anonymized data • Define a framework to assess and test AI safety AI in cybersecurity • Define a framework to assess use of AI by cybersecurity threat actors • Define an AI security risk framework • Define an associated set of AI security controls • Define a framework to assess and test AI based cybersecurity solutions • Define an implemental maturity model for AI based cybersecurity solutions Further ICON work could focus on Across 2018 - 2019 Source: NIST AI projects 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 21
Contact us@ Olivier Busolini busolivier@protonmail.com This presentation was created in my personal capacity. The opinions expressed in this document are mine only, and do not necessarily reflect the view of my employer. All right reserved to the author. Additionnal sources Accenture Autonomous Research Cybersecurity intelligence CSO Online Defcon 2018 AI Village Microsoft NIST Raffael Marty Rodney Brooks Thanks to Reto Aeberhardt (EY) Jan Tietze (Cylance) Godefroy Riegler David Doret Fabian Gentinetta-Parpan (Vectra) 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 22
Peek into the use of AI in Financial Services 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 23
• AI is expected to change the jobs landscape - Deleting certain jobs and creating others – helping focus on more added value activities • Dealing with millennials • Jobs relying on empathy and ability to connect could be impacted by AI - Which as a higher Emotional Quotient, AI or humans ? • Lots of work ongoing to enhance EQ in agents • Front desk jobs will be impacted by chatbots (caution with past backslahes – interesting customer support results rate for Swedbank’s Chatbot Nina), voice assistants or automated authentication • Operations roles will be impacted by RPA (JP Morgan’s contract intelligence platform COIN saved more 360,000 man hours of contracts analysis) • Finance controls and compliance roles will be impacted by AI based Anti-Money-Laundering, Anti-Fraud, Compliance and Monitoring tools • Credit Scoring agents extracts insights from data on contracts, past spending and future income to provide a range of credit decisions – particularly sensitive to bias and explainability • Automatic advise (e.g. Financial advisers of Morgan Stanley) • Algorithmic Trading and Investments leverage greater and more diverse sources of information, which are feeding into trading models (e.g. Black Rock, JPMorgan and Citibank) AI in Banking Some business cases 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 24
• AI explainability will most probably be required by regulations • Accountability and reputational risks • Error rates create reputational risk • Might need compensating controls • Current market adoption of AI is driven by the risk appetite of the company, that seems to be directly related to its size and competitive environment • Maturity of the banking industry in cybersecurity should ease the securisation of AI • Most of ML is powered by exchange of data with Cloud based technologies AI in Banking And attention points 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 25

Empfohlen

Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Présentation de Bruno Schroder au 20e #mforum (07/12/2016)
Présentation de Bruno Schroder au 20e #mforum (07/12/2016)Présentation de Bruno Schroder au 20e #mforum (07/12/2016)
Présentation de Bruno Schroder au 20e #mforum (07/12/2016)Agence du Numérique (AdN)
 
influence of AI in IS
influence of AI in ISinfluence of AI in IS
influence of AI in ISISACA Riyadh
 
Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceFaction XYZ
 
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityAI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityTasnim Alasali
 
12 ai-digital-finance-overview
12 ai-digital-finance-overview12 ai-digital-finance-overview
12 ai-digital-finance-overviewinnov-acts-ltd
 
How would AI shape Future Integrations?
How would AI shape Future Integrations?How would AI shape Future Integrations?
How would AI shape Future Integrations?Srinath Perera
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 

Empfohlen

Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Présentation de Bruno Schroder au 20e #mforum (07/12/2016)
Présentation de Bruno Schroder au 20e #mforum (07/12/2016)Présentation de Bruno Schroder au 20e #mforum (07/12/2016)
Présentation de Bruno Schroder au 20e #mforum (07/12/2016)Agence du Numérique (AdN)
 
influence of AI in IS
influence of AI in ISinfluence of AI in IS
influence of AI in ISISACA Riyadh
 
Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceFaction XYZ
 
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityAI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityTasnim Alasali
 
12 ai-digital-finance-overview
12 ai-digital-finance-overview12 ai-digital-finance-overview
12 ai-digital-finance-overviewinnov-acts-ltd
 
