SlideShare a Scribd company logo

AI-Driven Logical Argumentation in Active Cyber Defense

Shawn Riley
Shawn Riley

A DarkLight tech talk by Shawn Riley prepared for the DoD

Science
1 of 36
Download to read offline
AI-Driven Logical Argumentation in Active Cyber Defense By Shawn Riley, CDO & CISO, DarkLight, Inc. © 2018 DarkLight, Inc.
About me – Shawn Riley, CDO & CISO, DarkLight 20+ years supporting NSA/CSS Cyber Missions • US Navy Cryptology Community Vet • Lockheed Martin Senior Fellow • 9+ years assigned to the UK • Technical Mentor to joint NSA & GCHQ cyber team & UK cybercrime teams Another 8 years on applied science w/A.I. NSA Science of Security Virtual Organization Industry Expert NSA & DHS sponsored Integrated Cyber Community A.I. Expert I’m on the Autism Spectrum, I have Asperger’s Syndrome. Support Neurodiversity!
Science is about making sense of the evidence
► Security science is taken to mean a body of knowledge containing laws, axioms and provable theories relating to some aspect of cyber security. Security science should provide an understanding of what is possible in the security domain, by providing objective and qualitative or quantifiable descriptions of security properties and behaviors. The notions embodied in security science should have broad applicability - transcending specific systems, attacks, and defensive mechanisms. ► There are a set of 7 core themes that together form the foundational basis for security science discipline. The themes are strongly interrelated, and mutually inform and benefit each other. They are: Common Language, Core Principles, Attack Analysis, Measurable Security, Risk, Agility, and Human Factors. What is Cybersecurity Science?
Operational Cyber Defense Knowledge
There Are Three Sources of Knowledge ►Deductive Inference - Deductive Inference establishes new facts from existing facts. Top-Down Method ►Communication - Communication relays information found using other methods. ►Inductive Inference - Inductive Inference establishes new facts from data. Bottom-Up Method
Symbolic AI (Top-Down) & Non-Symbolic AI (Bottom-Up) ►Deductive Inference - Deductive Inference establishes new facts from existing facts. Top-Down Method ►Communication - Communication relays information found using other methods. ►Inductive Inference - Inductive Inference establishes new facts from data. Bottom-Up Method Symbolic AI / Top-Down Non-Symbolic AI / Bottom-Up
Artificial Intelligence (AI) Symbolic AI Knowledge Engineering Expert System Cognitive Playbooks & Ontologies Deductive Inference & Contextual Reasoning Validation of Hypotheses & Explanation Transparent & Explainable Non-symbolic AI Data Science Machine Learning Algorithms & Models Inductive Inference & Probabilistic Reasoning Predictions & Tentative Hypotheses Black Box Comparing Symbolic AI & Non-symbolic AI
Tentative Hypothesis Pattern Observation Confirmation Observation Hypothesis Knowledge Representation And Reasoning Expert System Machine Learning Predictive Analytics Scoring Engines Deductive Reasoning Top-Down Approach General to Specific Inductive Reasoning Bottom-Up Approach Specific to Generalization Machine Learning focuses on prediction, based on known properties learned from the training data. Inductive Reasoning uses patterns to arrive at a conclusion (conjecture). Note: A conclusion derived through inductive reasoning is called a hypothesis and is always less certain than the evidence itself. In other words, the conclusion is probable. An expert system is an A.I. system that emulates the sense-making and decision-making ability of a human expert. Expert systems are designed to solve complex problems by reasoning about knowledge. Deductive Reasoning uses facts, rules, definitions or properties to arrive at a conclusion. PropertyGraphs KnowledgeGraphs
Automating Argument-Driven Inquiry The playbooks capture the human analyst’s cognitive experience in applying the knowledge from the knowledge-base and can automate the Claim Evidence Reasoning framework. Cognitive Playbooks, their ontologies (knowledge models), and reify configuration are all sharable through import and export features allowing communities of trust to share knowledge and experience.
OODA Loop Cyber OODA Loop The Cyber OODA Loop
Sensing
Sensors Focus on Observations
Cyber Environment w/Terrain Layers
Sense-Making
Predictive Analytics & Machine Learning Use Inductive Inference for Predictions
Knowledge Engineering Based Expert Systems Use Deductive Inference for Scientific Arguments
Object-Based Production & Activity-Based Intelligence Sensing Cognitive Playbooks Sense-making Decision-making Acting “Organize what is known” “Discover the unknown unknowns” Object-based production (OBP) and activity-based intelligence (ABI) are related IC analysis methodologies that rapidly integrates data from multiple sources to discover relevant patterns, determine and identify change, and characterize those patterns to create decision advantage and drive the sensing, sense-making, decision-making, and acting of the cyber OODA loop in the cyber environment. Activity-Based Intelligence promotes a deductive approach to analytic reasoning which reduces the space of potential outcomes by eliminating the impossible. Note: ABI can be automated with cognitive playbooks with symbolic AI!!!
Organized Adversary & Defender Knowledge Adversary Contextual Knowledge Transactions & Activity Enterprise Contextual Knowledge
https://www.dni.gov/index.php/cyber-threat-framework Cyber Attack Lifecycle Pre-ATT&CK Tactics Left of Intrusion ATT&CK Tactics Right of Intrusion Pre-ATT&CK and ATT&CK Techniques, STIX Attack Patterns, and Insider Threat Behaviors STIX Indicators and Insider Threat Indicators
Decision-Making
Cybersecurity Decision Pattern ►Formal codification of cybersecurity operations knowledge with minimal content of context, problem, and solution: ▪ Problem: a source of perplexity, distress, or vexation ▪ Context: the interrelated conditions in which something exists or occurs ▪ Solution: an answer to a problem -K. Willett
Lockheed Martin Intelligence-Driven Defense Course of Action Matrix
Cyber Resiliency Effects on Adversary Activities ►Deter, divert, and deceive in support of redirect; ►Prevent, preempt, and expunge in support of preclude; ►Contain, degrade and delay in support of impede; ►Shorten and recover in support of limit; and ►Detect, reveal, and scrutinize in support of expose ►NIST 800-160 vol 2 DRAFT
Acting
Integrated Adaptive Cyber Defense (IACD)
Feedback
Feedback ►Gaps in sensors / observations ►Inductive Inference / Predictions About Adversary Activities ▪ Fallacies ▪ Cognitive Bias ►Deductive Inference / Scientific Arguments ▪ Peer Review of Cognitive Playbooks ▪ Domain Knowledge ►Acting ▪ Effectiveness of action in having desired effect on adversary activity ▪ Feedback on decision
Your IT Enterprise & Security Technologies Your IT Enterprise & Security Technologies Your Information Sharing Services Your Information Sharing Services #1 Sensing (Security Events & Logs) #2A Sense-Making (Analytics, Machine Learning, & Scoring Engines Applied to Data Sets = Tentative Hypothesis (Conjecture)) #2B Sense-Making (KR&R Validation of Hypothesis & Explanation of Activity w/Domain Knowledge and Human Experience Captured in Cognitive Playbooks) #3 Decision-Making (KR&R Cognitive Playbooks for Decision-Making Based On Sense-Making Results/Explanation of Activity and Human Domain Expert Experience In The Enterprise) #4A Acting (Security Orchestrator w/Mechanistic Response Action Playbooks Following OpenC2 Commands) #4B Feedback Loop Integrated Cyber Defense Knowledge Integrated Cyber Threat Intelligence AI-Driven Integrated Adaptive Cyber Defense Overview CASE/UCO Investigation Packages STIX via TAXII such as AIS Knowledge Representation & Reasoning Knowledge Representation & Reasoning
Discussion / Future IACD Collaboration ▪ Applying NSA/CSS Technical Cyber Threat Framework ▪ Semantic Interoperability of Adversary Playbooks ▪ STIX 2.x JSON/JSON Schema limited to syntactic and structural interoperability ▪ Activity-Based Intelligence (looking for adversary actions) ▪ Effects of Actions mapped to OpenC2 Action Commands ▪ Automating Human Decision Making with Human Knowledge ▪ Context – immediate environment in which decision options are considered ▪ 4 R’s ▪ Reference Points (good/bad) ▪ Reasons Matter (contextual / argumentation) ▪ Resources Matter ▪ Replacement (work-arounds, doing easy instead of right) ▪ Framing ▪ Status Que (default options) ▪ Gain/Loss (Gains=Risk Adverse & Loss=Risk Seeking) ▪ Opportunity Cost Neglect
Thank You!

