SlideShare une entreprise Scribd logo

Managing Next Generation Threats to Cyber Security

Priyanka Aash
Priyanka Aash

This document provides an overview of a conference on managing next generation threats to cyber security. It includes details about the speaker, Dr. Peter Stephenson, and his extensive background in computing, diplomacy, cyber forensics, and cyber law. The document outlines the conference agenda, which will discuss topics like picking the right tools for next generation security, how adversaries may use next generation technologies, and challenges around prosecuting next generation crimes. Specific techniques like machine learning, deep learning, neural networks, and generative adversarial networks are defined. An example adversarial machine learning tool called PEsidious is also described.

Technologie
1  sur  38
Télécharger pour lire hors ligne
Best Of The World In Security Conference Best Of The World In Security 12-13 November 2020 Managing Next Generation Threats to Cyber Security Dr. Peter Stephenson, CISSP (Lifetime) Center for Digital Forensic Studies
Best Of The World In Security Conference • Questions anytime – but be courteous and respectful • Breaks about every hour – 10 minutes • That’s all, folks….. House Rules
Best Of The World In Security Conference • PhD in computing with research and specialty in digital investigation • MA in diplomacy with a concentration in terrorism • Over 55 years experience including 10 years as a US Navy crypto tech • Consultant for over 40 years • Associate Professor at a private military college for ten years teaching cyber forensics, cyber crime/cyber law, and network attack/defend (red team/blue team) • Lifetime (retired) CISSP • Author or co-author of 20 books (new one coming next year) • Retired technology editor at SC Magazine • Blog at SecureWorldExpo.com • Deep-dive reviews at Cyber Defense Magazine with podcast coming soon • All-but-dissertation, PhD in Law focusing on cyberspace About me
Best Of The World In Security Conference • Introduction - sorting out the next gen hype from the next gen facts and a few definitions • Picking your tools - are they really next gen and how do you know - do you need next gen tools and why or why not – an example with a short demo • Is the adversary using next gen technologies, how do we know and what should we do? • The law and cyber science - are we ready to prosecute the next generation of adversary - what are we doing now and what's wrong with it - do we need a whole new set of laws? - How does this affect our governance? Agenda
Best Of The World In Security Conference • Complicated field of AI • Lots of definitions • For example, Dr. Jason Brownlee cites 14 different types of machine learning alone • 1. Supervised Learning • 2. Unsupervised Learning • 3. Reinforcement Learning • 4. Semi-Supervised Learning • 5. Self-Supervised Learning • 6. Multi-Instance Learning • 7. Inductive Learning • 8. Deductive Inference • 9. Transductive Learning • 10. Multi-Task Learning • 11. Active Learning • 12. Online Learning • 13. Transfer Learning • 14. Ensemble Learning Introduction
Best Of The World In Security Conference • Key constructs • Machine learning • Supervised, unsupervised and reinforcement - classifiers • Deep learning • Neural networks • Why bother with all of this? • AI, especially ML, is in many security tools • AI, especially ML, is being explored by the adversary as a viable attack modality • Lots of security tools claim AI but not all really incorporate it • Bottom line: this is where cyber science and cyber security are headed and we need to understand it, at least at a 100,000 foot level Introduction
Best Of The World In Security Conference • Artificial intelligence • The computing technology that behaves like human intelligence – comprises several specific techniques/technologies • Neural network • The algorithms that simulate human brain activity – input layer, hidden layer(s) and output layer • Machine Learning • Based upon neural networks and may or may not use labeled data initially • Deep learning • Based upon neural networks and machine learning with multiple hidden layers Introduction – Machine Learning
Best Of The World In Security Conference • Defined by towarddatascience.com as “… providing systems the ability to automatically learn and improve from experience without being explicitly programmed.” • Basic machine learning algorithm • Y = f(X) • Y is the dependent variable (the answer we seek) • X is the independent variable (the independent variable we are given) • f is a function (some formula or algorithm we are given) • Initially we may not be given X or Y – we don’t even start out by knowing f • Training data is randomly selected Xs and Ys that represent what we know and what we are seeking. • We then look for relationships between the two and derive our f • Or, we may know f and need to apply it to an already-labeled training set • Supervised learning • The algorithm is much more complicated and there may be several Introduction – Machine Learning
Best Of The World In Security Conference • Depends upon labels • All elements in the dataset are labeled • Algorithms f predict output Y from the input X • Outputs can be grouped into packages of similar elements using a classifier • X (with labels) -> f (algorithm models) -> Y • The key in supervised learning is the label. Elements are classified by their labels which are assigned already • When a new unknown element is introduced to the model it is assigned a label and its classification is predicted Introduction – Supervised Machine Learning
Best Of The World In Security Conference • Unsupervised learning does not start with labeled data elements • Systems infer a function from unlabeled input data • Can be clustering (discover inherent classifications) • Can be association (discover association rules in the input data based upon the algorithm) • X -> f -> classifier Introduction – Unsupervised Machine Learning
Best Of The World In Security Conference • Learns through the consequences of behavior in a given environment • Behavioral learning model • Algorithm provides analysis feedback, selecting the best result (a “reward”) • Not trained by a dataset – learns using trial and error, like a human child’s learning based upon experience • Algorithms can be biased Introduction – Reinforcement Machine Learning
Best Of The World In Security Conference • Deep learning uses more than one intermediate layer of f (greatly oversimplified but acceptable for our purposes) • Neural networks simply aim to reproduce the neural pathways in the human brain and how they work (again, greatly simplified but acceptable for our purposes) Introduction – Deep Learning and Neural Networks
Best Of The World In Security Conference • By calculating f the adversary can determine how the defensive measures will respond to an attack and then craft an attack to circumvent those measures (adversarial machine learning or AML) • We will discuss an example of this – a tool called PEsidious – later • Another example is DeepFool – tool that computes training data perturbations to fool deep networks • AML consists of determining f and extracting the training set • Black and white box attacks • White – training set is known by the attacker • Black – training set is not known • AML is particularly well-suited to hivenets and swarmbots, especially autonomous ones Introduction – Adversarial Machine Learning & GANs
Best Of The World In Security Conference • Generative Adversarial Network – GAN • Analyzes a training set generates new data with the same characteristics as the training set • Goal is to generate elements of the target’s training set that are slightly – but not observably – different to fool the target into thinking that the GAN- generated elements are genuine • Applicable especially to autonomous swarmbots Introduction – Adversarial Machine Learning & GANs
