In this presentation I explore the topic of artificial intelligence in cyber security. What is AI and how do we get to real intelligence in a cyber context. I outline some of the dangers of the way we are using algorithms (AI, ML) today and what that leads to. We then explore how we can add real intelligence through export knowledge to the problem of finding attackers and anomalies in our applications and networks.
Presented at AI 4 Cyber in NYC on April 30, 2019
1. Understanding the "Intelligence" in AI
RAFFAEL MARTY
VP Research and Intelligence
Head of X-Labs, Forcepoint
AI 4 Cyber | April 2019 | New York City
4. BEAT WORLD
CHAMPION AT GO
DESIGN MORE
EFFECTIVE DRUGS
MAKE SIRI
SMARTER
ARTIFICIAL INTELLIGENCE
Deep
Learning
Statistics
Unsupervised
Machine
Learning
Natural
Language
Processing
5. THE DANGERS OF AI SECURITY EXAMPLES
Fooling Facial Recognition
Hack Crash Tweet
Blacklisting of
Windows Executable
Pentagon AI Fail
Algorithm Bias
NOTIFY_SOCKET=/run/syst
emd/notify systemd-notify ""
Data Biases
10. IOCs to
Behaviors
IOCs / Traditional Threat Intel Behavior
ESCAPING THE SECURITY CAT AND MOUSE GAME
CnC
Bot
Bot
IOC: Compromised IP addresses
• Characterizing machine and human behavior
• Leverage risk-based approaches
• From reactive to proactive
• From detection to protection / automation
Behavior: Botnet characteristics
Traffic size: 200-350bytes
Periodicity: 2 minutes
Jitter: 12 seconds
IPv4 proto: 6
App protocol: HTTPS
11. TAKEAWAYS
“Algorithms are getting ‘smarter’,
but experts are more important”
“Understand your data, your algorithms,
and your data science process”
“History is not a predictor
– but knowledge can be”