SlideShare ist ein Scribd-Unternehmen logo

AI & ML in Cyber Security - Why Algorithms are Dangerous

Raffael Marty
Raffael Marty

This document discusses the dangers of using algorithms in cybersecurity. It makes three key points: 1) Algorithms make assumptions about the data that may not always be valid, and they do not take important domain knowledge into account. 2) Throwing algorithms at security problems without proper understanding of the data and algorithms can be dangerous and lead to failures. 3) A Bayesian belief network approach that incorporates domain expertise may be better suited for security tasks than purely algorithmic approaches. It allows modeling relationships between different factors and computing probabilities.

Internet
1 von 41
Downloaden Sie, um offline zu lesen
BlackHat USA | August 2018 AI & ML IN CYBERSECURITY Why Algorithms Are Dangerous RAFFAEL MARTY Vice President of Corporate Strategy, Forcepoint Copyright © 2018 Forcepoint.
A BRIEF SUMMARY We don’t have artificial intelligence (yet) Algorithms are getting ‘smarter’, but experts are more important Stop throwing algorithms on the wall - they are not spaghetti Understand your data and your algorithms Invest in people who know security (and have experience) Build systems that capture “export knowledge” Think out of the box, history is bad for innovation Focus on advancing insights Copyright © 2018 Forcepoint. | 2
RAFFAEL MARTY Sophos PixlCloud Loggly Splunk ArcSight IBM Research Security Visualization Big Data ML & AI SIEM Corp Strategy Leadership Zen Copyright © 2018 Forcepoint. | 3
OUTLINE STATISTICS, MACHINE LEARNING & AI Defining the concepts THE ALGORITHMIC PROBLEM Understanding the data and the algorithms AN EXAMPLE Let’s get practical 01 02 03 Copyright © 2018 Forcepoint. | 4
STATISTICS MACHINE LEARNING & ARTIFICIAL INTELLIGENCE 01 Copyright © 2018 Forcepoint. | 5
“Companies are throwing algorithms on the wall to see what sticks (see security analytics market)” “Everyone calls their stuff ‘machine learning’ or even better ‘artificial intelligence’ - It’s not cool to use statistics!” Copyright © 2018 Forcepoint. | 6
ML AND AI – WHAT IS IT? MACHINE LEARNING Algorithmic ways to “describe” data Supervised We are giving the system a lot of training data and it learns from that Unsupervised We give the system some kind of optimization to solve (clustering, dim reduction) DEEP LEARNING A “newer” machine learning algorithm Eliminates the feature engineering step Explainability / verifiability issues DATA MINING Methods to explore data – automatically ARTIFICIAL INTELLIGENCE “Just calling something AI doesn’t make it AI.” “A program that doesn't simply classify or compute model parameters, but comes up with novel knowledge that a security analyst finds insightful.” We don’t have artificial intelligence (yet)
WHAT “AI” DOES TODAY KICK A HUMAN'S ASS AT GO DESIGN MORE EFFECTIVE DRUGS MAKE SIRI SMARTER Copyright © 2018 Forcepoint. | 8
MACHINE LEARNING USES IN SECURITY SUPERVISED Malware classification Deep learning on millions of samples - 400k new malware samples a day Has increased true positives and decreased false positives compared to traditional ML Spam identification MLSec project on firewall data Analyzing massive amounts of firewall data to predict and score malicious sources (IPs) UNSUPERVISED DNS analytics Domain name classification, lookup frequencies, etc. Threat Intelligence feed curation IOC prioritization, deduplication, … Tier 1 analyst automation Reducing workload from 600M raw events to 100 incidents* User and Entity Behavior Analytics (UEBA) Uses mostly regular statistics and rule-based approaches * See Respond Software Inc. Copyright © 2018 Forcepoint. | 9
THE ALGORITHMIC PROBLEM UNDERSTANDING THE DATA AND THE ALGORITHMS02 Copyright © 2018 Forcepoint. | 10
FAMOUS AI (ALGORITHM) FAILURES http://neil.fraser.name/writing/tank/ PENTAGON - AI FAIL
WHAT MAKES ALGORITHMS DANGEROUS? ALGORITHMS MAKE ASSUMPTIONS ABOUT THE DATA Assume ‘clean’ data (src/dst confusion, user feedback, etc.) Often assume a certain type of data and its distribution Generally don’t deal with outliers Machine learning assumes enough, representative data Need contextual features (e.g., not just IP addresses) Assume all input features are ‘normalized’ the same way ALGORITHMS ARE TOO EASY TO USE THESE DAYS (TENSORFLOW, TORCH, ML ON AWS, ETC.) The process is more important than the algorithm (e.g., feature engineering, supervision, drop outs, parameter choices, etc.) ALGORITHMS DO NOT TAKE DOMAIN KNOWLEDGE INTO ACCOUNT Defining meaningful and representative distance functions, for example e.g., each L4 protocol exhibits different behavior. Train it separately. e.g., interpretation is often unvalidated - beware of overfitting and biased models. Ports look like integers, they are not, same is true for IPs, processIDs, HTTP return codes, etc. Copyright © 2018 Forcepoint. | 13
WHAT MAKES ALGORITHMS DANGEROUS? https://betterhumans.coach.me/cognitive-bias-cheat-sheet-55a472476b18 SAMPLE BIAS KNOWLEDGE BIAS HISTORY BIAS CONFIRMATION BIAS AVAILABILITY BIAS CORRELATION BIAS Copyright © 2018 Forcepoint. | 14
COGNITIVE BIASES How biased is your data set? How do you know? Only a single customer’s data Learning from an ‘infected’ data set Collection errors Missing data (e.g., due to misconfiguration) What’s the context the data operates in? FTP although generally considered old and insecure, isn’t always problematic Don’t trust your IDS (e.g. “UDP bomb”)