How would AI shape Future Integrations?
How would AI shape Future Integrations?How would AI shape Future Integrations?
How would AI shape Future Integrations?Srinath Perera
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 
Algorithm Marketplace and the new "Algorithm Economy"
Algorithm Marketplace and the new "Algorithm Economy"Algorithm Marketplace and the new "Algorithm Economy"
Algorithm Marketplace and the new "Algorithm Economy"Diego Oppenheimer
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousPriyanka Aash
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShowAdam Heller
 
Machine learning and ai in a brave new cloud world
Machine learning and ai in a brave new cloud worldMachine learning and ai in a brave new cloud world
Machine learning and ai in a brave new cloud worldUlf Mattsson
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Data Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteData Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteHPCC Systems
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
How Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecurityHow Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecuritySaqib Chaudhry
 
Data Science - NXT Level_Dr.Arun.pdf
Data Science - NXT Level_Dr.Arun.pdfData Science - NXT Level_Dr.Arun.pdf
Data Science - NXT Level_Dr.Arun.pdfDr. G. Arun Sampaul Thomas
 
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdfTru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdfTrupti Shiralkar, CISSP
 
Artificial Intelligence Primer
Artificial Intelligence PrimerArtificial Intelligence Primer
Artificial Intelligence PrimerImam Hoque
 
Webinar: Machine Learning para Microcontroladores
Webinar: Machine Learning para MicrocontroladoresWebinar: Machine Learning para Microcontroladores
Webinar: Machine Learning para MicrocontroladoresEmbarcados
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defenseDATA SECURITY SOLUTIONS
 
Sweden future of ai 20180921 v7
Sweden future of ai 20180921 v7Sweden future of ai 20180921 v7
Sweden future of ai 20180921 v7ISSIP
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSIS
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSISUNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSIS
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSISpijans
 
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSIS
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSISUNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSIS
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSISpijans
 
A 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersA 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersFeisal Nanji
 
Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxSocio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxtrishalcan8
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 

Weitere ähnliche Inhalte

Ähnlich wie icon-aiincs-obusolini201809131800-190310184140.pptx

Algorithm Marketplace and the new "Algorithm Economy"
Algorithm Marketplace and the new "Algorithm Economy"Algorithm Marketplace and the new "Algorithm Economy"
Algorithm Marketplace and the new "Algorithm Economy"Diego Oppenheimer
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousPriyanka Aash
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShowAdam Heller
 
Machine learning and ai in a brave new cloud world
Machine learning and ai in a brave new cloud worldMachine learning and ai in a brave new cloud world
Machine learning and ai in a brave new cloud worldUlf Mattsson
 
Data Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteData Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteHPCC Systems
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
How Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecurityHow Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecuritySaqib Chaudhry
 
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdfTru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdfTrupti Shiralkar, CISSP
 
Artificial Intelligence Primer
Artificial Intelligence PrimerArtificial Intelligence Primer
Artificial Intelligence PrimerImam Hoque
 
Webinar: Machine Learning para Microcontroladores
Webinar: Machine Learning para MicrocontroladoresWebinar: Machine Learning para Microcontroladores
Webinar: Machine Learning para MicrocontroladoresEmbarcados
 
Sweden future of ai 20180921 v7
Sweden future of ai 20180921 v7Sweden future of ai 20180921 v7
Sweden future of ai 20180921 v7ISSIP
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSIS
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSISUNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSIS
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSISpijans
 
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSIS
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSISUNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSIS
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSISpijans
 
A 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersA 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersFeisal Nanji
 

Ähnlich wie icon-aiincs-obusolini201809131800-190310184140.pptx (20)

Algorithm Marketplace and the new "Algorithm Economy"
Algorithm Marketplace and the new "Algorithm Economy"Algorithm Marketplace and the new "Algorithm Economy"
Algorithm Marketplace and the new "Algorithm Economy"
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
 
Machine learning and ai in a brave new cloud world
Machine learning and ai in a brave new cloud worldMachine learning and ai in a brave new cloud world
Machine learning and ai in a brave new cloud world
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Data Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteData Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 Keynote
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
 
How Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecurityHow Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber Security
 
Data Science - NXT Level_Dr.Arun.pdf
Data Science - NXT Level_Dr.Arun.pdfData Science - NXT Level_Dr.Arun.pdf
Data Science - NXT Level_Dr.Arun.pdf
 
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdfTru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
 
Artificial Intelligence Primer
Artificial Intelligence PrimerArtificial Intelligence Primer
Artificial Intelligence Primer
 