Best Of The World In Security Conference • What is a next generation security tool? • A tool that uses one or more components of AI • How do I know I am getting such a tool? What questions should I have answered and proven in a demo? • Are you using supervised, unsupervised or reinforcement learning? • If supervised, where are you getting your training data? • Tell me about your algorithms – what do they do? • Just having algorithms does not make the tool AI • Some example open source/free tools • See exhaustive curated collection at GitHub: https://github.com/jivoi/awesome-ml-for- cybersecurity • Excellent tutorial by Alexadre Pinto at https://www.youtube.com/watch?v=tukidI5vuBs • Test your AI-based defenses with DeepFool (free): https://towardsdatascience.com/deepfool- a-simple-and-accurate-method-to-fool-deep-neural-networks-17e0d0910ac0 • More and link to Python code at https://github.com/LTS4/DeepFool/blob/master/MATLAB/README.md • Weka – ML workbench: https://www.cs.waikato.ac.nz/ml/weka/ … user can assemble machine learning pipelines, train models, and run predictions without having to write code – demo Picking Your Tools
Best Of The World In Security Conference • Devevloped by the Machine Learning Group at the University of Waikato (https://www.cs.waikato.ac.nz/ml/weka/) • Can be integrated with many data science tools • R • Python • Apache Spark • Scikit-learn • WekaDeeplearning4j is a deep learning package for Weka • No programming required • Can be used for practical purposes • Phishing email analysis* demo is a good example • *Tan, Choon Lin (2018), “Phishing Dataset for Machine Learning: Feature Evaluation”, Mendeley Data, V1, doi: 10.17632/h3cgnj8hft.1 http://dx.doi.org/10.17632/h3cgnj8hft.1 Picking Your Tools – Weka: A Machine Learning Workbench
Best Of The World In Security Conference • Easy steps • Build a model • Save the model • Load the model • Make predictions • What you need • Weka • Training dataset • https://github.com/renatopp/arff-datasets • https://waikato.github.io/weka-wiki/datasets/ • https://math.nist.gov/mcsd/savg/vis/NVD/index.html (National Vulnerability Database) • Test your dataset to make predictions using your data • DEMO of WEKA on a PHISHING EMAIL DATASET Picking Your Tools – Weka: A Machine Learning Workbench
Best Of The World In Security Conference • No open source/free products as far as I know • Several competent commercial products • What is a deception network? • Technology that overlays or interlays traps, lures and decoys on the enterprise that exactly mimic enterprise assets • What is a deception network NOT? • Honeypot or honeynet Picking Your Tools – Deception Nets
Best Of The World In Security Conference • Our deception net has advanced features (be sure to include these if you decide to build your own from scratch) • Unsupervised ML – enterprise discovery • Decoys – Virtual network assets such as virtual devices that mimic actual devices transparently • Lures – Enterprise items such as email addresses, emails, users, file systems and documents • Sinkhole with built-in forensics • Active directory defenses and forensics • Forensics to detect, among other things, lateral movement by watching endpoints • Deception network demo • Using a commercial product because of a lack of open source products • You could build an open source deception net using Python (probably) and any of several open source libraries and general ML tool kits Picking Your Tools – Deception Nets
Best Of The World In Security Conference • Beginning to experiment with ML • A few things the adversary might do • ML-based malware • ML-based obfuscation, especially of malware • ML-managed spam • DeepFake images, video, audio and social media postings • FakeApp - https://www.malavida.com/en/soft/fakeapp/ - brief walkabout • DeepFaceLab (Microsoft – free) https://github.com/iperov/DeepFaceLab • Tool resource: http://www.deepfakestate.com/deepfake-tools What About the Adversary?
Best Of The World In Security Conference • PEsidious: malware obfuscation using machine learning • Mutates the malware • Uses reinforcement learning and GANs • Tries to bypass classifiers in ML-based anti-malware • Keeps malware functionality • Full instructions and code at https://github.com/Vi45en/Pesidious (excellent) • Includes benign and malicious binaries for training • Excellent reference guide at https://vaya97chandni.gitbook.io/pesidious/ What About the Adversary? – an Example of Malicious AI
Best Of The World In Security Conference What About the Adversary? – PEsidious (simplified)
Best Of The World In Security Conference What About the Adversary? – PEsidious – Process Detail
Best Of The World In Security Conference What About the Adversary? - PEsidious The MalGAN generative adversarial network used by Pesidious Generates adversarial feature vectors that appear to be benign
Best Of The World In Security Conference • Feature extraction and feature mapping vector generation – training • Generate a feature vector mapping for section names and import functions from a malware and benign binary samples • Features Vector Mapping • Malware Feature Vectors • Benign Feature Vectors • Malware feature vector mutation using Generative Adversarial Networks • Feed the feature vectors to the MalGAN model to generate adversarial feature vectors which appear to be benign • Build binaries of the mutated malware What About the Adversary? – PEsidious – How it Works
Best Of The World In Security Conference What About the Adversary? – PEsidious – Test Results 1682 Benign binaries - Scraped from our host computers. 2094 Malware binaries - Downloaded from VirusTotal. Training Data
Best Of The World In Security Conference • This section taken from three years of research for a PhD in law with an emphasis on cyber law • Upcoming book: The Collision of the Law and Cyber Science to be published next year • A theory of cyber law based upon jurisdiction • Over 170 U.S. cases studied • Key aspects: • Purposeful availment • Effects test • Minimum contacts • Due process clause of the 14th amendment to the U.S. Constitution • Definitions of general and specific personal jurisdiction The Law and Cyber Science
Best Of The World In Security Conference • The problem we are trying to solve: • Can every American potentially cyber-related private law case be analyzed, jurisdiction guidance applied, and probability of accuracy of that guidance determined using The Cyber Jurisdiction Framework generally, and the three-prong test specifically. • My research developed the Cyber Jurisdiction Framework and the three-prong test • Cyberspace is not a separate domain as many describe it, but, rather is an overlay on the physical space • Result of my research and the opinion held by the Tallinn Manual 2.0 on international law applicable to cyber operations prepared for NATO • Three kinds of case outcomes • Simple – my be adjudicated using settled law • Hard – may be adjudicated using novel interpretations of settled law • Complicated – requires either new laws or amendments/modifications to settled law to adjudicate The Law and Cyber Science
Best Of The World In Security Conference • The Cyber Jurisdiction Framework (CJF) Guidelines • A State may only exercise its jurisdiction if another State with a purportedly stronger nexus to the case fails to do so in ways that are reasonably acceptable to the would-be regulating State or to the international community at large. • The place of the harm is the place of the impact • Non-consensual or unauthorized control of intermediate Internet or other network-attached devices and computers does not dictate personal jurisdiction in the forum where the devices or computers reside • Substantive directed contact suggests the jurisdiction. By “directed” I mean intentional and with • knowledge of the contact. • Where settled physical space law exists as to the choice of jurisdiction and the type and nature of anticipated litigation, such as an event that begins and is completed within the same jurisdiction, that law shall be applied, with modifications to address the cyber aspects of the event if necessary. • The place of the harm usually is the first choice for jurisdiction. • Where an attack or other wrong acts autonomously, the developer, actor launching the malicious code or attack, or producer of the offending autonomous code, is liable. The Law and Cyber Science – Cyber Jurisdiction Framework
