We are writing the year 2017. Cyber security has been a discipline for many years and thousands of security companies are offering solutions to deter and block malicious actors in order to keep our businesses operating and our data confidential. But fundamentally, cyber security has not changed during the last two decades. We are still running Snort and Bro. Firewalls are fundamentally still the same. People get hacked for their poor passwords and we collect logs that we don't know what to do with. In this talk I will paint a slightly provocative and dark picture of security. Fundamentally, nothing has really changed. We'll have a look at machine learning and artificial intelligence and see how those techniques are used today. Do they have the potential to change anything? How will the future look with those technologies? I will show some practical examples of machine learning and motivate that simpler approaches generally win. Maybe we find some hope in visualization? Or maybe Augmented reality? We still have a ways to go.
Al Barsha Night Partner +0567686026 Call Girls Dubai
ย
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
1. AI & ML in Cyber Security
Welcome Back To 1999 - Security Hasnโt Changed
Raffael Marty
VP Security Analytics
BSides Vancouver
March 2017
2. Disclaimer
ยฉ Raffael Marty 2
"This presentation was prepared solely by Raffael
Marty in his personal capacity. The material, views,
and opinions expressed in this presentation are the
author's own and do not reflect the views of Sophos
Ltd. or its affiliates."
3. Raffael Marty
โข Sophos
โข PixlCloud
โข Loggly
โข Splunk
โข ArcSight
โข IBM Research
โข SecViz
โข Logging
โข Big Data
โข SIEM
โข Leadership
โข Zen
4. My Provocative Premise
โข Cyber Defense / Monitoring / Analytics is still at the level of 1999
โข We canโt predict the weather and we have done it since 1 August 1861
o โThe weather predicted by the BBC for four days time was just 30-40% accurateโ
โข Predicting election results anyone?
o โ80% chance Clinton will win.โ
5. Outline
5
โข Nothing Has Changed in Security (Defense)
โข Machine Learning & Artificial Intelligence
โข Visualization
โข Now What?
7. Summary of Technologies
โข Firewalls โ policy management, auditing a challenge
โข IDS/IPS โ false positives
โข Threat Intelligence โ really the same as IDS signatures
โข DLP โ just an IDS engine
โข Vulnerability Scanners โ whatโs up with those old user interfaces?
โข SIEM โ still the same issues: parsing, context, prioritization
โข Security Analytics โ can actually mostly be done with your SIEM
10. Machine Learning / Data Mining
10
โข Anomaly detection (outlier detection)
o Whatโs โnormalโ?
โข Association rule learning (e.g., items purchased together)
โข Clustering
โข Classification
โข Regression (model the data)
โข Summarization
11. Data Mining in Security
The graph shows an abstract
space with colors being machine
identified clusters.
12. Machine Learning in Security
โขNeeds a corpus of data to learn from
โขNetwork traffic analysis
still not working
oNo labeled data
o Not sure what the right
features should be
โขWorks okay for SPAM
and malware
classification
13. Artificial Intelligence in Security
โขJust calling something AI doesnโt make it AI.
โA program that doesn't simply classify or compute model
parameters, but comes up with novel knowledge that a
security analyst finds insightful.โ
Artificial Narrow Intelligence (ANI)
โข Computer programs we have today that perform a specific, narrow task: Deep Blue, Amazon recommendations
Artificial General Intelligence (AGI)
โข A program that could learn to complete any task
โข What many of us imagine when we think of AI, but no one has managed to accomplish it yet
Artificial Superintelligence (ASI)
โข Any computer program that is all-around smarter than a human (also see the singularity by Ray Kurzweil)
https://www.chemheritage.org/distillations/magazine/thinking-machines-the-search-for-artificial-intelligence
14. The Law of Accelerating Returns โ Ray Kurzweil
http://waitbutwhy.com/2015/01/artificial-intelligence-revolution-1.html
15. ML Looses
15
โข We have tried many thing:
o Social Network Analysis
o Seasonality detection
o Entropy over time
o Frequent pattern mining
o Clustering
โข All kinds of challenges
o Characterize normal
o Extract what has been learned
o Statistical vs. domain anomalies
โข Simple works!
23. Areas To Explore
โข Environment specific rather than environment agnostic approaches
o Same IDS signatures for everyone? Same SIEM signatures?
o Real-time threat intel sharing
โข Context
o Users donโt think in IP addresses, they think about users
o Topology mapping anyone?
o User-based policies, not machine based
o Adaptive security
โข Capture expert knowledge
o Collaborative efforts
โข Forget about 3D visualization ๐
24. Promising Approaches That Will โChangeโ Security
โข Continuous authentication
โข Dynamic policy decisions โ automation โ really closing the loop
o But what products do this well? Open APIs, low f/p, etc.
โข Micro segmentation (including SDN?)
โข Real-time threat intelligence sharing
โข Human assisted machine learning systems
โข Crowd sourcing
โข End-user involved / assisted decision making
โข Eradicate phishing, please!
25. How Will ML / AI Help?
โข Machine learning consists of algorithms that need data
o Garbage in - garbage out
o Data formats and semantics
โข Deep learning is just another ML algorithm
o Malware classification (it isnโt necessarily better than other ML algorithms)
o Basically eliminates the feature engineering step
โข Many inherent challenges (see https://www.youtube.com/watch?v=CEAMF0TaUUU)
o Distance functions
o Context โ need input from HR systems and others
o Choice of algorithm
o Etc.
โข Where to use ML
o Classification problems (traffic, binaries, activities, etc.)
o There is good work being done on automating the level 1 analyst
o Look for systems that leverage humans in the loop (see topic of knowledge capture)
26. Security Visualization Community
26
โข http://secviz.org
โข List: secviz.org/mailinglist
โข Twitter: @secviz
Share, discuss, challenge, and learn about security visualization.
27. 27
Visual Analytics -
Delivering Actionable Security
Intelligence
July 22-25 2017, Las Vegas
big data | analytics | visualization
BlackHat Workshop
28. Sophos โ Security Made Simple
28
โข Products usable by non experts
delightful for the security analyst
โข Consolidating security capabilities
โข Data science to SOLVE problems
not to highlight issues
Analytics
UTM/Next-Gen Firewall
Wireless
Web
Email
Disk Encryption
File Encryption
Endpoint /
Next-Gen Endpoint
Mobile
Server
Sophos Central