Webinar: Machine Learning para Microcontroladores
Webinar: Machine Learning para MicrocontroladoresWebinar: Machine Learning para Microcontroladores
Webinar: Machine Learning para Microcontroladores
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
 
Sweden future of ai 20180921 v7
Sweden future of ai 20180921 v7Sweden future of ai 20180921 v7
Sweden future of ai 20180921 v7
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSIS
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSISUNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSIS
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSIS
 
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSIS
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSISUNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSIS
UNCOVERING FAKE NEWS BY MEANS OF SOCIAL NETWORK ANALYSIS
 
A 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersA 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care Providers
 

Kürzlich hochgeladen

Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxSocio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxtrishalcan8
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxDEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxRodelinaLaud
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Tina Ji
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingShawn Pang
 

Kürzlich hochgeladen (20)

Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxSocio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Best Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting PartnershipBest Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting Partnership
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxDEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docx
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
 

icon-aiincs-obusolini201809131800-190310184140.pptx

  • 1. Overview of AI in Cybersecurity Helping to navigate the AI hype, and make informed decisions 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 1
  • 2. What are we talking about ? 1 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 2
  • 3. • Machine reproducing human cognitive capabilities such as reasoning, knowledge representation, planning, learning, natural language processing, perception, the ability to move and manipulate • Machine that comes up with novel knowledge that user finds insightful • Enhance human intelligence with technology • processing and structuring huge volumes of data, including analysis of the complex relationships within it • Cybersecurity use case such as sifting through critical alerts, correlating them with other lesser alerts and log entries, pulling packet captures and host activity logs, overlaying external threat intelligence and data feeds, and presenting an analytics package for a human analyst to determine the next actions • 2016, MIT’s Computer Science and Artificial Intelligence Lab (CSAIL): adaptive machine learning reviewing millions of logins each day, and reducing alerts down to around 100 per day • Orchestrate and Automate • AI scales up tasks that humans can perform without a problem to a much larger volume we could ever handle • “Modern” assembly-line robots – replicating repeated mechanical tasks, not necessarily requiring any "intelligence" as such Artificial Intelligence Definition of AI is Difficult AI can’t work without Humans Humans are enhanced by AI Source: PwC 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 3
  • 4. • AI is Math • Advanced and new application of Statistics • Artificial General Intelligence: intelligence of a machine that could successfully perform any intellectual task • Machine Learning: ability for (machines) to learn without being explicitly programmed – predictions based on data sets • Deep Learning: “New ML” that recognizes patterns - wider range of data resources, less data preprocessing by humans, produce more accurate results • Swarm technology: collective behavior of decentralized, self-organized systems, natural or artificial - Already used in drones and fledgling robotics devices Artificial Intelligence Overview of AI technologies Source: Cellstrat 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 4
  • 5. Machine Learning • Supervised: given inputs (knowledge and data) and outputs to learn from and provide predictions : Classification problems - lots of training data and feedback from humans • Large data sets – Labeled & Unlabeled • Volume, velocity and variety of data are key • Unsupervised: explores input data without being given explicit outputs and detect anomalies: Optimisation problems • Dimensionality reduction - Association & Clustering of "normal" and "abnormal" entities • Reinforcement learning: learning to perform a task by maximizing reward signals about how well it is performing • Don’t have a lot of training data • Can’t clearly define an end state Overview of ML underlying technologies Source: Saagie 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 5
  • 6. • Supervised: get reliable data set • For last 20 years, e.g. in network attack detection - MIT LARIAT data set is biased • Consequences • Difficulty in training algorithms • Inability to derterministically label data • Difficult cleaning data • Can resulting in false positives • Unsupervised • Difficult to explain the clusters • Difficult to take expert knowledge into account • Resulting in challenges in finding anomalies in data sets Machine Learning Attention points 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 6 Source: EY
