Artificial Intelligence

in
Cyber Security
  Artificial intelligence (AI) is part of computer science concerned
with building smart machines capable of performing tasks that
typically replicate or simulate human intelligence in machines.
What is AI  AI is an interdisciplinary science with multiple approaches, and
advancements in machine learning (ML) and deep learning (DL) by
creating a paradigm shift in virtually every sector of the tech
industry
 AI - is Engineering of Making intelligent MacInnes and Programs
AI
vs

ML – Ability to learn without being explicitly programmed

ML

vs

DL DL – Learning based on Deep Neural Network

  Unfortunately, machine learning will never be a silver bullet for
cybersecurity compared to image recognition or natural language
What does AI processing.
 There will always be a person who tries to find issues in our
mean in systems and bypass them.
Cybersecurity  If we detect 90% attacks today, new methods will be invented
tomorrow. To make things worse, hackers could also use machine
World learning to carry out their nefarious endeavors
  An artificial intelligence attack (AI attack) is the purposeful
manipulation of an AI system with the end goal of causing it to
malfunction. These attacks can take different forms that strike at
different weaknesses in the underlying algorithms.
Few examples:
 Fooling autonomous vehicles to misinterpret stop signs vs. speed
limit.
Overview of AI  Bypassing facial recognition, such as the ones for ATM.
 Bypassing spam filters.
Attacks  Fooling sentiment analysis of movie reviews, hotels, etc.
 Bypassing anomaly detection engines.
 Faking voice commands.
 Misclassifying machine learning based-medical predictions
 Inefficient against zero-day and variations
 Identify attacks as deviations of « normality »
 Malware Detection Antispam SOC,IPS/IDS & Honeypots
Multi layer, Multi ML Improv in filtering Spam Self learning ML and DL
engine defense by ML and DL

Defensive AI
Security

Vulnerability Mgmt. Data Classification Threat Intelligence

Identify and prioritize Track data to identify, Categorize behavior for TI
remediation classify and protect ML to monitor Dark Web
 Malware Creation Smart Botnets Spear Phishing
 Speed up creation  Self learning botnets  Smarter social
 Enhance evasive  Smarter zombies  engineering
capabilities  More convincing
scams

Offensive AI
Security

Adversarial AI Conditional Attacks Classify Victims

 Generative
 Cyberattacks using  Optimize return on
Adversarial
Blockchain based investment of attacks
Network: discover
smart contracts
and poison ML to
produce false, and
controlled, Results
 Poison datasets
 Adversarial Inputs
 Artefacts designed to
fool Defensive AIs

Three key types of adversarial AI

Data poisoning
attacks
 Feed poisoned training
data to cybersecurity  Data poisoning at the time of model
tools training: Attackers use AI to mark or launch
Adversarial AI their attacks.

Security Model stealing  Adversarial inputs at runtime: Attackers

alter the training data used for security AI.
 To enhance abilities of
adversarial inputs  Privacy attacks: Adversaries try to gain
access to private information.

Feedback weaponization

 Poison ML to DoS AI
users with False Alarm
  Anti Fraud & Identity Management: secure online transactions by
identifying fraudsters, e.g. ML proactively detects fraud in financial
transactions or fraudulent users on websites and in mobile
 Mobile Security: identify and grade risky behavior in mobile apps
including known and unknown malware, new malware used in targeted
attacks, corporate data ex-filtration, and intellectual property exposure,
mostly cloud based
Scope of  Predictive Intelligence: e.g. predictive and preventive security against
advanced cyber threats with predictive execution modeling
Security using  Behavioral Analytics / Anomaly Detection: detect anomalous behavior
AI from insiders and external threats in organizations’ systems and networks
in order detect cyber-attacks, e.g. with digital fingerprints from an end-
user’s behavior through monitored keystrokes, mouse behavior, and
anomaly detection
 Automated Security: automate security tasks across 100+ security
products and weave human analyst activities and workflows together
  Cyber-Risk Management: More focus on defining cyber risk
appetite and cyber risk tolerance, to better enable business
considering the cost of security controls
 App Security: securing applications e.g. By helping developers
secure applications by finding, fixing, and monitoring web, mobile,
and networks against current and future vulnerabilities, with
formal analysis and machine learning
contd.  IoT Security: AI-powered asset-protection software for the safety,
security, and reliability of the IoT; machine learning to identify
hidden recording devices or transmitters in a conference room,
and allow for a preemptive response to data theft.
 Deception Security: Proactively deceiving and disrupting in
progress attacks by detecting and fighting cyber attacks by
creating smart bots with the help of machine learning algorithms.
  TAA tool (Symantec’s Targeted Attack analytics) – Developed by
Symantec. Tool analyzes incidents in the network against
incidents found on their Symantec threat.
 X Sophos Intercept Tool – Developed by US defence. This tool
results in a high level of accuracy for existing malware and zero-
day malware, and a lower false positive level. Intercept X uses
AI Cyber behaviour analysis to limit new ransomware and boot-record
attacks.
Security Tools  Darktrace Antigena - Antigena extends Darktrace’s core
capabilities to detect and replicate digital antibody functions that
identify and neutralize threats and viruses.
 IBM QRadar Advisor – QRadar Advisor IBM uses IBM Watson
technology to fight cyber attacks. Using AI to automatically
investigate indicators of all compromises or exploits.
  Secure User Authentication
 Botnet Detection
Applications of  Hacking Incident Forecasting
AI/ML in Cyber  Network Intrusion Detection and Prevention
Security  Spam Filter Applications
 Fraud Detection
  ML to detect Malicious Activity
 AI based Threat Mitigation
Use Cases of  ML to Analyse Mobile Endpoints
AI/ML  Security Analyst Augmentation
 ML to enhance Human Analysis
  https://www.belfercenter.org/publication/AttackingAI
 https://builtin.com/artificial-intelligence
 https://securityboulevard.com/2018/06/highlights-of-ai-village-def
References con-china-2018/
 https://www.forbes.com/sites/forbestechcouncil/2018/02/20/how-
ai-driven-systems-can-be-hacked/?sh=172b7b5579df
 https://www.forbes.com/sites/forbestechcouncil/2017/11/30/the-tr
uth-about-machine-learning-in-cybersecurity-defense/?sh=2c2b9
3526949
 https://www.aitrends.com/security/five-tools-that-use-ai-for-cybe
rsecurity/