[DSC Europe 23][AI:CSI] Dragan Pleskonjic - AI Impact on Cybersecurity and Privacy

Copyright © 2023 Dragan Pleskonjic. All rights reserved.
AI Impact on
Cybersecurity and Privacy
∑∏ vSOC
Visit
inpresec.com | glog.ai | securitypredictions.xyz
to learn more

Dragan Pleskonjić
Senior Director Application Security at global international company
Rich experience in creating and managing start-ups, new businesses
development
Leading management positions in multinational corporations
Expertise in information security, computer software and networks
Prolific academic career: Adjunct Professorship, author of books, scientific
papers and journal articles
Scientific and security leader, researcher, advisor, architect
Inventor with U.S. patents granted and several patent applications pending
(USPTO, CIPO, EPO, WIPO)
Entrepreneur, leader, motivator, visionary
Current focus: Initiator and founder of projects INPRESEC, Glog.AI, Security
Predictions and vSOC
Personal Website | LinkedIn | Twitter
https://www.dragan-pleskonjic.com/

Vladimir Jelić
Senior Manager Application Security at global international company
In his current role, he participates in application security efforts on a global organization level.
His work includes Software Security Assurance (SSA), Static Code Analysis (SCA), work with
Static Application Security Testing (SAST) and Software Composition Analysis (SCA) tools,
automation of processes, and overall collaboration with software development life cycle (SDLC)
participants.
He is focused on cyber security and software security solutions aided by machine learning and
artificial intelligence.
Prior current role, Vladimir has ten years of experience in software development roles.

From Cybersecurity
to Cyber Resilience
Cyber risk isn’t just
a technical
problem, it’s also a
financial problem!
Source:
https://partners.wsj.com/resilience/cyber
-strong/from-cybersecurity-to-cyber-
resilience/

Agenda
What is AI & current state
How AI can be misused for cybersecurity
attacks
Use AI to defend information systems and
networks
Future concerns and opportunities
Examples of cybersecurity solutions aided by
ML & AI

What
is AI?
Definition
Artificial intelligence AI (also machine intelligence, MI) is intelligence
displayed by machines, in contrast with the natural intelligence (NI)
displayed by humans and other animals.
In computer science, AI research is defined as the study of “intelligent
agents”: any device that perceives its environment and takes actions that
maximize its chance of success at some goal.
Colloquially, the term “artificial intelligence” is applied when a machine
mimics “cognitive” functions that humans associate with human minds, such
as “learning” and “problem solving.”
Strong AI ― Claim that computers can be made in a way to “think” as
humans. To be more precise, it is a claim that there is a class of computer
programs which, when implemented, make computers mimic human
thinking.
Weak AI ― Claim that computers are important tools in modelling
simulations of human behavior.

Self driving cars, smart cars, other vehicles, flying objects
Speech and image recognition and analysis
Cybersecurity and software security
Medical diagnosis, pharmacy
Virtual personal assistants
Recommendation services: shopping, movies, music, books, etc.
Purchase and market prediction, advertising
News generators (e.g., fake news and deep fakes)
Military uses
Recent
examples
of AI
in use

Current
state
of AI
• OpenAI - “OpenAI is an AI research and deployment
company. Our mission is to ensure that artificial general
intelligence benefits all of humanity.”
• OpenAI Codex - “We’ve created an improved version of
OpenAI Codex, our AI system that translates natural
language to code, and we are releasing it through our API
in private beta starting today.”
• GitHub Copilot uses the OpenAI Codex to suggest code
and entire functions in real-time, right from your editor.
• ChatGPT is an artificial-intelligence (AI) chatbot developed
by OpenAI and launched in November 2022. It is built on
top of OpenAI's GPT-3.5 and GPT-4 families of large
language models (LLMs) and has been fine-tuned (an
approach to transfer learning) using both supervised and
reinforcement learning techniques.
Interesting fact: Research shows that Copilot is
introducing as many security vulnerabilities as
humans do!
Need for security testing will stay or even need
to be extended.
Security and Privacy concerns:
• Datasets and models poisoning
• AI and ML models attacks
• Leaking personal and confidential data
• Intellectual property leaks
• Right of use data for training
• Ownership products created by AI

Cybersecurity
and AI:
Different
perspectives
Defenders
have also
started to
use it
Attackers
already
use AI
This battle
started and
will last for
long time
Who has
advantage?

Current
Uses
of AI in
Cybercrime
Hackers are turning to AI and using it to
weaponize malware and attacks to counter
the advancements made in cybersecurity
solutions (e.g., criminals use AI to conceal
malicious code in benign applications).
• Sophisticated phishing
• Criminals are using AI to crack
passwords faster
• Breaking CAPTCHA
• Data poisoning
• Manipulating bots
• Code which changes itself to hide from
antimalware tools and cover tracks
• Learning defensive techniques and
technologies
• Deepfakes: images, audio, video
• Leaking sensitive data and intellectual
property
Data theft Malware
development
Phishing
emails
Impersonation
Spam Deepfakes
Ransomware Misinformation
BEC
(Business
Email
Compromise)
Manipulating
Bots

Create any Deepfake
with Hoodem™, the
unlimited deepfake
creator
You can create
something illustrative
and educational
But make sure to
think about ethic!