  • 7. • Explainability • Understand what DL actually learned • Legal challenges • Verifiability • Verifiability of detections • Interpretation of output • Data quality and Bias • Not enough or no quality labelled data • Data cleanliness issues: timestamps, normalization across fields, etc. • Bad understanding of the data to engineer meaningful features • In cybersecurity, data is prone to adversarial input • Knowledge • AI solutions depend directly on the qualifications of people developing the models • Understanding the business, the maths, and IT • No well trained domain experts and data scientists to oversee the implementation Deep Learning Attention points 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 7
  • 8. AI in cybersecurity 2 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 8
  • 9. Red and Blue AI • AI versus AI cybersecurity competition DARPA "Grand Challenge” • 2013-2016 – 55M$ event, 3,75M$ prize Winner: Mayhem – its code is now used by the Pentagone and US Defense in war zones • Attack, Defend (Run services and Patch (which created most of problems)) • Red AI is AI based Cybercrime • Next Level Threats (NLT’s) based Cyberattacks. This means cyberattacks which are using artificial intelligence, machine learning and robotics in combination to make attacks even harder to detect and fight against. • Difficult to assess the level of this risk • Most example in the next slidebelow are at the research stage • Could some be already available from the Darkweb ? • Blue Ai is Defensive AI New risks demand new controls 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 9
  • 10. Red AI • Malware creation: speed up creation & Enhance evasive capabilities • Customized undetectable malware using Elon Musk's OpenAI (2017 Defcon) • Extension on polymorphic malware: modify code on the fly based on how and what has been detected in the environment • Smart botnets • Self learning botnets: actions based on local intelligence and exchanges between botnets • Smarter zombies: act without the botnet C&C instructions • Advanced spear phishing: text-to-speech, speech recognition, and natural language processing (NLP) for smarter social engineering • Train on genuine emails and make convincing scams • “Automated End2End spear phishing on Twitter”: success rate varying between 30 and 60 % (Black Hat USA 2016) • Counter threat intelligence • DDoS TI: raising the noise floor generates a lot of false positives to common machine learning models -> once a target recalibrates its system to filter out the false alarms, the attacker can launch a real attack that can get by the defensive ML • Unauthorised access: Breaking current CAPTCHA (98% success) • Poisoning machine learning engines • 2017: convolutional neural networks (CNNs) attacked to produce false (but controlled) results through CNNs like Google, Microsoft, and AWS • Using AI to classify victims and optimize RoI • Condition based Cyberattacks e.g. Cyberattacks using Blockchain based smart contracts 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 10 H(igh) – M(edium) – L(ow) risk S(hort) – M(iddle) – L(ong) term Estimations H – S M – M H – S M – M M – S M – S ? – S M – S
  • 11. Blue AI Source: Raffael Marty AI seems to be the best defense against Red AI • Is this a new frontier of information warfare ? Most probably the asymmetric, instantaneous nature of cyberattacks demand the adoption of autonomous defense systems that could act in response to an attack in an early stage • Wannacr, NotPetya etc. • This will probably generate an AI arms race – what will be the consequences in the long term, especially as big government actors join the cyber wars • Resources will be key: money, expertise, processing capabilities, access to « big data » - e.g. Google’s Chronicle service offering could impact radically the Blue AI industry with : • Speed and Scale: massive compute and storage to create more intelligence out of security-related • Enhance Human Abilities: ML capabilities to find patterns in huge volumes of data that aren’t easily spotted by humans Most Blue AI uses a mix of different technologies such as • Classification identifies which category a new piece of data belongs to • Anomaly detection trained on a historical data set then look for anything new or unusual • An anomaly might not be a malicious activity • Training needs to be refreshed regularly, since employees, networks, and other systems change over time. • Cluster analysis looks at a much larger variety of factors and behaviors than a human can, and update the clusters in real time • still usually takes a human to look at the clusters or anomalies and determine what they mean 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 11
  • 12. • Malware detection: use large collection of software that's already been divided into malware and legitimate applications, and tell whether a previously unseen app is malicious • Google: ML to analyze threats against mobile endpoints • Microsoft: multi layered (endpoint & cloud), multi ML endpoint defense • Anti Spam • Intrusion Detection & Prevention • Characterizes the network traffic, and automatically generates signatures for blocking the attack • Deep neural networks can create a model to detect attacks with strong accuracy • Vulnerability management: identifying, prioritizing and helping to remediate existing vulnerabilities • User and Entity Behavior Analytics (UEBA): based on analysis of network traffic, internal and external behaviors, data access and a wide range of other functions and activities. • Data classification: ease compliance with data privacy and data protection regulations • Amazon Macie automates tracking the data to identify, classify and protect sensitive pieces of information such as personally identifiable information (PII), personal health information (PHI), regulatory documents, API keys, secret key material and intellectual property • Cyber Threat Intelligence (CTI): behavior categorization for Threat Intelligence • Arizona State University uses machine learning to monitor traffic on the dark web to identify data relating to zero-day exploits • New generation of honeypots Blue AI Source: Infotechlead 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 12