Recommended

Talking SoS with Shawn Riley - Slides from - A 25 Minute Primer On Cybersecur...
Talking SoS with Shawn Riley - Slides from - A 25 Minute Primer On Cybersecur...Talking SoS with Shawn Riley - Slides from - A 25 Minute Primer On Cybersecur...
Talking SoS with Shawn Riley - Slides from - A 25 Minute Primer On Cybersecur...Shawn Riley
 
Shawn Riley on Artificial Intelligence
Shawn Riley on Artificial IntelligenceShawn Riley on Artificial Intelligence
Shawn Riley on Artificial IntelligenceShawn Riley
 
Cybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurCybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurSri Ambati
 
Artificial Intelligence for Business - Version 2
Artificial Intelligence for Business - Version 2Artificial Intelligence for Business - Version 2
Artificial Intelligence for Business - Version 2Nicola Mattina
 
Practical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence CollectionPractical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence CollectionSeamus Tuohy
 
Artificial intelligent Lec 1-ai-introduction-
Artificial intelligent Lec 1-ai-introduction-Artificial intelligent Lec 1-ai-introduction-
Artificial intelligent Lec 1-ai-introduction-Taymoor Nazmy
 
Introduction to artificial intelligence
Introduction to artificial intelligenceIntroduction to artificial intelligence
Introduction to artificial intelligenceSchool of Tourism and Hospitality Management Sant Ignasi, Ramon Llull University
 
A quick peek into the word of AI
A quick peek into the word of AIA quick peek into the word of AI
A quick peek into the word of AISubhendu Dey
 

Recommended

Talking SoS with Shawn Riley - Slides from - A 25 Minute Primer On Cybersecur...
Talking SoS with Shawn Riley - Slides from - A 25 Minute Primer On Cybersecur...Talking SoS with Shawn Riley - Slides from - A 25 Minute Primer On Cybersecur...
Talking SoS with Shawn Riley - Slides from - A 25 Minute Primer On Cybersecur...Shawn Riley
 