Best Of The World In Security Conference • Constructs describe the environment(s) of the event • Five general constructs in the CJF • Construct 1: The event is completely within the forum’s jurisdiction. It begins and ends in the forum without passing through any other jurisdiction. • Construct 2: The cyber event begins and ends in the same forum’s jurisdiction but at some point it passes through another jurisdiction • Construct 3: The event begins in one jurisdiction and ends in another without any intermediate stops in other jurisdictions • Construct 4: The event begins in one jurisdiction and ends in another but makes intermediate stops in a third (or more) jurisdiction(s). • Null Construct: – Symbolized by φ, the Null Construct is used when the case has no cyber relationships. • Two important definitions • Cyberspace - Cyberspace is a complex global information infrastructure that facilitates communication between technology such as computers, networks and other digital systems, both independently and on behalf of people using it. Cyberspace per se is distinct from physical space and the constraints imposed by it such as geographic boundaries • Cyber science - Cyber science is the study of phenomena caused or generated within the cyber space, which may or may not interact with phenomena caused or generated within the physical space. The Law and Cyber Science – CJF Constructs
Best Of The World In Security Conference • 2-step process used to validate the CJF • Over 170 private law cases analyzed • Evaluate the selected cases individually for consistency between the CJF and actual case outcomes • Evaluate the study as a whole for overall consistency and CJF validation • Modifiers used when analyzing cases using the CJF • Minimum contacts • Purposeful availment • Effects test • Points of confusion • Place of the harm • The state where the last event necessary to make an actor liable for an alleged tort takes place • Minimum contacts • What is that number? Depends upon the type and quality of contact. Could be as low as one • International Shoe Co v. Washington The Law and Cyber Science – CJF Case Analysis Methodology
Best Of The World In Security Conference • Zippo Manufacturing Co. v. Zippo Dot Com Inc. • Purposeful availment • Minimum contacts • Begins in one jurisdiction and ends in another while passing through, but not stopping in, another jurisdiction (Construct 3) The Law and Cyber Science –Seminal Internet Jurisdiction Case Zippo Manufacturing Company is the maker of Zippo lighters and is headquartered in Bradford, Pennsylvania. Zippo Dot Com was an internet news service located in Sunnyvale, California. The case turns on Manufacturing’s complaint that Dot Com had infringed Manufacturing’s trademarks and other similar claims. The claims were both Federal and based upon Pennsylvania law. Dot Com set a motion before the Court for dismissal based upon lack of jurisdiction in Pennsylvania since Dot Com was a California company. Dot Com also moved to relocate the case to another Federal Court under 28 U.S.C. § 1406(a). The Court denied the motion. Dot Com had a provision on the site for signing up subscribers and approximately 2% of its global customers were in Pennsylvania. Therefore, it was not a passive site and was subject to personal jurisdiction in Pennsylvania rather than its home state of California.
Best Of The World In Security Conference • Microsoft Corp. v. John Does 1-82 • Dismantling of the Citadel botnet • The District Court claimed personal jurisdiction over the unknown developers/operators of the botnet – how? • Used aliases of admins of the command and control servers • Court was in North Carolina because of a heavy concentration of Microsoft customers which the complaint claimed were harmed as well as Microsoft • Botnet’s command and control structure was known • Won’t be the case for next generation autonomous hivenets and swarmbots • Based largely on purposeful availment and the effects test The Law and Cyber Science –A Very Complicated Case
Best Of The World In Security Conference • The 3-prong test for personal jurisdiction • The Cyber Event Test – is the case, actually, cyber-related? • In order to be classified as a Cyber Event, the case must adhere to both the definition of cyberspace and the definition of cyber science Cyberspace is a complex global information infrastructure that facilitates communication between technology such as computers, networks and other digital systems, both independently and on behalf of people using it. Cyberspace per se is distinct from physical space and the constraints imposed by it such as geographic boundaries • The Modifier Test – does the case have a clear indication of the primary modifier, purposeful availment, and the secondary modifier minimum contacts, in the contest of cyberspace? • In order to be subject to jurisdiction in cyberspace, the case must demonstrate purposeful availment within the context of cyberspace. The case also must be able to apply minimum contacts in order to comport with the due process clause of the Constitution. • The Cyber Effects Test – does the selected jurisdiction properly reflect the place of the harm? • In order to be subject to jurisdiction in cyberspace the case must be able to apply the standard effects test within the context of cyberspace. The Law and Cyber Science –A Way Forward
Best Of The World In Security Conference • Cybersell v. Cybersell - 1997 • Two separate companies that did different businesses • Both Internet-dependent • One in Arizona and one in Florida • Trademark infringement • CSA (Cybersell Arizona) sued CSF (Cybersell Florida) for infringing its trademark • One used Internet for email marketing and the other built web sites • Cyber event test is satisfied • CSA (plaintiff) could not establish that CSF (defendant) purposefully availed itself of business in Florida since the Florida web site was passive • Purposeful availment fails for passive web sites • Modifier test fails • CSA claims Arizona as the place of the harm but CSA or its customers were not affected by access to the passive Florida website • Effects test fails • Under CJF Guideline 5 settled physical space law is sufficient to adjudicate this case The Law and Cyber Science –A Way Forward - Example
Best Of The World In Security Conference • An Emerging Role of Cyber-Legal Practitioner is needed • Cyber Forensic Training Including Advanced Malware Analysis and Evidence Identification and Gathering Needs to enter Education Programs • Lawyers and Courts Need to Become Better Acquainted with Advanced Cyber Threats • Organizations need to be prepared to address these three issues through training, awareness, advance contracting of both legal and technical experts, next generation-relevant policies, and application of next generation tools, techniques and procedures designed both to protect and gather forensic evidence in an autonomous environment The Law and Cyber Science –Governance Issues
Best Of The World In Security Conference • Although well over 80% of so-called cyber-related cases can be solved without recourse to cyber technology, there is an increasing number that are hard cases from the cyber perspective. • For those cases that involve artificial intelligence in general and machine learning in particular, the challenges border on the extreme as our hypothetical illustrates. We are not, today, prepared legally or technically to address these new challenges. However, and much more important, lawyers and cyber subject matter experts (SMEs) are not yet prepared educationally to work together. • When the law takes on the creator of an autonomous malware system (hivenets and swarmbots, for example) it will have to depend upon expert witnesses and even then the interactions are very complicated. The Law and Cyber Science – Conclusions
Best Of The World In Security Conference Questions? Dr. Peter Stephenson pstephen@cdfs.us