  • 13. • Automated remediation • For the recommendations that carry the lowest risk to the company, or that offer the highest benefit • DARPA 2016 Grand Challenge • Orchestration framework • Allows one security system to trigger an action on a different system, without requiring a human intervention (e.g. log into individual systems and manually execute commands) • Will demand that “basics” practices are in place, such as security playbooks • Intrusion Detection & Prevention - Autonomous incident response • Watch as security professionals deal with security issues • Gather enough historical data to make meaningful predictions • Intrusion Detection & Prevention - Automatic self assessment and remediation: learn attack behaviors that can evade Intrusion Detection Systems (IDS), thereby enabling the automated creation of data from which an IDS system can learn • Automated pen-testing • Blockchain could enhance data integrity, digital identities, enable safer IoT devices to prevent DDoS attacks, etc. Blue AI emerging usages Some in R&D, other already provided by start-ups 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 13 Source: Microsoft
  • 14. Thoughts on solutions Brief look into commercial cybersecurity with AI solutions 3 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 14
  • 15. • Cloud, Blockchain, and now AI ? • “Cool” products have to have AI • AI is Math (advanced and new application of Statistics) • not software • AI cybersecurity solutions depend directly on the qualifications of people developing the models • Data scientists, often PhDs in Math and Computer Science, sometimes with (pending) pattent • And Cybersecurity experts, with knowledge of Cyber Threats and the most appropriate types of defenses • Hence not limited to IT development profiles • Scarcity of the profiles • Hiring and retaining is a major challenge • Industry, projects and compensation (incl. equities) are key • Salaries for Data scientists are sky rocking, and not all companies can compete • Start-up are more able to provide equities to top talent but less able to • Develop mature piece of software with this cutting edge technology • Have access to big data Quantum leap of AI software Difficulty to develop AI solutions Source: Wikipedia 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 15
  • 16. CISO’s shopping list 80+ companies securing the future with AI Source: CB Insights Anti Fraud & Identity Management: secure online transactions by identifying fraudsters, e.g. ML proactively detects fraud in financial transactions or fraudulent users on websites and in mobile Mobile Security: e.g. identify and grade risky behavior in mobile apps including known and unknown malware, new malware used in targeted attacks, corporate data ex-filtration, and intellectual property exposure, mostly cloud based Predictive Intelligence: e.g. predictive and preventive security against advanced cyber threats with predictive execution modeling Behavioral Analytics / Anomaly Detection: detect anomalous behavior from insiders and external threats in organizations’ systems and networks in order detect cyber-attacks, e.g. with digital fingerprints from an end-user’s behavior through monitored keystrokes, mouse behavior, and anomaly detection Automated Security: e.g. automate security tasks across 100+ security products and weave human analyst activities and workflows together Cyber-Risk Management: More focus on defining cyber risk appetite and cyber risk tolerance, to better enable business considering the cost of security controls App Security: securing applications e.g. By helping developers secure applications by finding, fixing, and monitoring web, mobile, and networks against current and future vulnerabilities, with formal analysis and machine learning IoT Security: e.g. AI-powered asset-protection software for the safety, security, and reliability of the IoT; machine learning to identify hidden recording devices or transmitters in a conference room, and allow for a preemptive response to data theft. Deception Security: e.g. proactively deceiving and disrupting in progress attacks by detecting and fighting cyber attacks by creating a neural network of thousands of fake computers, devices, and services that act like a fog and work under the supervision of machine learning algorithms.
