ia et cyber security mythe ou réalité? - swisscom · exemple d'intelligence artificielle...
TRANSCRIPT
IA et Cyber Securitymythe ou réalité?
Swisscom DialogueExperience 2019
Duilio Hochstrasser : Moderation
Tarek Amiri: Security Officer, Swisscom Group Security
Alessandro Trivilini, Head of SUPSI Digital Forensics Lab
SUPSI: Scuola universitaria professionale della Svizzera italiana
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic
2
?
Paysage des menaces en Suisse
4
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic
5
La menace est réelleSwisscom, chaque mois
20Incident de sécurité critiques Swisscom CSIRT
2'500Compte login compromis
3'000Campagnes des Phishing bloquées
2'100'000Tentatives d'attaques
Structure du radar
6
Radar des menaces2019
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic
3D-Printing
Workplace Diversity
Insider ThreatDevice Theft
Drones & Robots Infrastructure Masconfiguration
Decentralised Development
SCADA
IoT DevicesSecurity job marketIoT-Based DDos
Digitalisation
SubscriberCompromisation
AI/Analytics
Political Influence
DigitalIdentity
Destabilising / Centralisation
Automatisation & Scaling
All IPIncreased Complexity
QuantumComputing
Ransomware
Targeted Attacks (APT)
5G SecurityInfrastructureIntegrity
TendenceAujourd'hui
• 4 anneaux: actualité de la menace
• 7 segments, domaines
• Source des informations
- Attaques et incidents
- Analyse du marché
• Tendances & Vitesse
IA et Cyber defence / attaques
7
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic
8
Main pillars
Cyber security: from the garden to the forest … of data
Cultural change
Interdisciplinarity cyber education
Definition of common testing hubs
Continuous education
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic
• Cyber security as a new business economy
• Incident response approach as agile cultural behavior
From tracking to recognition approach
• Machine learning
• Behavior pattern recognition
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic
9
Threat Detection & Response
Everything is changed from regulatory perspectives
• 25 May 2018 GDPR (General Data Protection, EU)
• 26 June 2018 NIS (Network and Information
Security, EU)
• 23 November 2018 Guidelines 3/2018 on the
territorial scope of the GDPR (Article 3)
"Predictive technologies"
• companies
• law enforcement agencies
"Existing approaches"
• not suitable for complex threats
10
AI & Big Data for cyber threats predictionSw
issc
om
Dia
log
ue
20
19
Cyb
er S
ecu
rity
, 8 m
ai
20
19
, C1
Pu
bli
c
11
Fiction or reality?
Machine learning Prevention Prediction
BIG DATA hybrid scenario
Connectivity
and mobility
AI
Virtualization
and IoT
Artificial
intelligence
Quantum
computing
Augmented
humans
2003 2015 2020 2030
Deeplearning
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic
12
AI and Big Data applied by strikers
The strength and the effectiveness of
(non) responses
• Precision and methodology
• Preparation
• Discipline
• Skillsstrikers
Big Data + AI
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic
Example: one e-mail of spear phishing
Profiling target
• Continuous feedback
− Positive (get money from ransom)
− Negative (do not answer)
− Indifference
Attacker
13
AI and Big Data (not) applied by defenders
Weakness, lack of data sharing and
inefficiency of strategies
• Little or no investments
• Obsolete training
• Security as a tool and not as a process (by design)
• Poor partnerships and data sharing
Example: one e-mail of spear phishing suffered
Profiling target
• Omerta and closing
• Scare of reputation
• Silence
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic
Big Data + AI
Defender
14
Creation of a cyber range public private partnership
New common cyber education courses
By participating to a research international
By providing real cases for educational projects and bachelor/master thesis
How?
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic
Exemple d'intelligence artificielle dans la cyber sécurité
15
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic
16
Exemple Security Analytics & Machine Learning Une "intelligence" sur mesure pour la Suisse
Scenario
Page WEB Phishing
Attaquant Mail Phishing User
https://login.sso.bluew!n.ch/...
Phishing Inspectorwith machine learning
Prevention & Detection pour ce sénario
Security Analytics& Detection
Security response
Threat intelligence security community
Identify
Detect
Protect
Respond
Recover
Web Proxy
Mail System
Mail Security
Use Case
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic
User
Focus Suisse avec Machine Learning
• 70 éléments
• 2 heures
• > 97% pages détectés
• 85–95% inconnus
17
Detection de Phishing : Chaque minute compte
Swisscom Abuse
Mailbox
Swisscom DNS
Network Proxy
Phisherman
BluewinHoneypots
Swisscom Mail Services
Other Phishing Inspector
www.antiphishing.ch
(MELANI)
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic
18
2018 2019
Intelligence Artificielle & Targeted attacksEstimation et approches de la défense
Download comingin March
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic
https://www.swisscom.ch/fr/business/enterprise/downloads/security.html
https://bit.ly/2DWnUHp
19
Questions?
Swis
sco
m D
ialo
gu
e 2
01
9 C
yber
Se
curi
ty, 8
ma
i 2
01
9, C
1 P
ub
lic