Recommandé

Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityPriyanka Aash
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Digital Bond
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017FRSecure
 
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017FRSecure
 

Recommandé

Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityPriyanka Aash
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Digital Bond
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017FRSecure
 
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017FRSecure
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systemscentralohioissa
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramFRSecure
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Chris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert CommunicationsChris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert Communicationscentralohioissa
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...North Texas Chapter of the ISSA
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?centralohioissa
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...North Texas Chapter of the ISSA
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Outpost24
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
 
OISF - Continuous Skills Improvement for Everyone
OISF - Continuous Skills Improvement for EveryoneOISF - Continuous Skills Improvement for Everyone
OISF - Continuous Skills Improvement for EveryoneCiNPA Security SIG
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 

Contenu connexe

Tendances

Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systemscentralohioissa
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramFRSecure
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Chris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert CommunicationsChris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert Communicationscentralohioissa
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...North Texas Chapter of the ISSA
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?centralohioissa
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...North Texas Chapter of the ISSA
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Outpost24
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
 

Tendances (20)

Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration Testing
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APT
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent Threats
 
Chris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert CommunicationsChris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert Communications
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
 

Similaire à Managing Next Generation Threats to Cyber Security

OISF - Continuous Skills Improvement for Everyone
OISF - Continuous Skills Improvement for EveryoneOISF - Continuous Skills Improvement for Everyone
OISF - Continuous Skills Improvement for EveryoneCiNPA Security SIG
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Aaron Hnatiw
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
High time to add machine learning to your information security stack
High time to add machine learning to your information security stackHigh time to add machine learning to your information security stack
High time to add machine learning to your information security stackMinhaz A V
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
 
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You...
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You..."Threat Model Every Story": Practical Continuous Threat Modeling Work for You...
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You...Izar Tarandach
 
Attack Simulation and Hunting
Attack Simulation and HuntingAttack Simulation and Hunting
Attack Simulation and Huntingnathi mogomotsi
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)Andrew Case
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresJose L. Quiñones-Borrero
 