Shawn Riley on Artificial Intelligence
Shawn Riley on Artificial IntelligenceShawn Riley on Artificial Intelligence
Shawn Riley on Artificial IntelligenceShawn Riley
 
Cybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurCybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurSri Ambati
 
Artificial Intelligence for Business - Version 2
Artificial Intelligence for Business - Version 2Artificial Intelligence for Business - Version 2
Artificial Intelligence for Business - Version 2Nicola Mattina
 
Practical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence CollectionPractical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence CollectionSeamus Tuohy
 
Artificial intelligent Lec 1-ai-introduction-
Artificial intelligent Lec 1-ai-introduction-Artificial intelligent Lec 1-ai-introduction-
Artificial intelligent Lec 1-ai-introduction-Taymoor Nazmy
 
Introduction to artificial intelligence
Introduction to artificial intelligenceIntroduction to artificial intelligence
Introduction to artificial intelligenceSchool of Tourism and Hospitality Management Sant Ignasi, Ramon Llull University
 
A quick peek into the word of AI
A quick peek into the word of AIA quick peek into the word of AI
A quick peek into the word of AISubhendu Dey
 
Extending and integrating a hybrid knowledge representation system into the c...
Extending and integrating a hybrid knowledge representation system into the c...Extending and integrating a hybrid knowledge representation system into the c...
Extending and integrating a hybrid knowledge representation system into the c...Valentina Rho
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousRaffael Marty
 
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
Artificial Intelligence in Project Management by Dr. Khaled A. Hamdy
Artificial Intelligence in Project Management by Dr. Khaled A. HamdyArtificial Intelligence in Project Management by Dr. Khaled A. Hamdy
Artificial Intelligence in Project Management by Dr. Khaled A. HamdyAgile ME
 
Knowledge based systems -- introduction
Knowledge based systems -- introductionKnowledge based systems -- introduction
Knowledge based systems -- introductionjkmaster
 
Log Data Mining
Log Data MiningLog Data Mining
Log Data MiningAnton Chuvakin
 
Cyber Intelligence In the Cognitive Era
Cyber Intelligence In the Cognitive EraCyber Intelligence In the Cognitive Era
Cyber Intelligence In the Cognitive EraCharles Li
 
How to perform Secure Data Labeling for Machine Learning
How to perform Secure Data Labeling for Machine LearningHow to perform Secure Data Labeling for Machine Learning
How to perform Secure Data Labeling for Machine LearningSkyl.ai
 
Internet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettInternet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettGovLoop
 
Prepping the Analytics organization for Artificial Intelligence evolution
Prepping the Analytics organization for Artificial Intelligence evolutionPrepping the Analytics organization for Artificial Intelligence evolution
Prepping the Analytics organization for Artificial Intelligence evolutionRamkumar Ravichandran
 
Artificial intelligance
Artificial intelliganceArtificial intelligance
Artificial intelliganceUniversity Of Education Lahore, Okara Campus - Renala Khurd
 
Km cognitive computing overview by ken martin 19 jan2015
Km cognitive computing overview by ken martin 19 jan2015Km cognitive computing overview by ken martin 19 jan2015
Km cognitive computing overview by ken martin 19 jan2015HCL Technologies
 
Artificial Intelligence Notes Unit 1
Artificial Intelligence Notes Unit 1 Artificial Intelligence Notes Unit 1
Artificial Intelligence Notes Unit 1 DigiGurukul
 
scklinkedin-v1
scklinkedin-v1scklinkedin-v1
scklinkedin-v1Sing Koo
 
Ibm piquant summary
Ibm piquant summaryIbm piquant summary
Ibm piquant summaryIIUM
 
Artificial Intelligence
Artificial Intelligence Artificial Intelligence
Artificial Intelligence Prasad Kulkarni
 
AXA x DSSG Meetup Sharing (Feb 2016)
AXA x DSSG Meetup Sharing (Feb 2016)AXA x DSSG Meetup Sharing (Feb 2016)
AXA x DSSG Meetup Sharing (Feb 2016)Eugene Yan Ziyou
 
AI-SDV 2021: Francisco Webber - Efficiency is the New Precision
AI-SDV 2021: Francisco Webber - Efficiency is the New PrecisionAI-SDV 2021: Francisco Webber - Efficiency is the New Precision
AI-SDV 2021: Francisco Webber - Efficiency is the New PrecisionDr. Haxel Consult
 
Expert System - Artificial intelligence
Expert System - Artificial intelligenceExpert System - Artificial intelligence
Expert System - Artificial intelligenceDr. Abdul Ahad Abro
 
Intelligent system by SHAHIN ELAHI BOX
Intelligent system by SHAHIN ELAHI BOXIntelligent system by SHAHIN ELAHI BOX
Intelligent system by SHAHIN ELAHI BOXShahin Alam
 
Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceFaction XYZ
 
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackAlistair Gillespie
 

More Related Content

What's hot

Extending and integrating a hybrid knowledge representation system into the c...
Extending and integrating a hybrid knowledge representation system into the c...Extending and integrating a hybrid knowledge representation system into the c...
Extending and integrating a hybrid knowledge representation system into the c...Valentina Rho
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousRaffael Marty
 
