Security in the age of artificial intelligenceHow A.I. will make our world more secure … or vulnerable

Filip Maertens (Faction XYZ) ● filip@faction.xyz

Artificial Intelligence

The various disciplines in artificial intelligence (‘A.I.’)

Deep Belief Networks

Computer Vision

Audio Signal Processing

Natural Language

How intelligent is artificial intelligence today ?

5 year old ?

How intelligent is artificial intelligence today ?

Some of the things we are working on. Our projects.

• LookingatsensorsonawristbandandlearnwhenahumanislikelytoshowsignsofdepressionorPTSD

• Lookingatcardata(CANBUS)andpredictwhatcarpartsarelikelytofailintheforeseeablefuture

• BuildingatransferlearningnetworkthatisabletomakecookingrecipesbylookingatYouTubevideos

• Basedonsmartphonehandling,buildapersonalprofileforauthenticationpurposes

• Buildinganaturallanguageprocessingenginethatiscapableofgeneratingnaturallanguagetodialoguewith

humancounterparts

• LearnhowhumanshandleanapplicationanddynamicallychangetheflowsothattheUXevolvesandbecomes

morenaturalwithoutadditionaldevelopmenttime

Basics in machine learning

The basics of learning

• Learningistheprocessofimproving withexperience atsometask

• Improving overtask,T

• Withrespecttoperformancemeasure,P

• Basedonexperience, E

Learning how to filter spam

T =IdentifyspamemailsP =%offilteredspamemailsvs%offilteredhamemailsE =adatabaseofemailsthatwerelabelledbyusers/experts

The basics of machine learning

Sensors, cameras, databases, firewall,

IDS, email, etc.

Measuring devices

Noise filtering, Feature Extraction,

Normalization

Preprocessing

Feature selection, feature projection

Dimensionality reduction

Classification, regression, clustering, description

Model learning

Cross validation, bootstrap

Model testing

P

Supervised UnsupervisedVS

Target / outcome is knownclassification – regression

probability distribution in statistics, P(X/Y)

Target / outcome is unknownclustering – decomposition

density estimation in statistics, P(X,Y)

Introducing machine learning to cyber security

New computing paradigm requires new approaches

New threats are rapidly emerging

…

US$ 19Trillion in global GDP due to the Internet of

Everything by 2020

Cisco & GE US$ 300Billion incremental revenue by 2020

Gartner

40.9billion

connected devices by 2020

155million

connected cars by 2020

100million connected light bulbs

by 2020

+1trillion

connected sensors by 2020

2.5billion

smartphones by 2020

$12billion

wearable market size by 2020

New data paradigm is growing exponentially

Observed, real time, signal data Declared, structured data

VS

An evolution towards intelligent defenses

Computing & Data Paradigm

Detection Paradigm

1980s 1990s 2010 2016 +

Local computing

environment

Networked computing

environment

Big data and batch

processing

Ubiquitous data

streaming

Rule based detection

Rule & Heuristic

detection

Rule, Heuristics

and ML

Deep Learning, ML

and […]

More scalabilityand adaptability is

required !

Applying machine learning to security domains

Behavioral analytics

SupervisedUnsupervised

Continuous

Batch

Insider threat

detection

Network anomaly

detection

C2 detection

Spam Filtering

Malware Detection

Ruleset Generation

Network Traffic

Profiling

IOT security

Emerging security solutions by machine learning

Detecting and blocking hacked IOT devices

Preventing execution of malicious software and files

Light-weight prediction and classification models that can run on low powered

computing devices (“on-chip”) according to edge computing principles.

Example: CyberX, PFP Cybersecurity, Dojo-Labs

High performance classification of multi-dimensional data points.

Example: Phantom, Jask, Siemplify, Cyberlytic

Improving Security Operating Center (SOC) Operational Efficiency

Extract new features from unknown files and detect even the slightest code

mutations.

Example: Cylance, Deep Instinct, Invincea

Emerging security solutions by machine learning

Quantifying Cyber Risks

Process and classify millions of data points to build predictions on risk and

formulate the best possible mitigation practices.

Example: Brightsight, myDRO, Security Scorecard

Network Traffic Anomaly Detection

Analyzing millions of meta-data points, both of internal and external networks;

learn baseline patterns and uncover breaking patterns.

Example: DarkTrace, BluVector, Vectra Networks

Data Leak Prevention

AI capabilities to automatically classify information might, brings a new

generation of DLPs.

Example: Harvest.ai, NeoKami

Next generation security solutions with deep learning

Context Aware Security

Use data enriching and profiling to identify contradictory elements in a transaction of

a user.

Example: Brightwolf (Stealth)

Implicit Behavioral or Continuous Authentication

Learning and analyzing how handling of a smartphone or other device is considered

to be acceptable/normal or not.

Example: BioCatch, Bionym, BehavioSec

MANY MORE

The temporary state of affairs

Unsupervised learning helps to cluster new and emerging patterns

Human experts review, label and classify this new intelligence

Supervised learning retrains models with the new intelligence

General weaknesses of machine learning

Find and exploit weaknesses before or during the feature extraction or dimensionality reduction phase

Mimicry Attacks: Two different faces, yet OK result

Future attacks techniques might target human experts and coerce them to “wrongly” train classification systems

Degrade the classification system by persistent feeding with decoy data to decrease quality of training data

GDPR: When laws clash with machine learning

Right to be forgottenRight to

explanationAutomated individual

decision making

Hard to explain. How can decisions (predictions) be explained, when they

are the result of complex neural networks, which are black boxes ?

Beyond 2020

Tomorrow’s attackers may very well be A.I. driven

Genetic Algorithms (GA) to find best malware fitness

for maximum damage

Self Organizing Maps (SOM) to remove centralized C&C

structures

Deep Fuzzing that automatically finds complex

vulnerabilities

RNNs perform Mimicry Attacks to bypass AI driven

behavioral detections

Use game theory principles to define target outcome T, and use machine learning techniques to maximize the

AUC (“Area Under ROC Curve”)

A.I. are better, faster and more intelligent to engage in adversarial

activities, including warfare

Help. Autonomous systems!

Morality systems. An answer to deep cyber security challenges

Morality. Morality systems are required to keep A.I. systems in check and provide a framework to match with desirable outcomes.

Survivability. Even when an autonomous system is hacked, we expect these degraded systems to be able to still make potentially moral decisions by themselves.

Security in the age of artificial intelligenceHow A.I. will make our world more secure and vulnerable

Filip Maertens (Faction XYZ) ● filip@faction.xyz