CyberSecurity Portfolio Management
CyberSecurity Portfolio ManagementCyberSecurity Portfolio Management
CyberSecurity Portfolio ManagementPriyanka Aash
 
Incorporating Threat Intelligence into Your Enterprise Communications Systems...
Incorporating Threat Intelligence into Your Enterprise Communications Systems...Incorporating Threat Intelligence into Your Enterprise Communications Systems...
Incorporating Threat Intelligence into Your Enterprise Communications Systems...EC-Council
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information securityAnant Shrivastava
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Alex Pinto
 
Myth-busting in Application Security
Myth-busting in Application SecurityMyth-busting in Application Security
Myth-busting in Application SecurityDevOps.com
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 

Similaire à Managing Next Generation Threats to Cyber Security (20)

OISF - Continuous Skills Improvement for Everyone
OISF - Continuous Skills Improvement for EveryoneOISF - Continuous Skills Improvement for Everyone
OISF - Continuous Skills Improvement for Everyone
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
High time to add machine learning to your information security stack
High time to add machine learning to your information security stackHigh time to add machine learning to your information security stack
High time to add machine learning to your information security stack
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
 
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You...
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You..."Threat Model Every Story": Practical Continuous Threat Modeling Work for You...
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You...
 
Attack Simulation and Hunting
Attack Simulation and HuntingAttack Simulation and Hunting
Attack Simulation and Hunting
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2
 
My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and Countermeasures
 
CyberSecurity Portfolio Management
CyberSecurity Portfolio ManagementCyberSecurity Portfolio Management
CyberSecurity Portfolio Management
 
Incorporating Threat Intelligence into Your Enterprise Communications Systems...
Incorporating Threat Intelligence into Your Enterprise Communications Systems...Incorporating Threat Intelligence into Your Enterprise Communications Systems...
Incorporating Threat Intelligence into Your Enterprise Communications Systems...
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
 
AI System.pptx
AI System.pptxAI System.pptx
AI System.pptx
 
Myth-busting in Application Security
Myth-busting in Application SecurityMyth-busting in Application Security
Myth-busting in Application Security
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
 

Plus de Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

Plus de Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Dernier

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Dernier (20)

