This document provides an overview of a conference on managing next generation threats to cyber security. It includes details about the speaker, Dr. Peter Stephenson, and his extensive background in computing, diplomacy, cyber forensics, and cyber law. The document outlines the conference agenda, which will discuss topics like picking the right tools for next generation security, how adversaries may use next generation technologies, and challenges around prosecuting next generation crimes. Specific techniques like machine learning, deep learning, neural networks, and generative adversarial networks are defined. An example adversarial machine learning tool called PEsidious is also described.
Managing Next Generation Threats to Cyber Security
1. Best Of The World In Security Conference
Best Of The World In Security
12-13 November 2020
Managing Next Generation
Threats to Cyber Security
Dr. Peter Stephenson, CISSP (Lifetime)
Center for Digital Forensic Studies
2. Best Of The World In Security Conference
• Questions anytime – but be courteous and respectful
• Breaks about every hour – 10 minutes
• That’s all, folks…..
House Rules
3. Best Of The World In Security Conference
• PhD in computing with research and specialty in digital investigation
• MA in diplomacy with a concentration in terrorism
• Over 55 years experience including 10 years as a US Navy crypto tech
• Consultant for over 40 years
• Associate Professor at a private military college for ten years teaching cyber
forensics, cyber crime/cyber law, and network attack/defend (red
team/blue team)
• Lifetime (retired) CISSP
• Author or co-author of 20 books (new one coming next year)
• Retired technology editor at SC Magazine
• Blog at SecureWorldExpo.com
• Deep-dive reviews at Cyber Defense Magazine with podcast coming soon
• All-but-dissertation, PhD in Law focusing on cyberspace
About me
4. Best Of The World In Security Conference
• Introduction - sorting out the next gen hype from the next gen facts
and a few definitions
• Picking your tools - are they really next gen and how do you know -
do you need next gen tools and why or why not – an example with a
short demo
• Is the adversary using next gen technologies, how do we know and
what should we do?
• The law and cyber science - are we ready to prosecute the next
generation of adversary - what are we doing now and what's wrong
with it - do we need a whole new set of laws? - How does this affect
our governance?
Agenda
5. Best Of The World In Security Conference
• Complicated field of AI
• Lots of definitions
• For example, Dr. Jason Brownlee cites 14 different types of machine learning alone
• 1. Supervised Learning
• 2. Unsupervised Learning
• 3. Reinforcement Learning
• 4. Semi-Supervised Learning
• 5. Self-Supervised Learning
• 6. Multi-Instance Learning
• 7. Inductive Learning
• 8. Deductive Inference
• 9. Transductive Learning
• 10. Multi-Task Learning
• 11. Active Learning
• 12. Online Learning
• 13. Transfer Learning
• 14. Ensemble Learning
Introduction
6. Best Of The World In Security Conference
• Key constructs
• Machine learning
• Supervised, unsupervised and reinforcement - classifiers
• Deep learning
• Neural networks
• Why bother with all of this?
• AI, especially ML, is in many security tools
• AI, especially ML, is being explored by the adversary as a viable attack
modality
• Lots of security tools claim AI but not all really incorporate it
• Bottom line: this is where cyber science and cyber security are
headed and we need to understand it, at least at a 100,000 foot level
Introduction
7. Best Of The World In Security Conference
• Artificial intelligence
• The computing technology that behaves like human intelligence – comprises
several specific techniques/technologies
• Neural network
• The algorithms that simulate human brain activity – input layer, hidden
layer(s) and output layer
• Machine Learning
• Based upon neural networks and may or may not use labeled data initially
• Deep learning
• Based upon neural networks and machine learning with multiple hidden
layers
Introduction – Machine Learning
8. Best Of The World In Security Conference
• Defined by towarddatascience.com as “… providing systems the ability to
automatically learn and improve from experience without being explicitly
programmed.”
• Basic machine learning algorithm
• Y = f(X)
• Y is the dependent variable (the answer we seek)
• X is the independent variable (the independent variable we are given)
• f is a function (some formula or algorithm we are given)
• Initially we may not be given X or Y – we don’t even start out by knowing f
• Training data is randomly selected Xs and Ys that represent what we know and what
we are seeking.
