Artificial Intelligence in Cyber SecurityPanacea, Pandora's Box or Nothing New under the Sun?

October 1st, 12:20-13:00

2

3Photo by Hitesh Choudhary on Unsplash

4Photo by Louis Hansel on Unsplash

5Photo by Alex Knight on UnsplashPhoto by Jens Johnsson on Unsplash

6Photo by Todd Quackenbush on Unsplash

7

Deep learning

Machine learning Random forest

K-nearest neighbors

Genetic algorithms

Linear regression

Logistic regression

Markov chainsNeural networks

Natural Language Processing

Reinforcement

learning

Techniques for narrow AI (AI Bingo!)

Machine learning

8

UnsupervisedSupervised

Pre-labeled

‘ground truth’

Discover

commonalities &

outliers

Today’s services and products with narrow AI tools• Personal assistants

• Recommendation services

• Autonomous vehicles

• Data (image, audio, video, text) recognition/generation

9

• Large datasets of adequate quality

• Algorithms to create a model or existing models to ‘learn’ and act

AI ingredients

• Large processing capacity

10

11Photo by Maarten van den Heuvel on Unsplash

AI in cyber security

AI: Cyber security activities cheaper and at scale

12

Marginal costs

Scale Scale

Performance

13 Defender has advantage

Attacker has advantage

Human

vulnerabilityTechnical

vulnerability

Titel | Datum14Photo by Olav Ahrens Røtne on Unsplash

Existing cyber security challenges

Automated vulnerability detection

15Photo by Chris Ried on Unsplash

Automated vulnerability detection with AI

• Examples:- Learning the patterns of security vulnerabilities directly from code using natural

language processing (NLP) (Russell et al. 2018)

- Automated software vulnerability detection with machine learning (Harer et al. 2018) - Machine Learning Methods for Software Vulnerability Detection (Chernis, Verma 2018)

- Pattern-Based Vulnerability Discovery (Yamaguchi 2015)

16

Vulnerability dataset

Feature extraction

Train model Apply to code

Update classifierStatic

analysisDynamic analysis

Automated vulnerability detection with AI

• Benefits both attackers and defenders

• Reliable vulnerability datasets for training are a challenge

• AI is an addition to existing working methods

17

18Photo by Marc A on Unsplash

Mass scale spear phishing

Mass scale spear phishing with AI

• Automatically acquire targets through social media mining

• Automatically create spear phishing message based on social media content

• Example:- Generative Models for Spear Phishing Posts on Social

Media (Seymour and Tully 2018)

19

Mass scale spear phishing with AI

• Attackers benefits

• Targets human vulnerability

• Economies of scale for the attacker

• Detection of automatically generated text? (GLTR)

Titel | Datum20

Network and host based detection

21

Network and host based detection with AI

• Detection usually based on profiles of ‘normal behavior’ given a certain context

• Defining outliers with unsupervised learning is still a challenge

• Useful to prioritize possible anomalies and to increase detection rates through human-computer cooperation (SIEM/SOC)

22

23 Photo by Olav Ahrens Røtne on Unsplash

New cyber security challenges caused by AI

Deepfakes: social engineering on steroids

24

https://ThisPersonDoesNotExist.com/

Social engineering on steroids

25

Social engineering with AI

• Mostly used: generative adversarial networks

• Costs of model creation decreasing rapidly

• Deepfake detection is challenging

• Human authentication more important than ever!

26

Automated hacking and patching

27

Cyber Grand Challenge

AI as an attack vector

28Photo by Simon Zhu on Unsplash

AI as an attack vector (poisoning)

29

AI as an attack vector

30

Photo by Michael Sum on Unsplash

CAT

Photo by Berkay Gumustekin on Unsplash

Dog

AI as an attack vector

31

Photo by Michael Sum on Unsplash

CAT

Photo by Michael Sum on Unsplash

DOG

Details: Explaining and harnessing adversarial examples (Goodfellow et al 2015)

Add specific noise

AI as an attack vector – options

• Evade AI detection

• Skew training models (poisoning)

• Steal models

• AI software vulnerabilities

32

Key take aways

Titel | Datum33

•AI supplements and strengthens existing measures and

provides new opportunities for automation

•AI brings advantages for attack and defense

•AI isn’t a panacea or a Pandora’s box

Photo by Lodewijk Hertog on Unsplash