AI
Powered
Cyber
Attack
Tools
BlackMamba: Using AI to Generate
Polymorphic Malware
DeepLocker: How AI Can Power
a Stealthy New Breed of
Malware
WormGPT – The Generative AI Tool

Backdoor
Attacks against
Black-box
Machine
Learning
Models
• Backdoor attacks aim to inject backdoors to victim
machine learning models during training time, such that
the backdoored model maintains the prediction power of the
original model towards clean inputs and misbehaves
towards backdoored inputs with the trigger.
• The reason for backdoor attacks is that resource-
limited users usually download sophisticated models
from model zoos or query the models from MLaaS rather
than training a model from scratch, thus a malicious third
party has a chance to provide a backdoored model.
• In general, the more precious the model provided (i.e.,
models trained on rare datasets), the more popular it is
with users.

Impact of AI in
Cybercrime
• Given the black market for cybercriminal tools and services,
AI can be used to make operations more efficient and
profitable. In identifying targets for attacks, cybercriminals can
start and cease attacks with millions of transactions in just
minutes, because of fully-automated attack infrastructure.
• Can AI be hacked? The hacking of artificial intelligence is an
emerging security crisis. Pre-empting criminals attempting to
hijack artificial intelligence by tampering with datasets or the
physical environment, researchers have turned to adversarial
machine learning.
• Will AI take over cyber security? The answer is probably no;
however, AI will drastically change the kinds of work cyber
engineers are doing. While AI may be great for processing large
amounts of data or replacing autonomous manual tasks, it will
never be able to replace a security analyst's insights or
understanding of the field.

Fighting
Cybercrime
with AI
AI weaponization
countermeasures
needed now
Risk management
needs to take in
consideration of
these threats
Security
processes and
tools to include
means of
detecting and
protecting from AI
based attacks
Stringiest
standards and
regulations
against attackers
AI weaponization
is going beyond
computer systems
as the main
pathway for
attacks

Future concerns
New malware strains would be
able to learn from detection
events. If a strain of malware was
able to determine what caused its
detection, the same behavior or
characteristic could be avoided the
next time around.
More sophisticated
social engineering
attacks
People with even basic skills can
use AI cyberweapons to launch
attacks – bigger population of
attackers.
Proliferation of AI based
cyberweapons on Internet
if regulations lag behind.

Challenge
“Security debt”
starts here
T I M E
Tens of millions of security interesting
events monthly
Humans hardly can cope with all of them
Breaches cost lot of $$$$$$$
False positives
Alarms noise triage
How to remediate / fix issues?
Cybercrime to cost the world $10.5 trillion
annually by 2025

Cybersecurity Solutions
aided by ML & AI
∑∏ vSOC
INPRESEC (Intelligent Predictive Security)
– Network and end-point security. Detect
anomalies in behavior, security threats and
attacks.
Security Predictions - Uses various
parameters and input data from set of internal
and external sources, it analyses them and,
through set of our proprietary algorithms, gives
probabilities of possible threats and attacks.
Glog – making software more secure. A solution
that is able to give remediation advice based on
context or, even more, to automatically fix the
security vulnerabilities in software code.
vSOC (Virtual Security Operations Center) -
Uses INPRESEC and Glog solutions, together
with Security Predictions and other tools for
building and operating virtual Security
Operations Center – vSOC.

Key INPRESEC Solution Elements
INPRESEC SENSOR
• Software, can be appliance analyses network traffic &
possible security violations, classification based on Machine
Learning (ML) - network-based system
INPRESEC AGENT
• Software installed on a computer (server, desktop, laptop),
mobile device (smart phone, tablet etc.) or network devices
(routers, firewalls, etc.), classification based on ML – host-
based system
INPRESEC SERVER
• Software - integrates functions of sensors & agents
• Collects data from Sensors & Agents, analysis, classifying,
learning & correlation and actions, based on ML
• Can be linked to SOC / CERT centers or to other security
elements (AV, DLP, SIEM,...)
INPRESEC ADMIN
• Dashboard, Configuration Console, Management, Monitoring
& Reporting Tools.
• Sends alerts or other info through various communication
means
INPRESEC TRAINER
• Software – training system based on ML
• Takes annotated vectors from datasets and creates new ML
based models, constantly improving detection accuracy and
ROC
INPRESEC PREDICTION MODULE
• Software – data feed with probabilities of security events in
future
• Prediction based on various data sources, Threat Intelligence
(TI), predictive analytics and ML – This is part of Security
Predictions as separate solution.