THE DANGERS WITH DEEP LEARNING – WHEN NOT TO USE IT Not enough or no quality labelled data Data cleanliness issues (timestamps, normalization across fields, etc.) Bad understanding of the data to engineer meaningful features (e.g., byte stream for binaries) Data is prone to adversarial input DATA No well trained domain experts and data scientists to oversee the implementation A need to understand what ML actually learned (explainability) Verifiability of output Interpretation of output MACHINE LEARNING DETECTIONS EXPERT KNOWLEDGE Copyright © 2018 Forcepoint. | 16
ADVERSARIAL MACHINE LEARNING An example of an attack on deep learning Copyright © 2018 Forcepoint. | 17
EXAMPLE LET’S GET PRACTICAL03 Copyright © 2018 Forcepoint. | 18
FINDING ANOMALIES / ATTACKS IN NETWORK TRAFFIC Given: Network communications (i.e., netflow) Task: Find anomalies / attacks ? Copyright © 2018 Forcepoint. | 19
DEEP LEARNING – THE SOLUTION TO EVERYTHING DEEP LEARNING PROMISES A FEW THINGS: ‘Auto’ feature extraction High accuracy of detections AND WE SATISFY SOME REQUIREMENTS: Lots of data available BUT: A single record does not indicate good/bad BUT: Not enough ‘information’ within flows – need context BUT: No labels available MOST SECURITY PROBLEMS CAN’T BE SOLVED WITH DEEP LEARNING or supervised methods in general Copyright © 2018 Forcepoint. | 20
UNSUPERVISED TO THE RESCUE? Can we exploit the inherent structure within the data to find anomalies and attacks? Clustering traffic to find outliers 1. Clean the data 2. Engineer distance functions 3. Figure out the right algorithm 4. Apply the correct algorithmic parameters 5. Data interpretation Copyright © 2018 Forcepoint. | 21
1. UNDERSTAND AND CLEAN THE DATA dest port! Port 70000? src ports! http://vis.pku.edu.cn/people/simingchen/docs/vastchallenge13-mc3.pdf
2. ENGINEERING DISTANCE FUNCTIONS Distance functions define the similarity of data objects Need domain-specific similarity functions URLs (simple levenshtein distance versus domain based?) Ports (and IPs, ASNs) are NOT integers Treat user names as categorical, not as strings outlier?! Copyright © 2018 Forcepoint. | 23
3. CHOOSING THE RIGHT UNSUPERVISED ALGORITHM CLUSTERING ALGORITHMS K-means Affinity Propagation (AP) DBScan t-SNE CRITERIA TO CHOOSE AN ALGORITHM Dimensionality of data “Shape” of data Intrinsic algorithm workings Algorithm convergence or speed http://hdbscan.readthedocs.io/en/latest/comparing_clustering_algorithms.html Different algorithms find different / more or less clusters Copyright © 2018 Forcepoint. | 24
4. CHOOSING THE CORRECT ALGORITHM PARAMETERS The dangers of not understanding algorithmic parameters t-SNE clustering of network traffic from two types of machines perplexity = 3 epsilon = 3 No clear separation perplexity = 3 epsilon = 19 3 clusters instead of 2 perplexity = 93 epsilon = 19 What a mess Copyright © 2018 Forcepoint. | 25
4. CHOOSING THE CORRECT ALGORITHM PARAMETERS And this is when it gets dangerous Access decisions / enforcements based on cluster membership Copyright © 2018 Forcepoint. | 26
5. INTERPRETING THE DATA We analyze network traffic. The graph shows an abstract space (X and Y axes have no specific meaning). Each dot represents a device on the network. Colors represent machine-identified clusters. Interpretation questions: What are these clusters? What are good clusters? What’s anomalous? Where are compromised machines / attackers? Copyright © 2018 Forcepoint. | 27
A DIFFERENT APPROACH - PROBABILISTIC INFERENCE Rather than running algorithms that model the shape of data, we need to take expert knowledge / domain expertise into account “What is the probability that it is raining, given the grass is wet?”: 35.77% Introducing Belief Networks Models that represent the state of the ‘world’ Helps us make predictions and reason about the world A graph rather than huge joint distribution tables across all states Using Bayes theorem to calculate ‘belief’ Could use ML to learn graph structure (nodes and edges), but it’ll get too unwieldy and non-interpretable! Copyright © 2018 Forcepoint. | 28
BAYESIAN BELIEF NETWORK 1ST STEP – BUILD THE GRAPH Device is Compromised New protocol seen Is using port 23? Connecting from suspicious IP Mistake in IP classification Connecting to suspicious IP Connection to newly registered domain Has known vulnerabilities Open port 53 Shows up with new OS Machine got update to new OS Device is in maintenance mode Not seen for a week Sent huge amount of data in short period of time Protocol mismatch Seen encrypted traffic on port 23 1. What’s our objective? 2. What behaviors can we observe? 4 What are observable factors that reduce uncertainty of the central inference (of device compromised) 4 Observations should not be locally dependent – they should be true across all customers / environments 4 Do we have that data? 4 Do we need context for it?
BAYESIAN BELIEF NETWORK 2ND STEP – GROUP NODES Device is Compromised Suspicious Host State Anomalous Network Behavior Host is Tunneling Data Threat Intelligence Hinting at Compromise Suspicious Protocol Usage New protocol seen Is using port 23? Has never used SSH before Connecting from suspicious IP Mistake in IP classification Connecting to suspicious IP Connection to newly registered domain Has known vulnerabilities Open port 53Shows up with new OS Machine got update to new OS Device is in maintenance mode Not seen for a week Sent huge amount of data in short period of time Protocol mismatch Seen encrypted traffic on port 23 Complexity of this network is too high. We cannot computer all the conditional probabilities. Therefore we need to introduce “grouping nodes”.