  • 17. A few points to look at Looking into relying on AI ? • Asses your threats and risks – are AI based solutions the best answers to some of them ? • What is your current maturity in cybersecurity ? Up to where can you climb the ladder from detective, preventative or even predictive controls? • How does it learn ? • Learning ‘on the job’ within the user’s environment or the provider’s ? • What volume of data is required ? How often is retraining needed ? • What's the mechanism for collaboration with human ranking ? • What are the error rates ? • False positive, and false negative • Is the error rate acceptable to achieve detection ? Automatic remediation ? • Can it detect, cluster, classify and make predictions that • (complexity) would not have been possible by humans alone, and • (scale) reduce the amount of human intervention and analysis required, • (latency) in a timeframe not achievable by humans only ? • Consider the risks of an AI solution - AI security is still nascent, as its control framework • Data input validation issues are not uncommon • What are the risks of DL models ? Of black box proprietary solutions? 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 17
  • 18. SO WHAT ? Takeaways for the ordinary CISO 4 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 18
  • 19. What conclusions for your cybersecurity strategy ? • Stressed and stretched IT security teams look to automation of cybersecurity tasks for relief • Orchestration and integration of existing cybersecurity solutions is also necessary • Scarcity of cybersecurity experts look for support from augmented (AI to support humans) if not autonomous intelligent (AI without humans) to increase efficiency, and be able to meet more complex, massive and time sensitive threats • Evolution of the role of cybersecurity staff • Use the complex enterprise context to ascertain the results of AI systems • Human intervention will most probably be required to provide specific expert knowledge or when an action can have severe consequences • AI solutions should be fully integrated and consistent with the existing Cybersecurity and IT processes to be efficient • Ensure cyber risk management is fully integrated into Operational Risks • Some change management might be required to benefit fully from the expected Innovation and quality improvement and cost reduction • Do AI cybersecurity systems bring new risks ? Can we compensate with existing controls or do we need to develop new ones ? People, Process and Technology wide Source: BDO Global 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 19
  • 20. Much more work required in this nascent field 5 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 20
  • 21. AI • Understand skills and training that are going to be necessary • Enable responsible widespread use of data by defining a framework of interoperable anonymized data • Define a framework to assess and test AI safety AI in cybersecurity • Define a framework to assess use of AI by cybersecurity threat actors • Define an AI security risk framework • Define an associated set of AI security controls • Define a framework to assess and test AI based cybersecurity solutions • Define an implemental maturity model for AI based cybersecurity solutions Further ICON work could focus on Across 2018 - 2019 Source: NIST AI projects 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 21
  • 22. Contact us@ Olivier Busolini busolivier@protonmail.com This presentation was created in my personal capacity. The opinions expressed in this document are mine only, and do not necessarily reflect the view of my employer. All right reserved to the author. Additionnal sources Accenture Autonomous Research Cybersecurity intelligence CSO Online Defcon 2018 AI Village Microsoft NIST Raffael Marty Rodney Brooks Thanks to Reto Aeberhardt (EY) Jan Tietze (Cylance) Godefroy Riegler David Doret Fabian Gentinetta-Parpan (Vectra) 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 22
  • 23. Peek into the use of AI in Financial Services 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 23
  • 24. • AI is expected to change the jobs landscape - Deleting certain jobs and creating others – helping focus on more added value activities • Dealing with millennials • Jobs relying on empathy and ability to connect could be impacted by AI - Which as a higher Emotional Quotient, AI or humans ? • Lots of work ongoing to enhance EQ in agents • Front desk jobs will be impacted by chatbots (caution with past backslahes – interesting customer support results rate for Swedbank’s Chatbot Nina), voice assistants or automated authentication • Operations roles will be impacted by RPA (JP Morgan’s contract intelligence platform COIN saved more 360,000 man hours of contracts analysis) • Finance controls and compliance roles will be impacted by AI based Anti-Money-Laundering, Anti-Fraud, Compliance and Monitoring tools • Credit Scoring agents extracts insights from data on contracts, past spending and future income to provide a range of credit decisions – particularly sensitive to bias and explainability • Automatic advise (e.g. Financial advisers of Morgan Stanley) • Algorithmic Trading and Investments leverage greater and more diverse sources of information, which are feeding into trading models (e.g. Black Rock, JPMorgan and Citibank) AI in Banking Some business cases 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 24
  • 25. • AI explainability will most probably be required by regulations • Accountability and reputational risks • Error rates create reputational risk • Might need compensating controls • Current market adoption of AI is driven by the risk appetite of the company, that seems to be directly related to its size and competitive environment • Maturity of the banking industry in cybersecurity should ease the securisation of AI • Most of ML is powered by exchange of data with Cloud based technologies AI in Banking And attention points 14/09/2018 ICON 2018 - Overview of AI in Cybersecurity - All rights reserved 25