• We then look for relationships between the two and derive our f
• Or, we may know f and need to apply it to an already-labeled training set
• Supervised learning
• The algorithm is much more complicated and there may be several
Introduction – Machine Learning
9. Best Of The World In Security Conference
• Depends upon labels
• All elements in the dataset are labeled
• Algorithms f predict output Y from the input X
• Outputs can be grouped into packages of similar elements using a
classifier
• X (with labels) -> f (algorithm models) -> Y
• The key in supervised learning is the label. Elements are classified by
their labels which are assigned already
• When a new unknown element is introduced to the model it is
assigned a label and its classification is predicted
Introduction – Supervised Machine Learning
10. Best Of The World In Security Conference
• Unsupervised learning does not start with labeled data elements
• Systems infer a function from unlabeled input data
• Can be clustering (discover inherent classifications)
• Can be association (discover association rules in the input data based
upon the algorithm)
• X -> f -> classifier
Introduction – Unsupervised Machine Learning
11. Best Of The World In Security Conference
• Learns through the consequences of behavior in a given environment
• Behavioral learning model
• Algorithm provides analysis feedback, selecting the best result (a “reward”)
• Not trained by a dataset – learns using trial and error, like a human
child’s learning based upon experience
• Algorithms can be biased
Introduction – Reinforcement Machine Learning
12. Best Of The World In Security Conference
• Deep learning uses more than one intermediate layer of f (greatly
oversimplified but acceptable for our purposes)
• Neural networks simply aim to reproduce the neural pathways in the
human brain and how they work (again, greatly simplified but
acceptable for our purposes)
Introduction – Deep Learning and Neural Networks
13. Best Of The World In Security Conference
• By calculating f the adversary can determine how the defensive
measures will respond to an attack and then craft an attack to
circumvent those measures (adversarial machine learning or AML)
• We will discuss an example of this – a tool called PEsidious – later
• Another example is DeepFool – tool that computes training data
perturbations to fool deep networks
• AML consists of determining f and extracting the training set
• Black and white box attacks
• White – training set is known by the attacker
• Black – training set is not known
• AML is particularly well-suited to hivenets and swarmbots, especially
autonomous ones
Introduction – Adversarial Machine Learning & GANs
14. Best Of The World In Security Conference
• Generative Adversarial Network – GAN
• Analyzes a training set generates new data with the same characteristics as
the training set
• Goal is to generate elements of the target’s training set that are slightly – but
not observably – different to fool the target into thinking that the GAN-
generated elements are genuine
• Applicable especially to autonomous swarmbots
Introduction – Adversarial Machine Learning & GANs
15. Best Of The World In Security Conference
• What is a next generation security tool?
• A tool that uses one or more components of AI
• How do I know I am getting such a tool? What questions should I have answered
and proven in a demo?
• Are you using supervised, unsupervised or reinforcement learning?
• If supervised, where are you getting your training data?
• Tell me about your algorithms – what do they do?
• Just having algorithms does not make the tool AI
• Some example open source/free tools
• See exhaustive curated collection at GitHub: https://github.com/jivoi/awesome-ml-for-
cybersecurity
• Excellent tutorial by Alexadre Pinto at https://www.youtube.com/watch?v=tukidI5vuBs
• Test your AI-based defenses with DeepFool (free): https://towardsdatascience.com/deepfool-
a-simple-and-accurate-method-to-fool-deep-neural-networks-17e0d0910ac0
• More and link to Python code at https://github.com/LTS4/DeepFool/blob/master/MATLAB/README.md
• Weka – ML workbench: https://www.cs.waikato.ac.nz/ml/weka/ … user can assemble
machine learning pipelines, train models, and run predictions without having to write code –
demo
Picking Your Tools
16. Best Of The World In Security Conference
• Devevloped by the Machine Learning Group at the University of Waikato
(https://www.cs.waikato.ac.nz/ml/weka/)
• Can be integrated with many data science tools
• R
• Python
• Apache Spark
• Scikit-learn
• WekaDeeplearning4j is a deep learning package for Weka
• No programming required
• Can be used for practical purposes
• Phishing email analysis* demo is a good example
• *Tan, Choon Lin (2018), “Phishing Dataset for Machine Learning: Feature Evaluation”,
Mendeley Data, V1, doi: 10.17632/h3cgnj8hft.1 http://dx.doi.org/10.17632/h3cgnj8hft.1
Picking Your Tools – Weka: A Machine Learning Workbench
17. Best Of The World In Security Conference
• Easy steps
• Build a model
• Save the model
• Load the model
• Make predictions
• What you need
• Weka
• Training dataset
• https://github.com/renatopp/arff-datasets
• https://waikato.github.io/weka-wiki/datasets/
• https://math.nist.gov/mcsd/savg/vis/NVD/index.html (National Vulnerability Database)
• Test your dataset to make predictions using your data
• DEMO of WEKA on a PHISHING EMAIL DATASET
Picking Your Tools – Weka: A Machine Learning Workbench
18. Best Of The World In Security Conference
• No open source/free products as far as I know
• Several competent commercial products
• What is a deception network?