BAYESIAN BELIEF NETWORK 3RD STEP – INTRODUCE DEPENDENCIES Device is Compromised Suspicious Host State Anomalous Network Behavior Host is Tunneling Data Threat Intelligence Hinting at Compromise Suspicious Protocol Usage New protocol seen Is using port 23? Has never used SSH before Connecting from suspicious IP Mistake in IP classification Connecting to suspicious IP Connection to newly registered domain Machine got update to new OS Device is in maintenance mode Not seen for a week Sent huge amount of data in short period of time Protocol mismatch Seen encrypted traffic on port 23 Has known vulnerabilities Open port 53Shows up with new OS Relationships between observations Conditional dependencies
BAYESIAN BELIEF NETWORK 4TH STEP – ESTIMATE PROBABILITIES NODE PROBABILITIES 4 P(Protocol mismatch) = 0.01 OR “very low” 4 P(Seen encrypted traffic on port 23) = 0.01 OR “very low” 4 P(Host is Tunnelling Data) = 0.01 OR ”very low” Expert Knowledge Host is Tunneling Data Protocol mismatch Seen encrypted traffic on port 23 CONDITIONAL PROBABILITIES 4 Our belief network teaches us: “Tunnelling is not independent of seeing port 23 traffic” 4 P(Tunnelling | Enc. Port 23 Traffic) = (P(Enc. Port 23 | Tunnelling) * P(Tunnelling)) / P(Enc. Port 23) Copyright © 2018 Forcepoint. | 32 More precise than in pervious formula JOINT PROBABILITIES 4 Multiple factors lead to Tunnelling, not just one 4 P(Tunnelling | Enc. Port 23 AND Proto mismatch) = (P(Enc. Port 23 AND Proto mismatch | Tunnelling) * P(Tunnelling)) / P(Enc Port 23 AND Proto mismatch) Protocol mismatch Seen encrypted traffic on port 23
BAYESIAN BELIEF NETWORK 5TH STEP – GOAL COMPUTATION Device is Compromised Suspicious Host State Anomalous Network Behavior Host is Tunneling Data Threat Intelligence Hinting at Compromise Suspicious Protocol Usage The probability that we have a compromised device is the joint and conditional probability over all the ‘group nodes’ Copyright © 2018 Forcepoint. | 33
Machine got update to new OS Open port 53Shows up with new OS Anomalous Network Behavior BAYESIAN BELIEF NETWORK 6TH STEP – OBSERVE ACTIVITIES Device is Compromised Host is Tunneling Data Threat Intelligence Hinting at Compromise Suspicious Protocol Usage New protocol seen Is using port 23? Has never used SSH before Connecting from suspicious IP Mistake in IP classification Connecting to suspicious IP Connection to newly registered domain Device is in maintenance mode Not seen for a week Sent huge amount of data in short period of time Protocol mismatch Seen encrypted traffic on port 23 Suspicious Host State Has known vulnerabilities 0.4 0.3 0.2
Open port 53 Anomalous Network Behavior BAYESIAN BELIEF NETWORK 6TH STEP – OBSERVE ACTIVITIES Device is Compromised Host is Tunneling Data Threat Intelligence Hinting at Compromise Suspicious Protocol Usage New protocol seen Is using port 23? Has never used SSH before Connecting from suspicious IP Mistake in IP classification Connecting to suspicious IP Connection to newly registered domain Device is in maintenance mode Not seen for a week Sent huge amount of data in short period of time Protocol mismatch Seen encrypted traffic on port 23 1. Update the ‘observation nodes’ in the network with observation (what we find in the logs) 2. Re-compute probabilities on the connected nodes ✓✓ ✗ Suspicious Host State Machine got update to new OS Has known vulnerabilitiesShows up with new OS 0.5 0.1 0.7
BAYESIAN BELIEF NETWORK 7TH STEP – EXPERT INPUT Strengthen the network by introducing expert knowledge Pose any combinations of ‘observations’ and ‘group’ nodes as questions to experts Asking meaningful questions is an art and requires expert knowledge You will find that it matters how you named your nodes to define good questions Question Expert Answer What’s the probability that device is compromised and I have highly suspicious network behavior and nothing on threat intelligence 0.3 Probability that host is in suspicious state, given that port 53 is open, brand new OS 0.1 How likely is it that we see a connection to a newly registered domain and we see port 23 traffic? 0.01 Etc. Note how this is not a full joint probability over only a subset of the group nodes. We can have questions across observational nodes of different groups as well
BELIEF NETWORKS – SOME OBSERVATIONS Iterative process of adding more nodes, grouping, adding expert input, etc. Graph allows for answering many questions – e.g., sensitivity analysis Do not determine the probabilities on the observation nodes with historic data. It is only accurate for scenarios that were included in data – how do you know your data covered all scenarios? Each problem requires the definition of a graphs based on expert input A generic “Network Traffic” graph is hard to build and train Not every FTP is bad Poor network practice -> e.g., using unencrypted protocols like FTP Thanks Chris @ respond-software.com for all your help! Biggest benefit of belief networks is that the learned knowledge can be verified and extracted!
Copyright © 2018 Forcepoint. | 40 IN SUMMARY
RECOMMENDATIONS Start with defining your use-cases, not choosing an algorithm ML is barely ever the solution to your problem Use ensembles of algorithms Teach the algos to ask for input – if it’s unsure, have it ask an expert rather than making a decision on its own Make sure models keep up with change and forget old facts that are not relevant anymore Do you need white lists / black lists for your algos to not go haywire? Verify your models - use visualization to help with that Share your insights with your peers – security is not your competitive advantage GDPR – transparency on what data is collected and used for decisions “The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.”
BLACK HAT SOUNDBITES “Algorithms are getting ‘smarter’, but experts are more important” “Understand your data, your algorithms, and your data science process” “History is not a predictor – but knowledge is”
http://slideshare.net/zrlram @raffaelmarty QUESTIONS? Copyright © 2018 Forcepoint. | 43