Artificial Intelligence in Project Management by Dr. Khaled A. Hamdy
Artificial Intelligence in Project Management by Dr. Khaled A. HamdyArtificial Intelligence in Project Management by Dr. Khaled A. Hamdy
Artificial Intelligence in Project Management by Dr. Khaled A. HamdyAgile ME
 
Knowledge based systems -- introduction
Knowledge based systems -- introductionKnowledge based systems -- introduction
Knowledge based systems -- introductionjkmaster
 
Cyber Intelligence In the Cognitive Era
Cyber Intelligence In the Cognitive EraCyber Intelligence In the Cognitive Era
Cyber Intelligence In the Cognitive EraCharles Li
 
How to perform Secure Data Labeling for Machine Learning
How to perform Secure Data Labeling for Machine LearningHow to perform Secure Data Labeling for Machine Learning
How to perform Secure Data Labeling for Machine LearningSkyl.ai
 
Internet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettInternet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettGovLoop
 
Prepping the Analytics organization for Artificial Intelligence evolution
Prepping the Analytics organization for Artificial Intelligence evolutionPrepping the Analytics organization for Artificial Intelligence evolution
Prepping the Analytics organization for Artificial Intelligence evolutionRamkumar Ravichandran
 
Km cognitive computing overview by ken martin 19 jan2015
Km cognitive computing overview by ken martin 19 jan2015Km cognitive computing overview by ken martin 19 jan2015
Km cognitive computing overview by ken martin 19 jan2015HCL Technologies
 
Artificial Intelligence Notes Unit 1
Artificial Intelligence Notes Unit 1 Artificial Intelligence Notes Unit 1
Artificial Intelligence Notes Unit 1 DigiGurukul
 
scklinkedin-v1
scklinkedin-v1scklinkedin-v1
scklinkedin-v1Sing Koo
 
Ibm piquant summary
Ibm piquant summaryIbm piquant summary
Ibm piquant summaryIIUM
 
Artificial Intelligence
Artificial Intelligence Artificial Intelligence
Artificial Intelligence Prasad Kulkarni
 
AXA x DSSG Meetup Sharing (Feb 2016)
AXA x DSSG Meetup Sharing (Feb 2016)AXA x DSSG Meetup Sharing (Feb 2016)
AXA x DSSG Meetup Sharing (Feb 2016)Eugene Yan Ziyou
 
AI-SDV 2021: Francisco Webber - Efficiency is the New Precision
AI-SDV 2021: Francisco Webber - Efficiency is the New PrecisionAI-SDV 2021: Francisco Webber - Efficiency is the New Precision
AI-SDV 2021: Francisco Webber - Efficiency is the New PrecisionDr. Haxel Consult
 
Expert System - Artificial intelligence
Expert System - Artificial intelligenceExpert System - Artificial intelligence
Expert System - Artificial intelligenceDr. Abdul Ahad Abro
 
Intelligent system by SHAHIN ELAHI BOX
Intelligent system by SHAHIN ELAHI BOXIntelligent system by SHAHIN ELAHI BOX
Intelligent system by SHAHIN ELAHI BOXShahin Alam
 

What's hot (20)

Extending and integrating a hybrid knowledge representation system into the c...
Extending and integrating a hybrid knowledge representation system into the c...Extending and integrating a hybrid knowledge representation system into the c...
Extending and integrating a hybrid knowledge representation system into the c...
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are Dangerous
 
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
 
Artificial Intelligence in Project Management by Dr. Khaled A. Hamdy
Artificial Intelligence in Project Management by Dr. Khaled A. HamdyArtificial Intelligence in Project Management by Dr. Khaled A. Hamdy
Artificial Intelligence in Project Management by Dr. Khaled A. Hamdy
 
Knowledge based systems -- introduction
Knowledge based systems -- introductionKnowledge based systems -- introduction
Knowledge based systems -- introduction
 
Log Data Mining
Log Data MiningLog Data Mining
Log Data Mining
 
Cyber Intelligence In the Cognitive Era
Cyber Intelligence In the Cognitive EraCyber Intelligence In the Cognitive Era
Cyber Intelligence In the Cognitive Era
 
How to perform Secure Data Labeling for Machine Learning
How to perform Secure Data Labeling for Machine LearningHow to perform Secure Data Labeling for Machine Learning
How to perform Secure Data Labeling for Machine Learning
 
Internet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettInternet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy Garrett
 
Prepping the Analytics organization for Artificial Intelligence evolution
Prepping the Analytics organization for Artificial Intelligence evolutionPrepping the Analytics organization for Artificial Intelligence evolution
Prepping the Analytics organization for Artificial Intelligence evolution
 
Artificial intelligance
Artificial intelliganceArtificial intelligance
Artificial intelligance
 
Km cognitive computing overview by ken martin 19 jan2015
Km cognitive computing overview by ken martin 19 jan2015Km cognitive computing overview by ken martin 19 jan2015
Km cognitive computing overview by ken martin 19 jan2015
 