• Technology that overlays or interlays traps, lures and decoys on the enterprise
that exactly mimic enterprise assets
• What is a deception network NOT?
• Honeypot or honeynet
Picking Your Tools – Deception Nets
19. Best Of The World In Security Conference
• Our deception net has advanced features (be sure to include these if you
decide to build your own from scratch)
• Unsupervised ML – enterprise discovery
• Decoys – Virtual network assets such as virtual devices that mimic actual devices
transparently
• Lures – Enterprise items such as email addresses, emails, users, file systems and
documents
• Sinkhole with built-in forensics
• Active directory defenses and forensics
• Forensics to detect, among other things, lateral movement by watching endpoints
• Deception network demo
• Using a commercial product because of a lack of open source products
• You could build an open source deception net using Python (probably) and any of
several open source libraries and general ML tool kits
Picking Your Tools – Deception Nets
20. Best Of The World In Security Conference
• Beginning to experiment with ML
• A few things the adversary might do
• ML-based malware
• ML-based obfuscation, especially of malware
• ML-managed spam
• DeepFake images, video, audio and social media postings
• FakeApp - https://www.malavida.com/en/soft/fakeapp/ - brief walkabout
• DeepFaceLab (Microsoft – free) https://github.com/iperov/DeepFaceLab
• Tool resource: http://www.deepfakestate.com/deepfake-tools
What About the Adversary?
21. Best Of The World In Security Conference
• PEsidious: malware obfuscation using machine learning
• Mutates the malware
• Uses reinforcement learning and GANs
• Tries to bypass classifiers in ML-based anti-malware
• Keeps malware functionality
• Full instructions and code at https://github.com/Vi45en/Pesidious
(excellent)
• Includes benign and malicious binaries for training
• Excellent reference guide at
https://vaya97chandni.gitbook.io/pesidious/
What About the Adversary? – an Example of Malicious AI
22. Best Of The World In Security Conference
What About the Adversary? – PEsidious (simplified)
23. Best Of The World In Security Conference
What About the Adversary? – PEsidious – Process Detail
24. Best Of The World In Security Conference
What About the Adversary? - PEsidious
The MalGAN generative adversarial network used by Pesidious
Generates adversarial feature vectors that appear to be benign
25. Best Of The World In Security Conference
• Feature extraction and feature mapping vector generation – training
• Generate a feature vector mapping for section names and import functions
from a malware and benign binary samples
• Features Vector Mapping
• Malware Feature Vectors
• Benign Feature Vectors
• Malware feature vector mutation using Generative Adversarial Networks
• Feed the feature vectors to the MalGAN model to generate adversarial
feature vectors which appear to be benign
• Build binaries of the mutated malware
What About the Adversary? – PEsidious – How it Works
26. Best Of The World In Security Conference
What About the Adversary? – PEsidious – Test Results
1682 Benign binaries - Scraped from our host computers.
2094 Malware binaries - Downloaded from VirusTotal.
Training Data
27. Best Of The World In Security Conference
• This section taken from three years of research for a PhD in law with
an emphasis on cyber law
• Upcoming book: The Collision of the Law and Cyber Science to be published
next year
• A theory of cyber law based upon jurisdiction
• Over 170 U.S. cases studied
• Key aspects:
• Purposeful availment
• Effects test
• Minimum contacts
• Due process clause of the 14th amendment to the U.S. Constitution
• Definitions of general and specific personal jurisdiction
The Law and Cyber Science
28. Best Of The World In Security Conference
• The problem we are trying to solve:
• Can every American potentially cyber-related private law case be analyzed,
jurisdiction guidance applied, and probability of accuracy of that guidance
determined using The Cyber Jurisdiction Framework generally, and the three-prong
test specifically.