Concepts and Deployment
Classification of events allowed/not allowed
• Action based on the result of classification
Deployment:
Security as a Service – Cloud based
 Security as an cloud hosted and managed service
Product model – on premises
 Hosted by client
Security analyst in the loop
• Learn from security experts
vSOC

Solution
Components
- Sensor
vSOC

Network and
End-Point
Security
Computers with
Agents
Sensor 1
Firewall &
Router
ML & AI
Local
Server
Admi
n
Sensor 2
Devices with Agents
ML & AI
Cloud Server
ML &
AI
Trainer

Virtual Security
Operations Center
(vSOC)
vSOC (Virtual Security Operations Center) -
Uses INPRESEC and Glog solutions,
together with Security Predictions and
other tools for building and operating
virtual Security Operations Center – vSOC.
vSOC
Detect Analyze Mitigate
People, processes, technology

Threat Intelligence and
Security Predictions
ML and AI can help with: Processing
huge amounts of data and finding real
threats.
Use of various parameters and input data
from set of internal and external sources, it
analyses them and, through set of
proprietary algorithms, gives probabilities of
possible threats and attacks.
Some of inputs:
Finding needle in
haystack.
vSOC
∑∏

What is added value?
1 
3 
4 
2 
Predicts, prevents & detects security threats and attacks
before they affect live systems.
Continual improvement process. Demonstrable accuracy
better than 99% after set of learning cycles.
Minimizes work of security teams, while improving
accuracy, reaction time and security solutions performance
Saves significant amount of money, time and efforts for
companies and organizations.
vSOC

Software
Security
Application
Security
Testing
SAST
SCA
IAST
DAST
VA
PT
RASP

Developers lose too
much time and may
not be sufficiently
skilled to analyze
findings
Large number of
findings, some of them
false positives
Sometimes SAST reports don’t detect right process and data
flows, entry points, sources and sinks of issues and also security
controls in code which are already in place
Unclear or incomplete
remediation advice
offerred
Time and resources to
fix issues extensive,
time consuming and
unpredictable
Remediation
Challenges

Solution: Auto-
Remediation
Imagine a solution that is able to:
• triage issues
• flag false positives
• give remediation advice based on
context for real security vulnerabilities
• automatically fix the security
vulnerabilities
Services
Products
Software Security
as a Service
(SSaaS), Cloud-
based solution
On
premises
solution
Plug-ins
for IDEs
Add-on for
build and
CI/CD
systems
Per project
Per number of
findings
Integrate security into
Software Development
Lifecycle (SDLC)

Glog is integral part of DevSecOps
• DevSecOps stands for
development, security, and
operations.
• It's an approach to culture,
automation, and platform design
that integrates security as a
shared responsibility throughout
the entire IT lifecycle.
• „Extend to left“ approach (SDLC)

Software Security - Example
Based on experience:
2 – 4 hours per finding
Real life example:
Classic approach:
New approach
aided by ML and AI:
1,000 findings x 2 = 2,000 hours
=> 12 man-months
> 80% are false positives
ML and AI can help with triage
false positives, remediation
advice or automatic
remediation
13.7 man-years
4 man-days

Advantages
Significantly
faster
remediation
Less prone to errors
than
[unexperienced]
developers
Resource savings
(development
time, money)
Agility in
process
Faster delivery
of products
Automatic
implementation of
architectural and
threat model security
controls
Enforce security
best coding
practices
Glog.AI can give very precise
remediation advice for security
vulnerabilities in software code based
on specific context.
It is not about code only but involves
analysis and implementation of
architectural and threat model
security controls, correlation with
other application security processes
and tools through entire SDLC
(Software Development Lifecycle).
#ExtendToLeft #Extend2Left.

Effective
Strategies to
Help Fill the
Cybersecurity
Skills Gap
[…]
Additionally, organizations must continue investing in automation despite
tighter technology budgets. By leveraging tools that handle the more
tedious backend work and provide detailed analysis and next steps,
businesses can curb expensive human labor costs while ensuring security at
scale. These tools also make it possible for teams to focus on more valuable
work and projects, which contributes to talent retention. Today, countless
hours are spent sifting through alerts to determine which are critical. By
automating mundane tasks such as this, team members can spend more
time on high-value projects, resulting in them feeling more fulfilled and
less likely to leave.
[…]
https://www.darkreading.com/endpoint/addressing-cybersecurity-talent-
shortage-its-impact-on-cisos

Books /
Further
reading

INPRESEC & Glog.AI
Demo

Thank you
Contact: dragan@conwex.org
Visit
• inpresec.com
• glog.ai
• securitypredictions.xyz
to learn more
∑∏ vSOC

[DSC Europe 23][AI:CSI] Dragan Pleskonjic - AI Impact on Cybersecurity and Privacy

Recommended

Recommended

More Related Content

Similar to [DSC Europe 23][AI:CSI] Dragan Pleskonjic - AI Impact on Cybersecurity and Privacy

Similar to [DSC Europe 23][AI:CSI] Dragan Pleskonjic - AI Impact on Cybersecurity and Privacy (20)

More from DataScienceConferenc1

More from DataScienceConferenc1 (20)

Recently uploaded

Recently uploaded (20)

[DSC Europe 23][AI:CSI] Dragan Pleskonjic - AI Impact on Cybersecurity and Privacy