Empfohlen

How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
Robert Smith
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
NUS-ISS
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITY
Priyanshu Ratnakar
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for Security
Raffael Marty
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in Cybersecurity
Pratap Dangeti
 
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
Raffael Marty
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurity
scoopnewsgroup
 

Empfohlen

How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
Robert Smith
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
NUS-ISS
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITY
Priyanshu Ratnakar
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for Security
Raffael Marty
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in Cybersecurity
Pratap Dangeti
 
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
Raffael Marty
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurity
scoopnewsgroup
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19
Francesco Flammini
 
Use of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika UniversityUse of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika University
Avantika University
 
Artificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityArtificial Intelligence for Cyber Security
Artificial Intelligence for Cyber Security
Priyanshu Ratnakar
 
Siem ppt
Siem pptSiem ppt
Siem ppt
kmehul
 
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
Infosec
 
Security and Privacy of Machine Learning
Security and Privacy of Machine LearningSecurity and Privacy of Machine Learning
Security and Privacy of Machine Learning
Priyanka Aash
 
Artificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityArtificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for Cybersecurity
Dr David Probert
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
Graham Mann
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
RajathV2
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
Forcepoint LLC
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
Cyphort
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Umesh Dhital
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
Anton Chuvakin
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
Olivier Busolini
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the Day
Interset
 

Weitere ähnliche Inhalte

Was ist angesagt?

Artificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityArtificial Intelligence for Cyber Security
Artificial Intelligence for Cyber Security
Priyanshu Ratnakar
 
Artificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityArtificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for Cybersecurity
Dr David Probert
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Umesh Dhital
 

Was ist angesagt? (20)

Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19
 
Use of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika UniversityUse of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika University
 
Artificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityArtificial Intelligence for Cyber Security
Artificial Intelligence for Cyber Security
 
Siem ppt
Siem pptSiem ppt
Siem ppt
 
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
 
Security and Privacy of Machine Learning
Security and Privacy of Machine LearningSecurity and Privacy of Machine Learning
Security and Privacy of Machine Learning
 
Artificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityArtificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for Cybersecurity
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 

Ähnlich wie AI & ML in Cyber Security - Why Algorithms are Dangerous

icon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptxicon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptx
yugandharadahiphale2
 
icon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptxicon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptx
yugandharadahiphale2
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Ulf Mattsson
 
BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6
Rod Soto
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
Ulf Mattsson
 
Smart Data Webinar: Machine Learning Update
Smart Data Webinar: Machine Learning UpdateSmart Data Webinar: Machine Learning Update
Smart Data Webinar: Machine Learning Update
DATAVERSITY
 
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
Mark Underwood
 

Ähnlich wie AI & ML in Cyber Security - Why Algorithms are Dangerous (20)

Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the Day
 
icon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptxicon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptx
 
icon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptxicon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptx
 
[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics
 
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big risk
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
 
BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
A Journey Through The Far Side Of Data Science
A Journey Through The Far Side Of Data ScienceA Journey Through The Far Side Of Data Science
A Journey Through The Far Side Of Data Science
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Saama Presents Is your Big Data Solution Ready for Streaming
Saama Presents Is your Big Data Solution Ready for StreamingSaama Presents Is your Big Data Solution Ready for Streaming
Saama Presents Is your Big Data Solution Ready for Streaming
 
Smart Data Webinar: Machine Learning Update
Smart Data Webinar: Machine Learning UpdateSmart Data Webinar: Machine Learning Update
Smart Data Webinar: Machine Learning Update
 
Endpoint Modeling 101 - A New Approach to Endpoint Security
Endpoint Modeling 101 - A New Approach to Endpoint SecurityEndpoint Modeling 101 - A New Approach to Endpoint Security
Endpoint Modeling 101 - A New Approach to Endpoint Security
 
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
 
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
 

Mehr von Raffael Marty

Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Raffael Marty
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
Raffael Marty
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are Dangerous
Raffael Marty
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and Visualization
Raffael Marty
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
Raffael Marty
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty
 
Cyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock InsightCyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock Insight
Raffael Marty
 

Mehr von Raffael Marty (20)

Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security Data
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
 
Security Chat 5.0
Security Chat 5.0Security Chat 5.0
Security Chat 5.0
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are Dangerous
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and Visualization
 
Security Insights at Scale
Security Insights at ScaleSecurity Insights at Scale
Security Insights at Scale
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
 
Big Data Visualization
Big Data VisualizationBig Data Visualization
Big Data Visualization
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for Security
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
 
DAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization LinuxDAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization Linux
 
Cloud - Security - Big Data
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big Data
 
Cyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock InsightCyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock Insight
 

Kürzlich hochgeladen

VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
 
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
nilamkumrai
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
SUHANI PANDEY
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
nilamkumrai
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
SUHANI PANDEY
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
SUHANI PANDEY
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
tanu pandey
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
soniya singh
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
 

Kürzlich hochgeladen (20)

VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 

AI & ML in Cyber Security - Why Algorithms are Dangerous

  • 1. BlackHat USA | August 2018 AI & ML IN CYBERSECURITY Why Algorithms Are Dangerous RAFFAEL MARTY Vice President of Corporate Strategy, Forcepoint Copyright © 2018 Forcepoint.
  • 2. A BRIEF SUMMARY We don’t have artificial intelligence (yet) Algorithms are getting ‘smarter’, but experts are more important Stop throwing algorithms on the wall - they are not spaghetti Understand your data and your algorithms Invest in people who know security (and have experience) Build systems that capture “export knowledge” Think out of the box, history is bad for innovation Focus on advancing insights Copyright © 2018 Forcepoint. | 2
  • 3. RAFFAEL MARTY Sophos PixlCloud Loggly Splunk ArcSight IBM Research Security Visualization Big Data ML & AI SIEM Corp Strategy Leadership Zen Copyright © 2018 Forcepoint. | 3
  • 4. OUTLINE STATISTICS, MACHINE LEARNING & AI Defining the concepts THE ALGORITHMIC PROBLEM Understanding the data and the algorithms AN EXAMPLE Let’s get practical 01 02 03 Copyright © 2018 Forcepoint. | 4
  • 5. STATISTICS MACHINE LEARNING & ARTIFICIAL INTELLIGENCE 01 Copyright © 2018 Forcepoint. | 5
  • 6. “Companies are throwing algorithms on the wall to see what sticks (see security analytics market)” “Everyone calls their stuff ‘machine learning’ or even better ‘artificial intelligence’ - It’s not cool to use statistics!” Copyright © 2018 Forcepoint. | 6
  • 7. ML AND AI – WHAT IS IT? MACHINE LEARNING Algorithmic ways to “describe” data Supervised We are giving the system a lot of training data and it learns from that Unsupervised We give the system some kind of optimization to solve (clustering, dim reduction) DEEP LEARNING A “newer” machine learning algorithm Eliminates the feature engineering step Explainability / verifiability issues DATA MINING Methods to explore data – automatically ARTIFICIAL INTELLIGENCE “Just calling something AI doesn’t make it AI.” “A program that doesn't simply classify or compute model parameters, but comes up with novel knowledge that a security analyst finds insightful.” We don’t have artificial intelligence (yet)
  • 8. WHAT “AI” DOES TODAY KICK A HUMAN'S ASS AT GO DESIGN MORE EFFECTIVE DRUGS MAKE SIRI SMARTER Copyright © 2018 Forcepoint. | 8
  • 9. MACHINE LEARNING USES IN SECURITY SUPERVISED Malware classification Deep learning on millions of samples - 400k new malware samples a day Has increased true positives and decreased false positives compared to traditional ML Spam identification MLSec project on firewall data Analyzing massive amounts of firewall data to predict and score malicious sources (IPs) UNSUPERVISED DNS analytics Domain name classification, lookup frequencies, etc. Threat Intelligence feed curation IOC prioritization, deduplication, … Tier 1 analyst automation Reducing workload from 600M raw events to 100 incidents* User and Entity Behavior Analytics (UEBA) Uses mostly regular statistics and rule-based approaches * See Respond Software Inc. Copyright © 2018 Forcepoint. | 9
  • 10. THE ALGORITHMIC PROBLEM UNDERSTANDING THE DATA AND THE ALGORITHMS02 Copyright © 2018 Forcepoint. | 10
  • 11.
  • 12. FAMOUS AI (ALGORITHM) FAILURES http://neil.fraser.name/writing/tank/ PENTAGON - AI FAIL
  • 13. WHAT MAKES ALGORITHMS DANGEROUS? ALGORITHMS MAKE ASSUMPTIONS ABOUT THE DATA Assume ‘clean’ data (src/dst confusion, user feedback, etc.) Often assume a certain type of data and its distribution Generally don’t deal with outliers Machine learning assumes enough, representative data Need contextual features (e.g., not just IP addresses) Assume all input features are ‘normalized’ the same way ALGORITHMS ARE TOO EASY TO USE THESE DAYS (TENSORFLOW, TORCH, ML ON AWS, ETC.) The process is more important than the algorithm (e.g., feature engineering, supervision, drop outs, parameter choices, etc.) ALGORITHMS DO NOT TAKE DOMAIN KNOWLEDGE INTO ACCOUNT Defining meaningful and representative distance functions, for example e.g., each L4 protocol exhibits different behavior. Train it separately. e.g., interpretation is often unvalidated - beware of overfitting and biased models. Ports look like integers, they are not, same is true for IPs, processIDs, HTTP return codes, etc. Copyright © 2018 Forcepoint. | 13
  • 14. WHAT MAKES ALGORITHMS DANGEROUS? https://betterhumans.coach.me/cognitive-bias-cheat-sheet-55a472476b18 SAMPLE BIAS KNOWLEDGE BIAS HISTORY BIAS CONFIRMATION BIAS AVAILABILITY BIAS CORRELATION BIAS Copyright © 2018 Forcepoint. | 14
  • 15. COGNITIVE BIASES How biased is your data set? How do you know? Only a single customer’s data Learning from an ‘infected’ data set Collection errors Missing data (e.g., due to misconfiguration) What’s the context the data operates in? FTP although generally considered old and insecure, isn’t always problematic Don’t trust your IDS (e.g. “UDP bomb”)
  • 16. THE DANGERS WITH DEEP LEARNING – WHEN NOT TO USE IT Not enough or no quality labelled data Data cleanliness issues (timestamps, normalization across fields, etc.) Bad understanding of the data to engineer meaningful features (e.g., byte stream for binaries) Data is prone to adversarial input DATA No well trained domain experts and data scientists to oversee the implementation A need to understand what ML actually learned (explainability) Verifiability of output Interpretation of output MACHINE LEARNING DETECTIONS EXPERT KNOWLEDGE Copyright © 2018 Forcepoint. | 16
  • 17. ADVERSARIAL MACHINE LEARNING An example of an attack on deep learning Copyright © 2018 Forcepoint. | 17
