Inteligencia Artificial para frenar el ciber espionaje y la ciber delincuencia

PatternEx | April 2017

1

2

••••

3

•»»»

•••••

4

User authentication

Applications

Endpoints

Network

Servers

PATTERNEX CONFIDENTIAL 5http://techstory.in/security-operations-center/

PATTERNEX CONFIDENTIAL 6

Detection Investigation ResponseBuild knowledge

7

8

•»»

•»

•»»»

•»»

9

••

»»

•

10

•»

oo

»

…

•»

11

12http://www.zonalider.com/tecnologia/no-es-broma-el-zapatofono-del-super-agente-86-sera-una-realidad

••

13

•»»

•»

»

•»

»

•»»

14

a3q4lz8p.comz29e4az.com19wbl12.comb2vql89i.como39elba8.com

google.com

twitter.com

default allow

baddomain.com block

... ...

lastbadomain.com blockz29e4az.com

15

••

»»

•»»»

16

••••••

17http://inside-out.xyz/technology/how-dns-tunneling-works.html

•»»»

18

80% 86%

PATTERNEX CONFIDENTIAL 19

•»

False positives

False negatives Dwell time

•

20

PATTERNEX CONFIDENTIAL 21

Step Example:

Determine Tactic/technique Command and control via DGA

Determine the entity (User, file, host etc.)

Host / Internal IP

Feature engineering 1. Randomness of visited domains2. How many domains did the host try to visit?

Data Labeling/annotating ● DGA ● Benign

Model Classifier

Prediction Benign or DGA

PATTERNEX CONFIDENTIAL 22

ModelJane: AttackJohn: Benign…Smith: Attack

Labels

Million dollar question: Where do these labels come from?

PATTERNEX CONFIDENTIAL 23

ModelJane: AttackJohn: Benign…Smith: Attack

Predictions

PATTERNEX 24

Teaching a computer to see Feature Engineering Labeling Models

TURKERS

Cla

ssifi

catio

nC

AT

vs. N

OT

VISION EXPERT

DATA SCIENTIST Model

25

PATTERNEX 26

Computer vision vs InfoSecData Property Computer Vision InfoSec

Available

Universal

Labeled

Static/Dynamic

PATTERNEX 27

Data Property Computer Vision InfoSec

Available

Universal

Labeled

Static/Dynamic

PATTERNEX 28

Data Property Computer Vision InfoSec

Available

Universal

Labeled

Static/Dynamic

PATTERNEX CONFIDENTIAL 29

PATTERNEX 30

Data Property Computer Vision InfoSec

Available

Universal

Labeled

Static/Dynamic

PATTERNEX CONFIDENTIAL 31

•

•»

»

•

PATTERNEX CONFIDENTIAL 32

•

•

•»»

PATTERNEX 33

Data Property Computer Vision InfoSec

Available

Universal

Labeled

Static/Dynamic

34

User authentication

Applications

Endpoints

Network

Servers

SecurityAnalyst

PATTERNEX CONFIDENTIAL 35

https://blog.acolyer.org/2016/06/23/ai2-training-a-big-data-machine-to-defend/

1.2.3.

4.»»»

36K. Veeramachaneni, I. Arnaldo et al., AI^2: Training a Big Data Machine to Defend, 2016 IEEE 2nd International Conference on Big Data Security on Cloud, 2016

37

Reduce Operating Expenses

•

»

»•

»

PATTERNEX CONFIDENTIAL 38

Transfer learning

39

40

41

AI - Data Science

Go-to-market

Sec OpsDistributed systems/products

42

● Ai2 among the 16 coolest innovations that came out of CSAIL, MIT in 2016: “A deep-learning system called AI2 was shown to be able to predict 85 percent of cyberattacks with the help of some human input.”

● CSO: “AI will transform information security, but it won’t happen overnight”

43

…

•»»»

Thank You