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

Managing Next Generation Threats to Cyber Security

  • 1. Best Of The World In Security Conference Best Of The World In Security 12-13 November 2020 Managing Next Generation Threats to Cyber Security Dr. Peter Stephenson, CISSP (Lifetime) Center for Digital Forensic Studies
  • 2. Best Of The World In Security Conference • Questions anytime – but be courteous and respectful • Breaks about every hour – 10 minutes • That’s all, folks….. House Rules
  • 3. Best Of The World In Security Conference • PhD in computing with research and specialty in digital investigation • MA in diplomacy with a concentration in terrorism • Over 55 years experience including 10 years as a US Navy crypto tech • Consultant for over 40 years • Associate Professor at a private military college for ten years teaching cyber forensics, cyber crime/cyber law, and network attack/defend (red team/blue team) • Lifetime (retired) CISSP • Author or co-author of 20 books (new one coming next year) • Retired technology editor at SC Magazine • Blog at SecureWorldExpo.com • Deep-dive reviews at Cyber Defense Magazine with podcast coming soon • All-but-dissertation, PhD in Law focusing on cyberspace About me
  • 4. Best Of The World In Security Conference • Introduction - sorting out the next gen hype from the next gen facts and a few definitions • Picking your tools - are they really next gen and how do you know - do you need next gen tools and why or why not – an example with a short demo • Is the adversary using next gen technologies, how do we know and what should we do? • The law and cyber science - are we ready to prosecute the next generation of adversary - what are we doing now and what's wrong with it - do we need a whole new set of laws? - How does this affect our governance? Agenda
  • 5. Best Of The World In Security Conference • Complicated field of AI • Lots of definitions • For example, Dr. Jason Brownlee cites 14 different types of machine learning alone • 1. Supervised Learning • 2. Unsupervised Learning • 3. Reinforcement Learning • 4. Semi-Supervised Learning • 5. Self-Supervised Learning • 6. Multi-Instance Learning • 7. Inductive Learning • 8. Deductive Inference • 9. Transductive Learning • 10. Multi-Task Learning • 11. Active Learning • 12. Online Learning • 13. Transfer Learning • 14. Ensemble Learning Introduction
  • 6. Best Of The World In Security Conference • Key constructs • Machine learning • Supervised, unsupervised and reinforcement - classifiers • Deep learning • Neural networks • Why bother with all of this? • AI, especially ML, is in many security tools • AI, especially ML, is being explored by the adversary as a viable attack modality • Lots of security tools claim AI but not all really incorporate it • Bottom line: this is where cyber science and cyber security are headed and we need to understand it, at least at a 100,000 foot level Introduction
  • 7. Best Of The World In Security Conference • Artificial intelligence • The computing technology that behaves like human intelligence – comprises several specific techniques/technologies • Neural network • The algorithms that simulate human brain activity – input layer, hidden layer(s) and output layer • Machine Learning • Based upon neural networks and may or may not use labeled data initially • Deep learning • Based upon neural networks and machine learning with multiple hidden layers Introduction – Machine Learning
  • 8. Best Of The World In Security Conference • Defined by towarddatascience.com as “… providing systems the ability to automatically learn and improve from experience without being explicitly programmed.” • Basic machine learning algorithm • Y = f(X) • Y is the dependent variable (the answer we seek) • X is the independent variable (the independent variable we are given) • f is a function (some formula or algorithm we are given) • Initially we may not be given X or Y – we don’t even start out by knowing f • Training data is randomly selected Xs and Ys that represent what we know and what we are seeking. • We then look for relationships between the two and derive our f • Or, we may know f and need to apply it to an already-labeled training set • Supervised learning • The algorithm is much more complicated and there may be several Introduction – Machine Learning
  • 9. Best Of The World In Security Conference • Depends upon labels • All elements in the dataset are labeled • Algorithms f predict output Y from the input X • Outputs can be grouped into packages of similar elements using a classifier • X (with labels) -> f (algorithm models) -> Y • The key in supervised learning is the label. Elements are classified by their labels which are assigned already • When a new unknown element is introduced to the model it is assigned a label and its classification is predicted Introduction – Supervised Machine Learning
  • 10. Best Of The World In Security Conference • Unsupervised learning does not start with labeled data elements • Systems infer a function from unlabeled input data • Can be clustering (discover inherent classifications) • Can be association (discover association rules in the input data based upon the algorithm) • X -> f -> classifier Introduction – Unsupervised Machine Learning
  • 11. Best Of The World In Security Conference • Learns through the consequences of behavior in a given environment • Behavioral learning model • Algorithm provides analysis feedback, selecting the best result (a “reward”) • Not trained by a dataset – learns using trial and error, like a human child’s learning based upon experience • Algorithms can be biased Introduction – Reinforcement Machine Learning
  • 12. Best Of The World In Security Conference • Deep learning uses more than one intermediate layer of f (greatly oversimplified but acceptable for our purposes) • Neural networks simply aim to reproduce the neural pathways in the human brain and how they work (again, greatly simplified but acceptable for our purposes) Introduction – Deep Learning and Neural Networks
  • 13. Best Of The World In Security Conference • By calculating f the adversary can determine how the defensive measures will respond to an attack and then craft an attack to circumvent those measures (adversarial machine learning or AML) • We will discuss an example of this – a tool called PEsidious – later • Another example is DeepFool – tool that computes training data perturbations to fool deep networks • AML consists of determining f and extracting the training set • Black and white box attacks • White – training set is known by the attacker • Black – training set is not known • AML is particularly well-suited to hivenets and swarmbots, especially autonomous ones Introduction – Adversarial Machine Learning & GANs
  • 14. Best Of The World In Security Conference • Generative Adversarial Network – GAN • Analyzes a training set generates new data with the same characteristics as the training set • Goal is to generate elements of the target’s training set that are slightly – but not observably – different to fool the target into thinking that the GAN- generated elements are genuine • Applicable especially to autonomous swarmbots Introduction – Adversarial Machine Learning & GANs
  • 15. Best Of The World In Security Conference • What is a next generation security tool? • A tool that uses one or more components of AI • How do I know I am getting such a tool? What questions should I have answered and proven in a demo? • Are you using supervised, unsupervised or reinforcement learning? • If supervised, where are you getting your training data? • Tell me about your algorithms – what do they do? • Just having algorithms does not make the tool AI • Some example open source/free tools • See exhaustive curated collection at GitHub: https://github.com/jivoi/awesome-ml-for- cybersecurity • Excellent tutorial by Alexadre Pinto at https://www.youtube.com/watch?v=tukidI5vuBs • Test your AI-based defenses with DeepFool (free): https://towardsdatascience.com/deepfool- a-simple-and-accurate-method-to-fool-deep-neural-networks-17e0d0910ac0 • More and link to Python code at https://github.com/LTS4/DeepFool/blob/master/MATLAB/README.md • Weka – ML workbench: https://www.cs.waikato.ac.nz/ml/weka/ … user can assemble machine learning pipelines, train models, and run predictions without having to write code – demo Picking Your Tools