  • 18. EXAMPLE LET’S GET PRACTICAL03 Copyright © 2018 Forcepoint. | 18
  • 19. FINDING ANOMALIES / ATTACKS IN NETWORK TRAFFIC Given: Network communications (i.e., netflow) Task: Find anomalies / attacks ? Copyright © 2018 Forcepoint. | 19
  • 20. DEEP LEARNING – THE SOLUTION TO EVERYTHING DEEP LEARNING PROMISES A FEW THINGS: ‘Auto’ feature extraction High accuracy of detections AND WE SATISFY SOME REQUIREMENTS: Lots of data available BUT: A single record does not indicate good/bad BUT: Not enough ‘information’ within flows – need context BUT: No labels available MOST SECURITY PROBLEMS CAN’T BE SOLVED WITH DEEP LEARNING or supervised methods in general Copyright © 2018 Forcepoint. | 20
  • 21. UNSUPERVISED TO THE RESCUE? Can we exploit the inherent structure within the data to find anomalies and attacks? Clustering traffic to find outliers 1. Clean the data 2. Engineer distance functions 3. Figure out the right algorithm 4. Apply the correct algorithmic parameters 5. Data interpretation Copyright © 2018 Forcepoint. | 21
  • 22. 1. UNDERSTAND AND CLEAN THE DATA dest port! Port 70000? src ports! http://vis.pku.edu.cn/people/simingchen/docs/vastchallenge13-mc3.pdf
  • 23. 2. ENGINEERING DISTANCE FUNCTIONS Distance functions define the similarity of data objects Need domain-specific similarity functions URLs (simple levenshtein distance versus domain based?) Ports (and IPs, ASNs) are NOT integers Treat user names as categorical, not as strings outlier?! Copyright © 2018 Forcepoint. | 23
  • 24. 3. CHOOSING THE RIGHT UNSUPERVISED ALGORITHM CLUSTERING ALGORITHMS K-means Affinity Propagation (AP) DBScan t-SNE CRITERIA TO CHOOSE AN ALGORITHM Dimensionality of data “Shape” of data Intrinsic algorithm workings Algorithm convergence or speed http://hdbscan.readthedocs.io/en/latest/comparing_clustering_algorithms.html Different algorithms find different / more or less clusters Copyright © 2018 Forcepoint. | 24
  • 25. 4. CHOOSING THE CORRECT ALGORITHM PARAMETERS The dangers of not understanding algorithmic parameters t-SNE clustering of network traffic from two types of machines perplexity = 3 epsilon = 3 No clear separation perplexity = 3 epsilon = 19 3 clusters instead of 2 perplexity = 93 epsilon = 19 What a mess Copyright © 2018 Forcepoint. | 25
  • 26. 4. CHOOSING THE CORRECT ALGORITHM PARAMETERS And this is when it gets dangerous Access decisions / enforcements based on cluster membership Copyright © 2018 Forcepoint. | 26
  • 27. 5. INTERPRETING THE DATA We analyze network traffic. The graph shows an abstract space (X and Y axes have no specific meaning). Each dot represents a device on the network. Colors represent machine-identified clusters. Interpretation questions: What are these clusters? What are good clusters? What’s anomalous? Where are compromised machines / attackers? Copyright © 2018 Forcepoint. | 27
  • 28. A DIFFERENT APPROACH - PROBABILISTIC INFERENCE Rather than running algorithms that model the shape of data, we need to take expert knowledge / domain expertise into account “What is the probability that it is raining, given the grass is wet?”: 35.77% Introducing Belief Networks Models that represent the state of the ‘world’ Helps us make predictions and reason about the world A graph rather than huge joint distribution tables across all states Using Bayes theorem to calculate ‘belief’ Could use ML to learn graph structure (nodes and edges), but it’ll get too unwieldy and non-interpretable! Copyright © 2018 Forcepoint. | 28
  • 29. BAYESIAN BELIEF NETWORK 1ST STEP – BUILD THE GRAPH Device is Compromised New protocol seen Is using port 23? Connecting from suspicious IP Mistake in IP classification Connecting to suspicious IP Connection to newly registered domain Has known vulnerabilities Open port 53 Shows up with new OS Machine got update to new OS Device is in maintenance mode Not seen for a week Sent huge amount of data in short period of time Protocol mismatch Seen encrypted traffic on port 23 1. What’s our objective? 2. What behaviors can we observe? 4 What are observable factors that reduce uncertainty of the central inference (of device compromised) 4 Observations should not be locally dependent – they should be true across all customers / environments 4 Do we have that data? 4 Do we need context for it?
  • 30. BAYESIAN BELIEF NETWORK 2ND STEP – GROUP NODES Device is Compromised Suspicious Host State Anomalous Network Behavior Host is Tunneling Data Threat Intelligence Hinting at Compromise Suspicious Protocol Usage New protocol seen Is using port 23? Has never used SSH before Connecting from suspicious IP Mistake in IP classification Connecting to suspicious IP Connection to newly registered domain Has known vulnerabilities Open port 53Shows up with new OS Machine got update to new OS Device is in maintenance mode Not seen for a week Sent huge amount of data in short period of time Protocol mismatch Seen encrypted traffic on port 23 Complexity of this network is too high. We cannot computer all the conditional probabilities. Therefore we need to introduce “grouping nodes”.
  • 31. BAYESIAN BELIEF NETWORK 3RD STEP – INTRODUCE DEPENDENCIES Device is Compromised Suspicious Host State Anomalous Network Behavior Host is Tunneling Data Threat Intelligence Hinting at Compromise Suspicious Protocol Usage New protocol seen Is using port 23? Has never used SSH before Connecting from suspicious IP Mistake in IP classification Connecting to suspicious IP Connection to newly registered domain Machine got update to new OS Device is in maintenance mode Not seen for a week Sent huge amount of data in short period of time Protocol mismatch Seen encrypted traffic on port 23 Has known vulnerabilities Open port 53Shows up with new OS Relationships between observations Conditional dependencies
