2. Agenda
• Artificial Intelligence
• Industries and Jobs
• Adoption
• Drivers and variations
• Machine Learning
• Training Types
• Deep Learning
• Implementation & Products
• Internet of Things (IoT)
• Issues with IoT
• Attacks
• Security Analytics
• Usage of Data
• Advantages, Disadvantages, Recommendation & Conclusion
• Summary
• Q & A
2
5. What is AI?
1:a branch of computer science dealing with the simulation of intelligent
behavior in computers
2:the capability of a machine to imitate intelligent human behavior
• AI Effect Problems already resolved are considered not AI.
• Originally coined by Standard computer scientist in 1956
• https://en.wikipedia.org/wiki/Artificial_intelligence
5
6. Continued (1)..
• AI is a science and technology based on disciplines such as:
• Data science
• Biology
• Psychology
• Mathematics
• Engineering
• Linguistics
6
7. Continued (2)..
• The main goal of AI is to create technology that allows
computers and machines to function in an intelligent manner.
Following are the problems AI tries to resolve:
• Learning
• Natural Language Processing
• Reasoning and problem solving
• Planning
• Creativity
• Social Intelligence
• General Intelligence
• Knowledge representation
• Perception
• Motion and manipulation 7
8. Around Us
• Product Recommendation Amazon, Netflix
• Natural language translation Google, Microsoft
• Spam detection Google, Yahoo, MS, FB, Twitter
• Siri Apple’s personal assistant
• Games Call of Duty and Far Cry
• Customer Support Chat Bots
8
11. Regional Adoption
• TAQNIA can automatically detect and monitor unusual
activities across vast amounts of terrain using Simularity AI
software
• Dubai Electricity and Water Authority use AI to answer
customer enquiries in both English and Arabic, through a 24-
hour chatbot.
• AI Gernas – Drone for traffic mgmt.
11
12. AI Jobs
• Manufacturing workers (19%)
• Banking (18%)
• Construction (10%)
• Public transport (9%)
• Financial analysis (9%)
• Insurance companies (8%)
• Taxi Drivers (7%)
• Farming (6%)
• Policing/Security (5%)
• Healthcare/hospitals (4%)
• Science (4%)
http://uk.businessinsider.com/industries-most-under-threat-from-artificial-intelligence-2017-6/#11-science-4-1
Oxford University study predicted 47% of jobs could be automated by 2033.
12
15. Key Drivers
• Computing performance and speed
• Advances in the implementation of Algorithms
• Ease of collecting data
15
16. AI Variations
• Strong AI Simulate the actual human intelligence (Not Yet)
• Weak AI Exhibit certain criteria but not all (Deep Blue)
• AI between Inspired by human reasoning (IBM Watson)
• General AI Ability to reason in general (Solve any problem)
• Narrow AI Machines designed for specific purpose (Many)
16
19. What is ML?
19
In a 2015 report, ISACA defined machine learning as:
The use of computing resources that have the ability to learn (acquire and apply
knowledge and skills that maximize the chance of success). These cognitive systems
have the potential to learn from business related interactions and deliver
evidence-based responses to transform how organizations think, act and operate.
http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/innovation-insights.aspx
21. Malware Detection
• From Incident Response
• Is a file or event malicious? (Yes, No)
• If malicious, what type of malware is it? (Trojan, Worm, etc.)
• How can I quantify the risks of the attach? (High, Medium, Low)
• How can I determine if the attack is part of a larger campaign against
my infrastructure? (APT, spear phishing)
• How likely am I to get hit again? (Next hour, week, month) 21
22. Traditional Approaches
• Static
• Packet, file type and size
• Static property signatures
• Scalable but lacks coverage
• Behavioral
• Manually create “behavioral signatures”
• Better coverage, but not always scalable
• Reputation
• “Crowdsourcing” the detection
• Can’t detect targeted threats
22
31. Machine Learning Flow
• Data Collection Collecting data ahead of time
• Data Cleaning Combining multiple data source, normalize
• Generate features Max info is extracted from the data
• Model Supervised / Unsupervised Learning
• Label events output
• Use feedback to improve model 31
33. Deep Learning
• Study of artificial neural networks and related machine
learning algorithms that contain more than one hidden layer
• Type of machine learning inspired by the connections
between neurons in the human brain. Researchers developed
a man-made imitation of this biological connectivity known as
artificial neural networks (commonly known as neural nets).
• Deep learning can use both the common supervised learning
technique and the more complex and cutting edge alternative
of unsupervised learning.
33
37. Continued (2)
• Common considerations include whether the tool will be a
standalone solution or integrated with an SIEM.
• It can also be part of a security operations center (SOC)
with red and blue teams harnessing it or another layer in the
architecture where resources are tight.
• It can be connected through a network switch SPAN port and
collect the data
• A stand-alone server or VM with lots of training data, huge
processing power & python
https://securityintelligence.com/why-machine-learning-is-an-essential-tool-in-the-cisos-arsenal/
37
38. Implementation Approach
• Use case definition Determine the requirement you would
want to address (phishing, privilege users, malware, etc.)
• Pick Organization subsets For PoC, pick couple of
departments from company
• Get Source access Solutions need access to certain files, to
operate
• Understand the results ML solutions deliver probabilistic
results based on a percentage. The solution must provide
supporting evidence when it flags an event so that analysts can
act on it.
