Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Security’s greatest opportunity

159 views

Published on

The progress of AI in the last decade has seemed almost magical. But we will discuss the unique challenges posed by Security and what makes this domain the biggest challenge for AI. Reporting from the frontlines, we will describe the deployment of large-scale production-grade AI systems to combat security breaches, using lessons learned at Avast from defending over 400 million consumers every single day. Topics will cover the recent AI advancements in file-based anti-malware solutions, behavior-based on-device solutions, and network-based IoT security solutions.

Published in: Technology
  • Be the first to comment

Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Security’s greatest opportunity

  1. 1. • Double Content Sub-copy to go here Sub-copy to go here Sub-copy to go here Sub-copy to go here Sub-copy to go here Sub-copy to go here Sub-copy to go here Sub-copy to go here Sub-copy to go here Sub-copy to go here • Double Content Sub-copy to go here Sub-copy to go here Sub-copy to go here Sub-copy to go here Sub-copy to go here Sub-copy to go here Sub-copy to go here Sub-copy to go here Sub-copy to go here Sub-copy to go here 1 Security is AI’s biggest challenge, AI is Security’s greatest opportunity Dr. Rajarshi Gupta | Head of AI, Avast | Sep 2018 Security is AI’s biggest challenge, AI is Security’s greatest opportunity Dr. Rajarshi Gupta | Head of AI, Avast | Nov 2018
  2. 2. ONLY domain of AI where there is a true adversary who can also make use ofAI BLACK HAT WHITE HAT Security is AI’s Biggest Challenge 2
  3. 3. Most threats have very short longevity; machines can act muchfaster VELOCITY SPEED VARIETY ACCURACY ML is also really good at taking into account large amounts of contextualdata VOLUME SCALABILITY Coping with the sheer volume of new threats would be impossible without ML AI is Security’s Greatest Opportunity 3
  4. 4. Come pit your AI skills against a true adversary 4344
  5. 5. MACHINE LEARNING AVAST CLOUD ENGINE MONTHLY ENGAGEMEN T 290M+ 145M + MONTHLY ENGAGEMENT > 10,000 Servers Across 10 Locations Worldwide, processing monthly: > 300M Files > 200Bn URLs Every Month, Avast: Handles 30+ million new executable files, 25 percent of which are usually malicious continuously sifts through 390TB of quality security data Every Month, Avast: Prevents +2 billion malware attacks Pushes 50 PB of data The World's Largest Consumer SecurityNetwork 5 1. WEB SHIELD 2. STATIC SCANNER 3. EMULATOR 4. DEEP SCREEN (SANDBOX) 5. CYBER CAPTURE 6. BEHAVIOUR SHIELD
  6. 6. Agenda for This Talk 6 • Malware Detection in the Cloud • Network Detection for IoT • Defense against Adversarial AI
  7. 7. Malware Detection in the Cloud
  8. 8. Advanced Threat Detection and PreventionArchitecture: No silverbullet 8 AVAST NEXT GENERATION AV PLATFORM 1. WEB SHIELD: protects at the entry level against network- based exploits, malicious URLs and anomalies 2. STATIC SCANNER: performs real-timesecurity assessments using cloud-based reputationdata and the local classificationengine 3. WEB SHIELD: protects at the entry level against network- based exploits, malicious URLs and anomalies 4. DEEPSCREEN (SANDBOX): secures ahypervisor-based virtual environment to test suspect files 5. CYBER CAPTURE: uses the full power ofAvast’s threat lab’s “clean room” to assess a file’s innermost workings 6. BEHAVIOR SHIELD: monitors each environment as programs run and protects against malicious behavior 1.WEBSHIELD 2.STATICSCANNER 3.EMULATOR 4.DEEPSCREEN(SANDBOX) 5.CYBERCAPTURE 6.CYBERCAPTURE
  9. 9. Avast Local Expert390 TB of Quality Data 3,000 Intelligently-Designed Clusters Months of Processing... ... Completed Daily in Real-Time COLLECTION EXTRACTION TRAINING EXECUTION Harness as much data as possible Deconstruct data into billions of artifacts Update models to understand the intention of a sample Precisely and quickly identify what is benign vs. malicious 6X more consumer PC users than the nearest competitor(1) Proprietary Local Expert architecture leverages over 500+ features (e.g. size, origin, age, and file entropy) New models can be trained on the entire historical dataset in less than 12 hours Endpoint-based models are updated 200+ times per day Goal: Avast Advantage: Training the Avast Machine LearningEngine 9 Purpose-built approach that takes < 12 hours to add new features, train, and deploy into production
