The document discusses how artificial intelligence will impact security and introduces both opportunities and challenges. It describes current AI techniques like deep learning and how they are being applied to security domains such as malware detection, network anomaly detection, and insider threat detection. While AI has the potential to make systems more scalable and adaptive, it also introduces new vulnerabilities if misused to generate sophisticated attacks. The document argues for developing morality systems to ensure autonomous systems continue making moral decisions even if compromised.

1. Security in the age of
artificial intelligence
How A.I. will make our world more secure … or vulnerable
Filip Maertens (Faction XYZ) ● filip@faction.xyz

2. Artificial Intelligence

3. The various disciplines in
artificial intelligence (‘A.I.’)
Deep Belief Networks
Computer Vision
Audio Signal Processing
Natural Language

4. How intelligent is artificial
intelligence today ?
5 year old ?

5. How intelligent is artificial
intelligence today ?

7. Some of the things we are
working on. Our projects.
• Looking at sensors on a wristband and learn when a human is likely to show signs of depression or PTSD
• Looking at car data (CANBUS) and predict what car parts are likely to fail in the foreseeable future
• Building a transfer learning network that is able to make cooking recipes by looking at YouTube videos
• Based on smartphone handling, build a personal profile for authentication purposes
• Building a natural language processing engine that is capable of generating natural language to dialogue with
human counterparts
• Learn how humans handle an application and dynamically change the flow so that the UX evolves and becomes
more natural without additional development time

8. Basics in machine learning

9. The basics of learning
• Learning is the process of improving with experience at some task
• Improving over task, T
• With respect to performance measure, P
• Based on experience, E
Learning how to filter spam
T = Identify spam emails
P = % of filtered spam emails vs % of filtered ham emails
E = a database of emails that were labelled by users/experts

10. The basics of machine
learning
Sensors, cameras,
databases, firewall,
IDS, email, etc.
Measuring devices
Noise filtering,
Feature Extraction,
Normalization
Preprocessing
Feature selection,
feature projection
Dimensionality
reduction
Classification,
regression,
clustering,
description
Model learning
Cross validation,
bootstrap
Model testing
P
Supervised UnsupervisedVS
Target / outcome is known
classification – regression
probability distribution in statistics, P(X/Y)
Target / outcome is unknown
clustering – decomposition
density estimation in statistics, P(X,Y)

11. Introducing machine learning to cyber security

12. New computing paradigm
requires new approaches

13. New threats are rapidly
emerging
…

14. US$ 19
Trillion in global GDP
due to the Internet of
Everything by 2020
Cisco & GE
US$ 300
Billion incremental
revenue by 2020
Gartner
40.9
billion
connected devices by
2020
155
million
connected cars by
2020
100
million
connected light bulbs
by 2020
+1
trillion
connected sensors
by 2020
2.5
billion
smartphones
by 2020
$12
billion
wearable market size by
2020

15. New data paradigm is
growing exponentially
Observed, real time, signal data Declared, structured data
VS

16. An evolution towards
intelligent defenses
Computing & Data Paradigm
Detection Paradigm
1980s 1990s 2010 2016 +
Local
computing
environment
Networked
computing
environment
Big data and
batch
processing
Ubiquitous
data
streaming
Rule based
detection
Rule &
Heuristic
detection
Rule,
Heuristics
and ML
Deep
Learning, ML
and […]
More scalability
and adaptability is
required !

17. Applying machine learning
to security domains
Behavioral
analytics
SupervisedUnsupervised
Continuous
Batch
Insider
threat
detection
Network
anomaly
detection
C2
detection
Spam
Filtering
Malware
Detection
Ruleset
Generation
Network
Traffic
Profiling
IOT
security

18. Emerging security solutions
by machine learning
Detecting and blocking hacked IOT
devices
Preventing execution of malicious
software and files
Light-weight prediction and classification
models that can run on low powered
computing devices (“on-chip”) according
to edge computing principles.
Example: CyberX, PFP Cybersecurity, Dojo-Labs
High performance classification of multi-
dimensional data points.
Example: Phantom, Jask, Siemplify, Cyberlytic
Improving Security Operating Center
(SOC) Operational Efficiency
Extract new features from unknown files
and detect even the slightest code
mutations.
Example: Cylance, Deep Instinct, Invincea

19. Emerging security solutions
by machine learning
Quantifying Cyber Risks
Process and classify millions of data
points to build predictions on risk and
formulate the best possible mitigation
practices.
Example: Brightsight, myDRO, Security Scorecard
Network Traffic Anomaly Detection
Analyzing millions of meta-data points,
both of internal and external networks;
learn baseline patterns and uncover
breaking patterns.
Example: DarkTrace, BluVector, Vectra Networks
Data Leak Prevention
AI capabilities to automatically classify
information might, brings a new
generation of DLPs.
Example: Harvest.ai, NeoKami

20. Next generation security
solutions with deep learning
Context Aware Security
Use data enriching and profiling to identify
contradictory elements in a transaction of
a user.
Example: Brightwolf (Stealth)
Implicit Behavioral or Continuous
Authentication
Learning and analyzing how handling of a
smartphone or other device is considered
to be acceptable/normal or not.
Example: BioCatch, Bionym, BehavioSec
MANY MORE

21. The temporary state of
affairs
Unsupervised learning helps to cluster
new and emerging patterns
Human experts review, label and
classify this new intelligence
Supervised learning retrains models
with the new intelligence

22. General weaknesses of
machine learning
Find and exploit weaknesses before or during the feature
extraction or dimensionality reduction phase
Mimicry Attacks: Two different faces, yet OK result
Future attacks techniques might target human experts and
coerce them to “wrongly” train classification systems
Degrade the classification system by persistent feeding with
decoy data to decrease quality of training data

23. GDPR: When laws clash
with machine learning
Right to be forgotten
Right to
explanation
Automated individual
decision making
Hard to explain. How can decisions (predictions) be explained, when they
are the result of complex neural networks, which are black boxes ?

24. Beyond 2020

25. Tomorrow’s attackers may very
well be A.I. driven
Genetic Algorithms (GA) to
find best malware fitness
for maximum damage
Self Organizing Maps (SOM)
to remove centralized C&C
structures
Deep Fuzzing that
automatically finds complex
vulnerabilities
RNNs perform Mimicry
Attacks to bypass AI driven
behavioral detections
Use game theory principles to define
target outcome T, and use machine
learning techniques to maximize the
AUC (“Area Under ROC Curve”)
A.I. are better, faster and more
intelligent to engage in adversarial
activities, including warfare

26. Help. Autonomous systems!

27. Morality systems. An
answer to deep cyber
security challenges
Morality. Morality systems are required to keep A.I.
systems in check and provide a framework to match with
desirable outcomes.
Survivability. Even when an autonomous system is
hacked, we expect these degraded systems to be able to
still make potentially moral decisions by themselves.

28. Security in the age of
artificial intelligence
How A.I. will make our world more secure and vulnerable
Filip Maertens (Faction XYZ) ● filip@faction.xyz