Artificial Intelligence Notes Unit 1
Artificial Intelligence Notes Unit 1 Artificial Intelligence Notes Unit 1
Artificial Intelligence Notes Unit 1
 
scklinkedin-v1
scklinkedin-v1scklinkedin-v1
scklinkedin-v1
 
Ibm piquant summary
Ibm piquant summaryIbm piquant summary
Ibm piquant summary
 
Artificial Intelligence
Artificial Intelligence Artificial Intelligence
Artificial Intelligence
 
AXA x DSSG Meetup Sharing (Feb 2016)
AXA x DSSG Meetup Sharing (Feb 2016)AXA x DSSG Meetup Sharing (Feb 2016)
AXA x DSSG Meetup Sharing (Feb 2016)
 
AI-SDV 2021: Francisco Webber - Efficiency is the New Precision
AI-SDV 2021: Francisco Webber - Efficiency is the New PrecisionAI-SDV 2021: Francisco Webber - Efficiency is the New Precision
AI-SDV 2021: Francisco Webber - Efficiency is the New Precision
 
Expert System - Artificial intelligence
Expert System - Artificial intelligenceExpert System - Artificial intelligence
Expert System - Artificial intelligence
 
Intelligent system by SHAHIN ELAHI BOX
Intelligent system by SHAHIN ELAHI BOXIntelligent system by SHAHIN ELAHI BOX
Intelligent system by SHAHIN ELAHI BOX
 

Similar to AI-Driven Logical Argumentation in Active Cyber Defense

Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceFaction XYZ
 
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackAlistair Gillespie
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligenceabhisheksinghcs
 
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdfIRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdfIRJET Journal
 
Artificial Intelligence Techniques for Cyber Security
Artificial Intelligence Techniques for Cyber SecurityArtificial Intelligence Techniques for Cyber Security
Artificial Intelligence Techniques for Cyber SecurityIRJET Journal
 
ARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITYARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITYCynthia King
 
ARTIFICIAL INTELLIGENT ( ITS / TASK 6 ) done by Wael Saad Hameedi / P71062
ARTIFICIAL INTELLIGENT ( ITS / TASK 6 ) done by Wael Saad Hameedi / P71062ARTIFICIAL INTELLIGENT ( ITS / TASK 6 ) done by Wael Saad Hameedi / P71062
ARTIFICIAL INTELLIGENT ( ITS / TASK 6 ) done by Wael Saad Hameedi / P71062Wael Alawsey
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity InnovationPete Burnap
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...TI Safe
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!Priyanka Aash
 
SFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdfSFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdfBecky Burwell
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityAI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityTasnim Alasali
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousPriyanka Aash
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
 
12 ai-digital-finance-overview
12 ai-digital-finance-overview12 ai-digital-finance-overview
12 ai-digital-finance-overviewinnov-acts-ltd
 
Artificial Intelligence in Cyber Security Research Paper Writing.pptx
Artificial Intelligence in Cyber Security Research Paper Writing.pptxArtificial Intelligence in Cyber Security Research Paper Writing.pptx
Artificial Intelligence in Cyber Security Research Paper Writing.pptxkellysmith617941
 
A Journey Through The Far Side Of Data Science
A Journey Through The Far Side Of Data ScienceA Journey Through The Far Side Of Data Science
A Journey Through The Far Side Of Data Sciencetlcj97
 

Similar to AI-Driven Logical Argumentation in Active Cyber Defense (20)

Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial Intelligence
 
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
 
Ieee itmsb20
Ieee itmsb20Ieee itmsb20
Ieee itmsb20
 
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdfIRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
 
Artificial Intelligence Techniques for Cyber Security
Artificial Intelligence Techniques for Cyber SecurityArtificial Intelligence Techniques for Cyber Security
Artificial Intelligence Techniques for Cyber Security
 
ARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITYARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITY
 
ARTIFICIAL INTELLIGENT ( ITS / TASK 6 ) done by Wael Saad Hameedi / P71062
ARTIFICIAL INTELLIGENT ( ITS / TASK 6 ) done by Wael Saad Hameedi / P71062ARTIFICIAL INTELLIGENT ( ITS / TASK 6 ) done by Wael Saad Hameedi / P71062
ARTIFICIAL INTELLIGENT ( ITS / TASK 6 ) done by Wael Saad Hameedi / P71062
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
 
SFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdfSFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdf
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityAI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
12 ai-digital-finance-overview
12 ai-digital-finance-overview12 ai-digital-finance-overview
12 ai-digital-finance-overview
 
Artificial Intelligence in Cyber Security Research Paper Writing.pptx
Artificial Intelligence in Cyber Security Research Paper Writing.pptxArtificial Intelligence in Cyber Security Research Paper Writing.pptx
Artificial Intelligence in Cyber Security Research Paper Writing.pptx
 
A Journey Through The Far Side Of Data Science
A Journey Through The Far Side Of Data ScienceA Journey Through The Far Side Of Data Science
A Journey Through The Far Side Of Data Science
 

Recently uploaded

Microphone- characteristics,carbon microphone, dynamic microphone.pptx
Microphone- characteristics,carbon microphone, dynamic microphone.pptxMicrophone- characteristics,carbon microphone, dynamic microphone.pptx
Microphone- characteristics,carbon microphone, dynamic microphone.pptxpriyankatabhane
 
FREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by naFREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by naJASISJULIANOELYNV
 
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdf
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdfPests of Blackgram, greengram, cowpea_Dr.UPR.pdf
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdfPirithiRaju
 
Speech, hearing, noise, intelligibility.pptx
Speech, hearing, noise, intelligibility.pptxSpeech, hearing, noise, intelligibility.pptx
Speech, hearing, noise, intelligibility.pptxpriyankatabhane
 
Pests of castor_Binomics_Identification_Dr.UPR.pdf
Pests of castor_Binomics_Identification_Dr.UPR.pdfPests of castor_Binomics_Identification_Dr.UPR.pdf
Pests of castor_Binomics_Identification_Dr.UPR.pdfPirithiRaju
 
Topic 9- General Principles of International Law.pptx
Topic 9- General Principles of International Law.pptxTopic 9- General Principles of International Law.pptx
Topic 9- General Principles of International Law.pptxJorenAcuavera1
 
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)riyaescorts54
 
BUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdf
BUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdfBUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdf
BUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdfWildaNurAmalia2
 
User Guide: Capricorn FLX™ Weather Station
User Guide: Capricorn FLX™ Weather StationUser Guide: Capricorn FLX™ Weather Station
User Guide: Capricorn FLX™ Weather StationColumbia Weather Systems
 
Environmental Biotechnology Topic:- Microbial Biosensor
Environmental Biotechnology Topic:- Microbial BiosensorEnvironmental Biotechnology Topic:- Microbial Biosensor
Environmental Biotechnology Topic:- Microbial Biosensorsonawaneprad
 
Neurodevelopmental disorders according to the dsm 5 tr
Neurodevelopmental disorders according to the dsm 5 trNeurodevelopmental disorders according to the dsm 5 tr
Neurodevelopmental disorders according to the dsm 5 trssuser06f238
 
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...lizamodels9
 
LIGHT-PHENOMENA-BY-CABUALDIONALDOPANOGANCADIENTE-CONDEZA (1).pptx
LIGHT-PHENOMENA-BY-CABUALDIONALDOPANOGANCADIENTE-CONDEZA (1).pptxLIGHT-PHENOMENA-BY-CABUALDIONALDOPANOGANCADIENTE-CONDEZA (1).pptx
LIGHT-PHENOMENA-BY-CABUALDIONALDOPANOGANCADIENTE-CONDEZA (1).pptxmalonesandreagweneth
 
Davis plaque method.pptx recombinant DNA technology
Davis plaque method.pptx recombinant DNA technologyDavis plaque method.pptx recombinant DNA technology
Davis plaque method.pptx recombinant DNA technologycaarthichand2003
 
Pests of Bengal gram_Identification_Dr.UPR.pdf
Pests of Bengal gram_Identification_Dr.UPR.pdfPests of Bengal gram_Identification_Dr.UPR.pdf
Pests of Bengal gram_Identification_Dr.UPR.pdfPirithiRaju
 
OECD bibliometric indicators: Selected highlights, April 2024
OECD bibliometric indicators: Selected highlights, April 2024OECD bibliometric indicators: Selected highlights, April 2024
OECD bibliometric indicators: Selected highlights, April 2024innovationoecd
 
Citronella presentation SlideShare mani upadhyay
Citronella presentation SlideShare mani upadhyayCitronella presentation SlideShare mani upadhyay
Citronella presentation SlideShare mani upadhyayupadhyaymani499
 
Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024AyushiRastogi48
 
Call Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCR
Call Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCRCall Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCR
Call Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCRlizamodels9
 
Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...
Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...
Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...D. B. S. College Kanpur
 

Recently uploaded (20)

Microphone- characteristics,carbon microphone, dynamic microphone.pptx
Microphone- characteristics,carbon microphone, dynamic microphone.pptxMicrophone- characteristics,carbon microphone, dynamic microphone.pptx
Microphone- characteristics,carbon microphone, dynamic microphone.pptx
 
FREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by naFREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by na
 
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdf
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdfPests of Blackgram, greengram, cowpea_Dr.UPR.pdf
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdf
 
Speech, hearing, noise, intelligibility.pptx
Speech, hearing, noise, intelligibility.pptxSpeech, hearing, noise, intelligibility.pptx
Speech, hearing, noise, intelligibility.pptx
 
Pests of castor_Binomics_Identification_Dr.UPR.pdf
Pests of castor_Binomics_Identification_Dr.UPR.pdfPests of castor_Binomics_Identification_Dr.UPR.pdf
Pests of castor_Binomics_Identification_Dr.UPR.pdf
 
Topic 9- General Principles of International Law.pptx
Topic 9- General Principles of International Law.pptxTopic 9- General Principles of International Law.pptx
Topic 9- General Principles of International Law.pptx
 
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)
 
BUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdf
BUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdfBUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdf
BUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdf
 
User Guide: Capricorn FLX™ Weather Station
User Guide: Capricorn FLX™ Weather StationUser Guide: Capricorn FLX™ Weather Station
User Guide: Capricorn FLX™ Weather Station
 
Environmental Biotechnology Topic:- Microbial Biosensor
Environmental Biotechnology Topic:- Microbial BiosensorEnvironmental Biotechnology Topic:- Microbial Biosensor
Environmental Biotechnology Topic:- Microbial Biosensor
 
Neurodevelopmental disorders according to the dsm 5 tr
Neurodevelopmental disorders according to the dsm 5 trNeurodevelopmental disorders according to the dsm 5 tr
Neurodevelopmental disorders according to the dsm 5 tr
 
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...
 