• My research developed the Cyber Jurisdiction Framework and the three-prong test
• Cyberspace is not a separate domain as many describe it, but, rather is an
overlay on the physical space
• Result of my research and the opinion held by the Tallinn Manual 2.0 on
international law applicable to cyber operations prepared for NATO
• Three kinds of case outcomes
• Simple – my be adjudicated using settled law
• Hard – may be adjudicated using novel interpretations of settled law
• Complicated – requires either new laws or amendments/modifications to settled law
to adjudicate
The Law and Cyber Science
29. Best Of The World In Security Conference
• The Cyber Jurisdiction Framework (CJF) Guidelines
• A State may only exercise its jurisdiction if another State with a purportedly stronger nexus to the case
fails to do so in ways that are reasonably acceptable to the would-be regulating State or to the
international community at large.
• The place of the harm is the place of the impact
• Non-consensual or unauthorized control of intermediate Internet or other network-attached devices and
computers does not dictate personal jurisdiction in the forum where the devices or computers reside
• Substantive directed contact suggests the jurisdiction. By “directed” I mean intentional and with
• knowledge of the contact.
• Where settled physical space law exists as to the choice of jurisdiction and the type and nature of
anticipated litigation, such as an event that begins and is completed within the same jurisdiction, that law
shall be applied, with modifications to address the cyber aspects of the event if necessary.
• The place of the harm usually is the first choice for jurisdiction.
• Where an attack or other wrong acts autonomously, the developer, actor launching the malicious code or
attack, or producer of the offending autonomous code, is liable.
The Law and Cyber Science – Cyber Jurisdiction Framework
30. Best Of The World In Security Conference
• Constructs describe the environment(s) of the event
• Five general constructs in the CJF
• Construct 1: The event is completely within the forum’s jurisdiction. It begins and ends in the forum without
passing through any other jurisdiction.
• Construct 2: The cyber event begins and ends in the same forum’s jurisdiction but at some point it passes
through another jurisdiction
• Construct 3: The event begins in one jurisdiction and ends in another without any intermediate stops in other
jurisdictions
• Construct 4: The event begins in one jurisdiction and ends in another but makes intermediate stops in a third
(or more) jurisdiction(s).
• Null Construct: – Symbolized by φ, the Null Construct is used when the case has no cyber relationships.
• Two important definitions
• Cyberspace - Cyberspace is a complex global information infrastructure that facilitates communication
between technology such as computers, networks and other digital systems, both independently and on behalf
of people using it. Cyberspace per se is distinct from physical space and the constraints imposed by it such as
geographic boundaries
• Cyber science - Cyber science is the study of phenomena caused or generated within the cyber space, which
may or may not interact with phenomena caused or generated within the physical space.
The Law and Cyber Science – CJF Constructs
31. Best Of The World In Security Conference
• 2-step process used to validate the CJF
• Over 170 private law cases analyzed
• Evaluate the selected cases individually for consistency between the CJF and actual case
outcomes
• Evaluate the study as a whole for overall consistency and CJF validation
• Modifiers used when analyzing cases using the CJF
• Minimum contacts
• Purposeful availment
• Effects test
• Points of confusion
• Place of the harm
• The state where the last event necessary to make an actor liable for an alleged tort takes place
• Minimum contacts
• What is that number? Depends upon the type and quality of contact. Could be as low as
one
• International Shoe Co v. Washington
The Law and Cyber Science – CJF Case Analysis Methodology
32. Best Of The World In Security Conference
• Zippo Manufacturing Co. v. Zippo Dot Com Inc.
• Purposeful availment
• Minimum contacts
• Begins in one jurisdiction and ends in another while passing through, but not
stopping in, another jurisdiction (Construct 3)
The Law and Cyber Science –Seminal Internet Jurisdiction Case
Zippo Manufacturing Company is the maker of Zippo lighters and is headquartered in Bradford,
Pennsylvania. Zippo Dot Com was an internet news service located in Sunnyvale, California. The
case turns on Manufacturing’s complaint that Dot Com had infringed Manufacturing’s
trademarks and other similar claims. The claims were both Federal and based upon Pennsylvania
law.