  10. 10. Using Neural Nets to Optimize the Engine Published at ICLR2018 • Goal: augment our traditional handcrafted models with machine-generatedfeatures Train a Convolutional Neural Net using the raw sequence of bytes from the binary files Training set of 20 million Windows PE files • Results Raw model achieves comparable accuracy to hand crafted features Choosing machine-generated features makes it much harder to evade Enriched features model shows extra gain of using both sets of features 1 0
  11. 11. Network Detection for IoT Devices
  12. 12. Managing IoT Security Problem Mitigation ✓ Every device isconnected ✓ Devices are built by non-security companies whose motivations are lower prices and easier connectivity, notsecurity ✓ Rarely or neverpatched ✓ Mostly opaque/closed deviceswith no securitysoftware ✓ Need to observe from the network ✓ Each device is limited in its applications ✓ Structuredand repetitivebehavior– easyto model 19
  13. 13. POINT OF INFECTION VIDEO CAMERA URL VIDEO CAMERA DNS Gateway BEFORE MIRAI INFECTION DURING MIRAI INFECTION VIDEO CAMERA 9.0.91.38 9.0.0.125 9.0.0.185 9.0.0.245 9.0.1.82 9.0.100.68 9.0.102.77 9.0.105.66 9.0.108.148 9.0.109.16 9.0.110.172 9.0.113.202 9.0.115.171 9.0.118.154 MIRAI_BOT MIRAI_REPORT MIRAI_CNC 9.0.239.143 9.0.83.160 Detecting A SmartHome Security Breach 20
  14. 14. HOW WHAT How We Protect IoT Devices Swarm Behavior Network Type of Data Sent Infrastructure Analysis Amount of Data Sent Device Types Traffic Analysis Capabilities Vulnerabilities 14
  15. 15. Detecting Anomalies on IoT Traffic Router Unknown MalwareSpread DataLeak HVACTV PrinterMusic HomeAssistantCamera New DoS IoTSurface GameConsole Two parallel approaches Build an ensemble classifier in incremental steps, with models focused on known attacks Build a deep neural net that is broad enough to identify all the known attacks, and more 15
  16. 16. ATTACK TYPE May focus on a device type, or servicetype DEVICE TYPE IoT devices have very limitedbehavior Identifying devices allow us to model their behavior SERVICE TYPE Many devices plus internet makes up services, e.g.Netflix Multi-Level ModelInput: Flow statistics from millions of homes Deep Neural Net for IoT Traffic Benign Block access to this domain Block feed transmission Block communication between these devices Anomalies Device type Input device traffic information for many devices, in many homes over a long timeperiod Home Type Servic e Type DDos: Many devices attacking same domain Benign Unexpected destination for baby monitor feed Benign Unexpected traffic between devices within a home Output: Autonomously identify anomalous traffic Recognize unknown attacks Identify the device or service causing the attacks 16
  17. 17. Defense Against Adversarial AI
  18. 18. DeepFake: Human Beings are Easy to Fool 18 Source: Buzzfeed AI generated video having President Obama “speak” fake words
  19. 19. Deep Learning Algorithms are also Easy to Fool LabTest Summary (Stationary) Target Class: Speed Limit 45 Misclassify SubtlePoster SubtlePoster CamoGraffiti CamoArt CamoArt Evtimov, Ivan, Kevin Eykholt, Earlence Fernandes, Tadayoshi Kohno, Bo Li, Atul Prakash,Amir Rahmati, and Dawn Song. "Robust Physical-WorldAttacks on Machine Learning Models." arXiv preprint arXiv: 1707.08945 (2017). 19
  20. 20. DeepAttacks Definition: Malicious Content Automatically Generated by AI Algorithms Video Audio Images URLs & Webpages Binary Files Network Flows Upcoming Existing 20
  21. 21. Use the response to learn about the Classifier and improve guess Defense 1: Track the queries and limit the number of attempts CLASSIFIER 21 ATTACKER Defense 2: Train the Classifier simultaneously with own version of Attacker, in order to make it better at identifying generated examples ATTACKER DeepAttacks: Defenses in Security Try an example Response: Good/Bad Generative Adversarial Network (GAN) Defense 3: Build targeted models to identify the handiwork of such ML-based generators
  22. 22. Conclusion
  23. 23. Come pit your AI skills against a true adversary 23

×