LIGHT-PHENOMENA-BY-CABUALDIONALDOPANOGANCADIENTE-CONDEZA (1).pptx
LIGHT-PHENOMENA-BY-CABUALDIONALDOPANOGANCADIENTE-CONDEZA (1).pptxLIGHT-PHENOMENA-BY-CABUALDIONALDOPANOGANCADIENTE-CONDEZA (1).pptx
LIGHT-PHENOMENA-BY-CABUALDIONALDOPANOGANCADIENTE-CONDEZA (1).pptx
 
Davis plaque method.pptx recombinant DNA technology
Davis plaque method.pptx recombinant DNA technologyDavis plaque method.pptx recombinant DNA technology
Davis plaque method.pptx recombinant DNA technology
 
Pests of Bengal gram_Identification_Dr.UPR.pdf
Pests of Bengal gram_Identification_Dr.UPR.pdfPests of Bengal gram_Identification_Dr.UPR.pdf
Pests of Bengal gram_Identification_Dr.UPR.pdf
 
OECD bibliometric indicators: Selected highlights, April 2024
OECD bibliometric indicators: Selected highlights, April 2024OECD bibliometric indicators: Selected highlights, April 2024
OECD bibliometric indicators: Selected highlights, April 2024
 
Citronella presentation SlideShare mani upadhyay
Citronella presentation SlideShare mani upadhyayCitronella presentation SlideShare mani upadhyay
Citronella presentation SlideShare mani upadhyay
 
Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024
 
Call Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCR
Call Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCRCall Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCR
Call Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCR
 
Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...
Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...
Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...
 