  • 16. Best Of The World In Security Conference • Devevloped by the Machine Learning Group at the University of Waikato (https://www.cs.waikato.ac.nz/ml/weka/) • Can be integrated with many data science tools • R • Python • Apache Spark • Scikit-learn • WekaDeeplearning4j is a deep learning package for Weka • No programming required • Can be used for practical purposes • Phishing email analysis* demo is a good example • *Tan, Choon Lin (2018), “Phishing Dataset for Machine Learning: Feature Evaluation”, Mendeley Data, V1, doi: 10.17632/h3cgnj8hft.1 http://dx.doi.org/10.17632/h3cgnj8hft.1 Picking Your Tools – Weka: A Machine Learning Workbench
  • 17. Best Of The World In Security Conference • Easy steps • Build a model • Save the model • Load the model • Make predictions • What you need • Weka • Training dataset • https://github.com/renatopp/arff-datasets • https://waikato.github.io/weka-wiki/datasets/ • https://math.nist.gov/mcsd/savg/vis/NVD/index.html (National Vulnerability Database) • Test your dataset to make predictions using your data • DEMO of WEKA on a PHISHING EMAIL DATASET Picking Your Tools – Weka: A Machine Learning Workbench
  • 18. Best Of The World In Security Conference • No open source/free products as far as I know • Several competent commercial products • What is a deception network? • Technology that overlays or interlays traps, lures and decoys on the enterprise that exactly mimic enterprise assets • What is a deception network NOT? • Honeypot or honeynet Picking Your Tools – Deception Nets
  • 19. Best Of The World In Security Conference • Our deception net has advanced features (be sure to include these if you decide to build your own from scratch) • Unsupervised ML – enterprise discovery • Decoys – Virtual network assets such as virtual devices that mimic actual devices transparently • Lures – Enterprise items such as email addresses, emails, users, file systems and documents • Sinkhole with built-in forensics • Active directory defenses and forensics • Forensics to detect, among other things, lateral movement by watching endpoints • Deception network demo • Using a commercial product because of a lack of open source products • You could build an open source deception net using Python (probably) and any of several open source libraries and general ML tool kits Picking Your Tools – Deception Nets
  • 20. Best Of The World In Security Conference • Beginning to experiment with ML • A few things the adversary might do • ML-based malware • ML-based obfuscation, especially of malware • ML-managed spam • DeepFake images, video, audio and social media postings • FakeApp - https://www.malavida.com/en/soft/fakeapp/ - brief walkabout • DeepFaceLab (Microsoft – free) https://github.com/iperov/DeepFaceLab • Tool resource: http://www.deepfakestate.com/deepfake-tools What About the Adversary?
  • 21. Best Of The World In Security Conference • PEsidious: malware obfuscation using machine learning • Mutates the malware • Uses reinforcement learning and GANs • Tries to bypass classifiers in ML-based anti-malware • Keeps malware functionality • Full instructions and code at https://github.com/Vi45en/Pesidious (excellent) • Includes benign and malicious binaries for training • Excellent reference guide at https://vaya97chandni.gitbook.io/pesidious/ What About the Adversary? – an Example of Malicious AI
  • 22. Best Of The World In Security Conference What About the Adversary? – PEsidious (simplified)
  • 23. Best Of The World In Security Conference What About the Adversary? – PEsidious – Process Detail
  • 24. Best Of The World In Security Conference What About the Adversary? - PEsidious The MalGAN generative adversarial network used by Pesidious Generates adversarial feature vectors that appear to be benign
  • 25. Best Of The World In Security Conference • Feature extraction and feature mapping vector generation – training • Generate a feature vector mapping for section names and import functions from a malware and benign binary samples • Features Vector Mapping • Malware Feature Vectors • Benign Feature Vectors • Malware feature vector mutation using Generative Adversarial Networks • Feed the feature vectors to the MalGAN model to generate adversarial feature vectors which appear to be benign • Build binaries of the mutated malware What About the Adversary? – PEsidious – How it Works
  • 26. Best Of The World In Security Conference What About the Adversary? – PEsidious – Test Results 1682 Benign binaries - Scraped from our host computers. 2094 Malware binaries - Downloaded from VirusTotal. Training Data
  • 27. Best Of The World In Security Conference • This section taken from three years of research for a PhD in law with an emphasis on cyber law • Upcoming book: The Collision of the Law and Cyber Science to be published next year • A theory of cyber law based upon jurisdiction • Over 170 U.S. cases studied • Key aspects: • Purposeful availment • Effects test • Minimum contacts • Due process clause of the 14th amendment to the U.S. Constitution • Definitions of general and specific personal jurisdiction The Law and Cyber Science
  • 28. Best Of The World In Security Conference • The problem we are trying to solve: • Can every American potentially cyber-related private law case be analyzed, jurisdiction guidance applied, and probability of accuracy of that guidance determined using The Cyber Jurisdiction Framework generally, and the three-prong test specifically. • My research developed the Cyber Jurisdiction Framework and the three-prong test • Cyberspace is not a separate domain as many describe it, but, rather is an overlay on the physical space • Result of my research and the opinion held by the Tallinn Manual 2.0 on international law applicable to cyber operations prepared for NATO • Three kinds of case outcomes • Simple – my be adjudicated using settled law • Hard – may be adjudicated using novel interpretations of settled law • Complicated – requires either new laws or amendments/modifications to settled law to adjudicate The Law and Cyber Science
  • 29. Best Of The World In Security Conference • The Cyber Jurisdiction Framework (CJF) Guidelines • A State may only exercise its jurisdiction if another State with a purportedly stronger nexus to the case fails to do so in ways that are reasonably acceptable to the would-be regulating State or to the international community at large. • The place of the harm is the place of the impact • Non-consensual or unauthorized control of intermediate Internet or other network-attached devices and computers does not dictate personal jurisdiction in the forum where the devices or computers reside • Substantive directed contact suggests the jurisdiction. By “directed” I mean intentional and with • knowledge of the contact. • Where settled physical space law exists as to the choice of jurisdiction and the type and nature of anticipated litigation, such as an event that begins and is completed within the same jurisdiction, that law shall be applied, with modifications to address the cyber aspects of the event if necessary. • The place of the harm usually is the first choice for jurisdiction. • Where an attack or other wrong acts autonomously, the developer, actor launching the malicious code or attack, or producer of the offending autonomous code, is liable. The Law and Cyber Science – Cyber Jurisdiction Framework