Dot Com set a motion before the Court for dismissal based upon lack of jurisdiction in
Pennsylvania since Dot Com was a California company. Dot Com also moved to relocate the
case to another Federal Court under 28 U.S.C. § 1406(a). The Court denied the motion.
Dot Com had a provision on the site for signing up subscribers and approximately 2% of its
global customers were in Pennsylvania. Therefore, it was not a passive site and was
subject to personal jurisdiction in Pennsylvania rather than its home state of California.
33. Best Of The World In Security Conference
• Microsoft Corp. v. John Does 1-82
• Dismantling of the Citadel botnet
• The District Court claimed personal jurisdiction over the unknown
developers/operators of the botnet – how?
• Used aliases of admins of the command and control servers
• Court was in North Carolina because of a heavy concentration of Microsoft
customers which the complaint claimed were harmed as well as Microsoft
• Botnet’s command and control structure was known
• Won’t be the case for next generation autonomous hivenets and swarmbots
• Based largely on purposeful availment and the effects test
The Law and Cyber Science –A Very Complicated Case
34. Best Of The World In Security Conference
• The 3-prong test for personal jurisdiction
• The Cyber Event Test – is the case, actually, cyber-related?
• In order to be classified as a Cyber Event, the case must adhere to both the definition of cyberspace and the definition of cyber
science Cyberspace is a complex global information infrastructure that facilitates communication between technology such as
computers, networks and other digital systems, both independently and on behalf of people using it. Cyberspace per se is
distinct from physical space and the constraints imposed by it such as geographic boundaries
• The Modifier Test – does the case have a clear indication of the primary modifier, purposeful availment,
and the secondary modifier minimum contacts, in the contest of cyberspace?
• In order to be subject to jurisdiction in cyberspace, the case must demonstrate purposeful availment within the context of
cyberspace. The case also must be able to apply minimum contacts in order to comport with the due process clause of the
Constitution.
• The Cyber Effects Test – does the selected jurisdiction properly reflect the place of the harm?
• In order to be subject to jurisdiction in cyberspace the case must be able to apply the standard effects test within the context
of cyberspace.
The Law and Cyber Science –A Way Forward
35. Best Of The World In Security Conference
• Cybersell v. Cybersell - 1997
• Two separate companies that did different businesses
• Both Internet-dependent
• One in Arizona and one in Florida
• Trademark infringement
• CSA (Cybersell Arizona) sued CSF (Cybersell Florida) for infringing its trademark
• One used Internet for email marketing and the other built web sites
• Cyber event test is satisfied
• CSA (plaintiff) could not establish that CSF (defendant) purposefully availed itself of
business in Florida since the Florida web site was passive
• Purposeful availment fails for passive web sites
• Modifier test fails
• CSA claims Arizona as the place of the harm but CSA or its customers were not
affected by access to the passive Florida website
• Effects test fails
• Under CJF Guideline 5 settled physical space law is sufficient to adjudicate this case
The Law and Cyber Science –A Way Forward - Example
36. Best Of The World In Security Conference
• An Emerging Role of Cyber-Legal Practitioner is needed
• Cyber Forensic Training Including Advanced Malware Analysis and
Evidence Identification and Gathering Needs to enter Education
Programs
• Lawyers and Courts Need to Become Better Acquainted with
Advanced Cyber Threats
• Organizations need to be prepared to address these three issues
through training, awareness, advance contracting of both legal and
technical experts, next generation-relevant policies, and application
of next generation tools, techniques and procedures designed both to
protect and gather forensic evidence in an autonomous environment
The Law and Cyber Science –Governance Issues
37. Best Of The World In Security Conference
• Although well over 80% of so-called cyber-related cases can be solved
without recourse to cyber technology, there is an increasing number
that are hard cases from the cyber perspective.
• For those cases that involve artificial intelligence in general and
machine learning in particular, the challenges border on the extreme
as our hypothetical illustrates. We are not, today, prepared legally or
technically to address these new challenges. However, and much
more important, lawyers and cyber subject matter experts (SMEs) are
not yet prepared educationally to work together.
• When the law takes on the creator of an autonomous malware
system (hivenets and swarmbots, for example) it will have to depend
upon expert witnesses and even then the interactions are very
complicated.
The Law and Cyber Science – Conclusions
38. Best Of The World In Security Conference
Questions?
Dr. Peter Stephenson
pstephen@cdfs.us