AI-Driven Logical Argumentation in Active Cyber Defense

  • 1. AI-Driven Logical Argumentation in Active Cyber Defense By Shawn Riley, CDO & CISO, DarkLight, Inc. © 2018 DarkLight, Inc.
  • 2. About me – Shawn Riley, CDO & CISO, DarkLight 20+ years supporting NSA/CSS Cyber Missions • US Navy Cryptology Community Vet • Lockheed Martin Senior Fellow • 9+ years assigned to the UK • Technical Mentor to joint NSA & GCHQ cyber team & UK cybercrime teams Another 8 years on applied science w/A.I. NSA Science of Security Virtual Organization Industry Expert NSA & DHS sponsored Integrated Cyber Community A.I. Expert I’m on the Autism Spectrum, I have Asperger’s Syndrome. Support Neurodiversity!
  • 3. Science is about making sense of the evidence
  • 4. ► Security science is taken to mean a body of knowledge containing laws, axioms and provable theories relating to some aspect of cyber security. Security science should provide an understanding of what is possible in the security domain, by providing objective and qualitative or quantifiable descriptions of security properties and behaviors. The notions embodied in security science should have broad applicability - transcending specific systems, attacks, and defensive mechanisms. ► There are a set of 7 core themes that together form the foundational basis for security science discipline. The themes are strongly interrelated, and mutually inform and benefit each other. They are: Common Language, Core Principles, Attack Analysis, Measurable Security, Risk, Agility, and Human Factors. What is Cybersecurity Science?
  • 6. There Are Three Sources of Knowledge ►Deductive Inference - Deductive Inference establishes new facts from existing facts. Top-Down Method ►Communication - Communication relays information found using other methods. ►Inductive Inference - Inductive Inference establishes new facts from data. Bottom-Up Method
  • 7. Symbolic AI (Top-Down) & Non-Symbolic AI (Bottom-Up) ►Deductive Inference - Deductive Inference establishes new facts from existing facts. Top-Down Method ►Communication - Communication relays information found using other methods. ►Inductive Inference - Inductive Inference establishes new facts from data. Bottom-Up Method Symbolic AI / Top-Down Non-Symbolic AI / Bottom-Up
  • 8. Artificial Intelligence (AI) Symbolic AI Knowledge Engineering Expert System Cognitive Playbooks & Ontologies Deductive Inference & Contextual Reasoning Validation of Hypotheses & Explanation Transparent & Explainable Non-symbolic AI Data Science Machine Learning Algorithms & Models Inductive Inference & Probabilistic Reasoning Predictions & Tentative Hypotheses Black Box Comparing Symbolic AI & Non-symbolic AI
  • 9.
  • 10. Tentative Hypothesis Pattern Observation Confirmation Observation Hypothesis Knowledge Representation And Reasoning Expert System Machine Learning Predictive Analytics Scoring Engines Deductive Reasoning Top-Down Approach General to Specific Inductive Reasoning Bottom-Up Approach Specific to Generalization Machine Learning focuses on prediction, based on known properties learned from the training data. Inductive Reasoning uses patterns to arrive at a conclusion (conjecture). Note: A conclusion derived through inductive reasoning is called a hypothesis and is always less certain than the evidence itself. In other words, the conclusion is probable. An expert system is an A.I. system that emulates the sense-making and decision-making ability of a human expert. Expert systems are designed to solve complex problems by reasoning about knowledge. Deductive Reasoning uses facts, rules, definitions or properties to arrive at a conclusion. PropertyGraphs KnowledgeGraphs
  • 11.
  • 12.
  • 13. Automating Argument-Driven Inquiry The playbooks capture the human analyst’s cognitive experience in applying the knowledge from the knowledge-base and can automate the Claim Evidence Reasoning framework. Cognitive Playbooks, their ontologies (knowledge models), and reify configuration are all sharable through import and export features allowing communities of trust to share knowledge and experience.
  • 14.
  • 15. OODA Loop Cyber OODA Loop The Cyber OODA Loop
  • 17. Sensors Focus on Observations
  • 20. Predictive Analytics & Machine Learning Use Inductive Inference for Predictions
  • 21. Knowledge Engineering Based Expert Systems Use Deductive Inference for Scientific Arguments
  • 22. Object-Based Production & Activity-Based Intelligence Sensing Cognitive Playbooks Sense-making Decision-making Acting “Organize what is known” “Discover the unknown unknowns” Object-based production (OBP) and activity-based intelligence (ABI) are related IC analysis methodologies that rapidly integrates data from multiple sources to discover relevant patterns, determine and identify change, and characterize those patterns to create decision advantage and drive the sensing, sense-making, decision-making, and acting of the cyber OODA loop in the cyber environment. Activity-Based Intelligence promotes a deductive approach to analytic reasoning which reduces the space of potential outcomes by eliminating the impossible. Note: ABI can be automated with cognitive playbooks with symbolic AI!!!
  • 23. Organized Adversary & Defender Knowledge Adversary Contextual Knowledge Transactions & Activity Enterprise Contextual Knowledge
  • 24. https://www.dni.gov/index.php/cyber-threat-framework Cyber Attack Lifecycle Pre-ATT&CK Tactics Left of Intrusion ATT&CK Tactics Right of Intrusion Pre-ATT&CK and ATT&CK Techniques, STIX Attack Patterns, and Insider Threat Behaviors STIX Indicators and Insider Threat Indicators
  • 26. Cybersecurity Decision Pattern ►Formal codification of cybersecurity operations knowledge with minimal content of context, problem, and solution: ▪ Problem: a source of perplexity, distress, or vexation ▪ Context: the interrelated conditions in which something exists or occurs ▪ Solution: an answer to a problem -K. Willett
  • 28. Cyber Resiliency Effects on Adversary Activities ►Deter, divert, and deceive in support of redirect; ►Prevent, preempt, and expunge in support of preclude; ►Contain, degrade and delay in support of impede; ►Shorten and recover in support of limit; and ►Detect, reveal, and scrutinize in support of expose ►NIST 800-160 vol 2 DRAFT
  • 29.
  • 31. Integrated Adaptive Cyber Defense (IACD)
  • 33. Feedback ►Gaps in sensors / observations ►Inductive Inference / Predictions About Adversary Activities ▪ Fallacies ▪ Cognitive Bias ►Deductive Inference / Scientific Arguments ▪ Peer Review of Cognitive Playbooks ▪ Domain Knowledge ►Acting ▪ Effectiveness of action in having desired effect on adversary activity ▪ Feedback on decision
  • 34. Your IT Enterprise & Security Technologies Your IT Enterprise & Security Technologies Your Information Sharing Services Your Information Sharing Services #1 Sensing (Security Events & Logs) #2A Sense-Making (Analytics, Machine Learning, & Scoring Engines Applied to Data Sets = Tentative Hypothesis (Conjecture)) #2B Sense-Making (KR&R Validation of Hypothesis & Explanation of Activity w/Domain Knowledge and Human Experience Captured in Cognitive Playbooks) #3 Decision-Making (KR&R Cognitive Playbooks for Decision-Making Based On Sense-Making Results/Explanation of Activity and Human Domain Expert Experience In The Enterprise) #4A Acting (Security Orchestrator w/Mechanistic Response Action Playbooks Following OpenC2 Commands) #4B Feedback Loop Integrated Cyber Defense Knowledge Integrated Cyber Threat Intelligence AI-Driven Integrated Adaptive Cyber Defense Overview CASE/UCO Investigation Packages STIX via TAXII such as AIS Knowledge Representation & Reasoning Knowledge Representation & Reasoning
  • 35. Discussion / Future IACD Collaboration ▪ Applying NSA/CSS Technical Cyber Threat Framework ▪ Semantic Interoperability of Adversary Playbooks ▪ STIX 2.x JSON/JSON Schema limited to syntactic and structural interoperability ▪ Activity-Based Intelligence (looking for adversary actions) ▪ Effects of Actions mapped to OpenC2 Action Commands ▪ Automating Human Decision Making with Human Knowledge ▪ Context – immediate environment in which decision options are considered ▪ 4 R’s ▪ Reference Points (good/bad) ▪ Reasons Matter (contextual / argumentation) ▪ Resources Matter ▪ Replacement (work-arounds, doing easy instead of right) ▪ Framing ▪ Status Que (default options) ▪ Gain/Loss (Gains=Risk Adverse & Loss=Risk Seeking) ▪ Opportunity Cost Neglect