38
39. Choosing a AI Vendor
• Vendor is using ML or AI ( Strong, Narrow)
• Technology used for Machine Learning (Deep learning,
Reinforcement)
• Limits of vendor’s ML
• Maintenance cost of ML Technology
https://www.csoonline.com/article/3211594/machine-learning/how-artificial-intelligence-fits-into-cybersecurity.html
39
41. Issues with ML
• ML is bad when there’s massive variation in the data that makes
training useless.
• Like any other technology, machine learning is not something
you can install once and forget about. You need to assure
continuous training with new datasets
• If data is not reviewed, attack code can be injected in to a
dataset.
• If normal behavior is not defined properly, attack is missed due
to false positive
41
42. ML Summary
• Machine learning is a type of artificial intelligence that enables
computers to detect patterns and establish baseline behavior
using algorithms that learn through training or observation.
• Ideal for detecting insider threats, zero day attacks coupled
with behavioral analysis machine learning is able to process
and analyze vast amounts of data that are simply impractical
for humans.
• Know your data. Without applying domain expertise to your
dataset, the result will be an overload of alerts and false
positives.
42
45. Growth of IoT
• The IoT’s growth will in turn drive an exponential rise in the
volumes of data being generated.
• IDC estimating that the number of devices connected to the
Internet will surge from 11 billion in 2016 to 80 billion in 2025
• Generating 180 zettabytes of data every year, up from 4.4
zettabytes in 2013 and 44 zettabytes in 2020.
https://www.pwc.com/gx/en/industries/communications/assets/pwc-ai-and-iot.pdf
45
46. IoT Devices
• Smartphones
• Tablets
• Smart TVs
• Smart Lighting Systems
• Smart HVAC Systems
• Security Cameras and Systems
• Wireless Keyboards
• Wireless Mouses'
• Wireless Headsets
• DVRs
• Smart Cameras
• MiFi-like Routers and Hotspots 46
47. Security Issues..
• Encryption IoT & Cloud is open
• Authentication Unsecure end points
• Firmware updates Outdated version
• Privacy Personal data is readily available
• Web interface Prone to SQL & cross-site scripting
• Backdoor Poorly developed system
https://www.networkworld.com/article/3200030/internet-of-things/researchers-find-gaps-in-iot-security.html
47
48. Attack on IoT Devices
• Continuously scan the internet for the IP address of Internet
of things (IoT) devices.
• Using a table of more than 60 common factory default
usernames and passwords, and logs into them to infect them
with the Mirai malware.
• This piece of malicious code took advantage of devices
running out-of-date versions of the Linux kernel and relied on
the fact that most users do not change the default
usernames/passwords on their devices
• Took down GitHub, DYN, Netflix, Krebs, Twitter, and a number
of other major websites
48
51. IoT Summary
• Access controls for IoT devices
• Endpoint devices has to be hardened
• Information flow control has to be controlled
• Encryption between IoT and Cloud has to be with SSL/TLS
• Vendor patches to be rigorously tested and applied
• Authentication has to strong
• Data collected for AI need to be protected
51
53. Too Much of Data
• The global median time from compromise to discovery has
dropped significantly from 146 days in 2015 to 99 days 2016,
but it is still not good enough.
• So it still takes 99 days to fix a critical vulnerability.
• Big Data is differentiated from traditional technologies in three
ways: the amount of data (volume), the rate of data generation
and transmission (velocity), and the types of structured and
unstructured data (variety)
https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html
53
54. Security Detection
• 1st Generation IDS
• Layered security
• Prevention impossible
• 2nd Generation Security Information & Event Management
(SIEM)
• Present actionable information to security analyst
• Correlate alerts from different IDS sensors
• 3rd Generation Security Analytics for Security
• Contextual security analytics
• Long-term correlation
https://www.infosecurity-magazine.com/opinions/big-data-security-privacy/
54
57. Security Analytics Summary
• Time to Respond
• Key Arsenal for Incident Responders
• Integrate with existing security products
• Continuous feedback
• Know to reduce False Positives
57
59. Advantages
• User Behavior Analysis (UBA)
• Data Theft
• Prediction of Threats
• Risk Assessment
• Management of data
• Anomaly Detection
• Better Incident Response
59
http://www.securityweek.com/role-artificial-intelligence-cyber-security
60. Disadvantages
• Limitations of Data (CIA)
• AI driven ransomware/malware
• Privacy of Data
• Legal aspects of data analysis
• Unable to predict the possibilities
60
61. Recommendation
• The four critical steps they can take to do this are:
• Define a clear strategy on the expectations and value from the
AI systems. This should be clear and approved by the board.
• Perform a risk assessment that highlights the financial,
regulatory, brand reputation implications from a malfunction in
the AI system.
• Recognize clearly that the Business requires a strategic Security
& Privacy posture for the AI system to fully transform the
business.
• Intelligent systems have to be Cyber resilient to support the
intelligent systems, without which there is more potential for a
negative impact as opposed to the intended positive value from
AI systems. 61
62. Conclusion
• Synergy. Program computers to do the grunt work and leave
humans to the decision-making, incident management and
follow-up.
• AI is not a silver bullet. Experts suggest using it to automate
mundane and repetitive tasks, not as a replacement for human
judgment.
• Hackers are still using old standbys—stealing passwords, simple
malware, social engineering, etc. AI-generated attacks in the wild
aren’t (yet) common.
62
https://youtu.be/TnUYcTuZJpM