  • 30. Best Of The World In Security Conference • Constructs describe the environment(s) of the event • Five general constructs in the CJF • Construct 1: The event is completely within the forum’s jurisdiction. It begins and ends in the forum without passing through any other jurisdiction. • Construct 2: The cyber event begins and ends in the same forum’s jurisdiction but at some point it passes through another jurisdiction • Construct 3: The event begins in one jurisdiction and ends in another without any intermediate stops in other jurisdictions • Construct 4: The event begins in one jurisdiction and ends in another but makes intermediate stops in a third (or more) jurisdiction(s). • Null Construct: – Symbolized by φ, the Null Construct is used when the case has no cyber relationships. • Two important definitions • Cyberspace - Cyberspace is a complex global information infrastructure that facilitates communication between technology such as computers, networks and other digital systems, both independently and on behalf of people using it. Cyberspace per se is distinct from physical space and the constraints imposed by it such as geographic boundaries • Cyber science - Cyber science is the study of phenomena caused or generated within the cyber space, which may or may not interact with phenomena caused or generated within the physical space. The Law and Cyber Science – CJF Constructs
  • 31. Best Of The World In Security Conference • 2-step process used to validate the CJF • Over 170 private law cases analyzed • Evaluate the selected cases individually for consistency between the CJF and actual case outcomes • Evaluate the study as a whole for overall consistency and CJF validation • Modifiers used when analyzing cases using the CJF • Minimum contacts • Purposeful availment • Effects test • Points of confusion • Place of the harm • The state where the last event necessary to make an actor liable for an alleged tort takes place • Minimum contacts • What is that number? Depends upon the type and quality of contact. Could be as low as one • International Shoe Co v. Washington The Law and Cyber Science – CJF Case Analysis Methodology
  • 32. Best Of The World In Security Conference • Zippo Manufacturing Co. v. Zippo Dot Com Inc. • Purposeful availment • Minimum contacts • Begins in one jurisdiction and ends in another while passing through, but not stopping in, another jurisdiction (Construct 3) The Law and Cyber Science –Seminal Internet Jurisdiction Case Zippo Manufacturing Company is the maker of Zippo lighters and is headquartered in Bradford, Pennsylvania. Zippo Dot Com was an internet news service located in Sunnyvale, California. The case turns on Manufacturing’s complaint that Dot Com had infringed Manufacturing’s trademarks and other similar claims. The claims were both Federal and based upon Pennsylvania law. Dot Com set a motion before the Court for dismissal based upon lack of jurisdiction in Pennsylvania since Dot Com was a California company. Dot Com also moved to relocate the case to another Federal Court under 28 U.S.C. § 1406(a). The Court denied the motion. Dot Com had a provision on the site for signing up subscribers and approximately 2% of its global customers were in Pennsylvania. Therefore, it was not a passive site and was subject to personal jurisdiction in Pennsylvania rather than its home state of California.
  • 33. Best Of The World In Security Conference • Microsoft Corp. v. John Does 1-82 • Dismantling of the Citadel botnet • The District Court claimed personal jurisdiction over the unknown developers/operators of the botnet – how? • Used aliases of admins of the command and control servers • Court was in North Carolina because of a heavy concentration of Microsoft customers which the complaint claimed were harmed as well as Microsoft • Botnet’s command and control structure was known • Won’t be the case for next generation autonomous hivenets and swarmbots • Based largely on purposeful availment and the effects test The Law and Cyber Science –A Very Complicated Case
  • 34. Best Of The World In Security Conference • The 3-prong test for personal jurisdiction • The Cyber Event Test – is the case, actually, cyber-related? • In order to be classified as a Cyber Event, the case must adhere to both the definition of cyberspace and the definition of cyber science Cyberspace is a complex global information infrastructure that facilitates communication between technology such as computers, networks and other digital systems, both independently and on behalf of people using it. Cyberspace per se is distinct from physical space and the constraints imposed by it such as geographic boundaries • The Modifier Test – does the case have a clear indication of the primary modifier, purposeful availment, and the secondary modifier minimum contacts, in the contest of cyberspace? • In order to be subject to jurisdiction in cyberspace, the case must demonstrate purposeful availment within the context of cyberspace. The case also must be able to apply minimum contacts in order to comport with the due process clause of the Constitution. • The Cyber Effects Test – does the selected jurisdiction properly reflect the place of the harm? • In order to be subject to jurisdiction in cyberspace the case must be able to apply the standard effects test within the context of cyberspace. The Law and Cyber Science –A Way Forward
  • 35. Best Of The World In Security Conference • Cybersell v. Cybersell - 1997 • Two separate companies that did different businesses • Both Internet-dependent • One in Arizona and one in Florida • Trademark infringement • CSA (Cybersell Arizona) sued CSF (Cybersell Florida) for infringing its trademark • One used Internet for email marketing and the other built web sites • Cyber event test is satisfied • CSA (plaintiff) could not establish that CSF (defendant) purposefully availed itself of business in Florida since the Florida web site was passive • Purposeful availment fails for passive web sites • Modifier test fails • CSA claims Arizona as the place of the harm but CSA or its customers were not affected by access to the passive Florida website • Effects test fails • Under CJF Guideline 5 settled physical space law is sufficient to adjudicate this case The Law and Cyber Science –A Way Forward - Example
  • 36. Best Of The World In Security Conference • An Emerging Role of Cyber-Legal Practitioner is needed • Cyber Forensic Training Including Advanced Malware Analysis and Evidence Identification and Gathering Needs to enter Education Programs • Lawyers and Courts Need to Become Better Acquainted with Advanced Cyber Threats • Organizations need to be prepared to address these three issues through training, awareness, advance contracting of both legal and technical experts, next generation-relevant policies, and application of next generation tools, techniques and procedures designed both to protect and gather forensic evidence in an autonomous environment The Law and Cyber Science –Governance Issues
  • 37. Best Of The World In Security Conference • Although well over 80% of so-called cyber-related cases can be solved without recourse to cyber technology, there is an increasing number that are hard cases from the cyber perspective. • For those cases that involve artificial intelligence in general and machine learning in particular, the challenges border on the extreme as our hypothetical illustrates. We are not, today, prepared legally or technically to address these new challenges. However, and much more important, lawyers and cyber subject matter experts (SMEs) are not yet prepared educationally to work together. • When the law takes on the creator of an autonomous malware system (hivenets and swarmbots, for example) it will have to depend upon expert witnesses and even then the interactions are very complicated. The Law and Cyber Science – Conclusions
  • 38. Best Of The World In Security Conference Questions? Dr. Peter Stephenson pstephen@cdfs.us