  • 32. BAYESIAN BELIEF NETWORK 4TH STEP – ESTIMATE PROBABILITIES NODE PROBABILITIES 4 P(Protocol mismatch) = 0.01 OR “very low” 4 P(Seen encrypted traffic on port 23) = 0.01 OR “very low” 4 P(Host is Tunnelling Data) = 0.01 OR ”very low” Expert Knowledge Host is Tunneling Data Protocol mismatch Seen encrypted traffic on port 23 CONDITIONAL PROBABILITIES 4 Our belief network teaches us: “Tunnelling is not independent of seeing port 23 traffic” 4 P(Tunnelling | Enc. Port 23 Traffic) = (P(Enc. Port 23 | Tunnelling) * P(Tunnelling)) / P(Enc. Port 23) Copyright © 2018 Forcepoint. | 32 More precise than in pervious formula JOINT PROBABILITIES 4 Multiple factors lead to Tunnelling, not just one 4 P(Tunnelling | Enc. Port 23 AND Proto mismatch) = (P(Enc. Port 23 AND Proto mismatch | Tunnelling) * P(Tunnelling)) / P(Enc Port 23 AND Proto mismatch) Protocol mismatch Seen encrypted traffic on port 23
  • 33. BAYESIAN BELIEF NETWORK 5TH STEP – GOAL COMPUTATION Device is Compromised Suspicious Host State Anomalous Network Behavior Host is Tunneling Data Threat Intelligence Hinting at Compromise Suspicious Protocol Usage The probability that we have a compromised device is the joint and conditional probability over all the ‘group nodes’ Copyright © 2018 Forcepoint. | 33
  • 34. Machine got update to new OS Open port 53Shows up with new OS Anomalous Network Behavior BAYESIAN BELIEF NETWORK 6TH STEP – OBSERVE ACTIVITIES Device is Compromised Host is Tunneling Data Threat Intelligence Hinting at Compromise Suspicious Protocol Usage New protocol seen Is using port 23? Has never used SSH before Connecting from suspicious IP Mistake in IP classification Connecting to suspicious IP Connection to newly registered domain Device is in maintenance mode Not seen for a week Sent huge amount of data in short period of time Protocol mismatch Seen encrypted traffic on port 23 Suspicious Host State Has known vulnerabilities 0.4 0.3 0.2
  • 35. Open port 53 Anomalous Network Behavior BAYESIAN BELIEF NETWORK 6TH STEP – OBSERVE ACTIVITIES Device is Compromised Host is Tunneling Data Threat Intelligence Hinting at Compromise Suspicious Protocol Usage New protocol seen Is using port 23? Has never used SSH before Connecting from suspicious IP Mistake in IP classification Connecting to suspicious IP Connection to newly registered domain Device is in maintenance mode Not seen for a week Sent huge amount of data in short period of time Protocol mismatch Seen encrypted traffic on port 23 1. Update the ‘observation nodes’ in the network with observation (what we find in the logs) 2. Re-compute probabilities on the connected nodes ✓✓ ✗ Suspicious Host State Machine got update to new OS Has known vulnerabilitiesShows up with new OS 0.5 0.1 0.7
  • 36. BAYESIAN BELIEF NETWORK 7TH STEP – EXPERT INPUT Strengthen the network by introducing expert knowledge Pose any combinations of ‘observations’ and ‘group’ nodes as questions to experts Asking meaningful questions is an art and requires expert knowledge You will find that it matters how you named your nodes to define good questions Question Expert Answer What’s the probability that device is compromised and I have highly suspicious network behavior and nothing on threat intelligence 0.3 Probability that host is in suspicious state, given that port 53 is open, brand new OS 0.1 How likely is it that we see a connection to a newly registered domain and we see port 23 traffic? 0.01 Etc. Note how this is not a full joint probability over only a subset of the group nodes. We can have questions across observational nodes of different groups as well
  • 37. BELIEF NETWORKS – SOME OBSERVATIONS Iterative process of adding more nodes, grouping, adding expert input, etc. Graph allows for answering many questions – e.g., sensitivity analysis Do not determine the probabilities on the observation nodes with historic data. It is only accurate for scenarios that were included in data – how do you know your data covered all scenarios? Each problem requires the definition of a graphs based on expert input A generic “Network Traffic” graph is hard to build and train Not every FTP is bad Poor network practice -> e.g., using unencrypted protocols like FTP Thanks Chris @ respond-software.com for all your help! Biggest benefit of belief networks is that the learned knowledge can be verified and extracted!
  • 38. Copyright © 2018 Forcepoint. | 40 IN SUMMARY
  • 39. RECOMMENDATIONS Start with defining your use-cases, not choosing an algorithm ML is barely ever the solution to your problem Use ensembles of algorithms Teach the algos to ask for input – if it’s unsure, have it ask an expert rather than making a decision on its own Make sure models keep up with change and forget old facts that are not relevant anymore Do you need white lists / black lists for your algos to not go haywire? Verify your models - use visualization to help with that Share your insights with your peers – security is not your competitive advantage GDPR – transparency on what data is collected and used for decisions “The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.”
  • 40. BLACK HAT SOUNDBITES “Algorithms are getting ‘smarter’, but experts are more important” “Understand your data, your algorithms, and your data science process” “History is not a predictor – but knowledge is”