3. 3
The Joint Research Centre
(JRC) at a glance
JRC's Mission
"As the science and knowledge service
of the Commission our mission is to
support EU policies with independent
evidence throughout the whole policy
cycle"
3000 staff
Almost 75% are scientists
and researchers.
Headquarters in Brussels
and research facilities
located in 5 Member States.
4. 4
Cyber & Digital Citizens’ Security Unit Mission
To strengthen trust and security of the European Citizen in a sustainable and
inclusive ICT-based European society by scientific research on how emerging
Information and Communication Technologies will impact on the security and
privacy of citizens’ daily life.
To work on risk mitigation, on cybersecurity, cybercrime, data
protection, privacy and on the associated legal and regulatory frameworks
aiming at a balance between European security needs and fundamental citizen
rights including from the perspective of the emerging Digital Single Market.
5. 5
European Commission's Joint Research Centre
(JRC) flagship report on Artificial Intelligence
Joint Research Centre’s report on Artificial Intelligence
(5 December 2018)
URL: https://ec.europa.eu/jrc/en/publication/eur-scientific-and-technical-
research-reports/artificial-intelligence-european-perspective
ISBN: 978-92-79-97217-1 (online),978-92-79-97219-5 (print),978-92-79-98213-2
ISSN: 1831-9424 (online),1018-5593 (print),1831-9424
DOI: 10.2760/11251 (online); 10.2760/936974 (print);10.2760/91283
Coordinated Plan on Artificial Intelligence
(7 December 2018)
Communication from the Commission to the European Parliament, the European Council, the
Council, the European Economic and Social Committee and the Committee of the Regions -
Coordinated Plan on Artificial Intelligence (COM(2018) 795 final)
Communication Artificial Intelligence for Europe
(25 April 2018)
Communication from the Commission to the European Parliament, the European Council, the
Council, the European Economic and Social Committee and the Committee of the Regions on
Artificial Intelligence for Europe.
6. 6
Artificial Intelligence
European Commission's High-level expert group on Artificial Intelligence. "A definition of AI: main
capabilities and scientific disciplines", 18 December 2018
“Artificial intelligence (AI) refers to systems designed by humans that,
given a complex goal, act in the physical or digital world by perceiving
their environment, interpreting the collected structured or unstructured
data, reasoning on the knowledge derived from this data and deciding the
best action(s) to take (according to pre-defined parameters) to achieve
the given goal. AI systems can also be designed to learn to adapt their
behaviour by analysing how the environment is affected by their previous
actions.
As a scientific discipline, AI includes several approaches and
techniques, such as machine learning (of which deep learning and
reinforcement learning are specific examples), machine reasoning (which
includes planning, scheduling, knowledge representation and reasoning,
search, and optimization), and robotics (which includes control,
perception, sensors and actuators, as well as the integration of all other
techniques into cyber-physical systems).”
7. 7
Machine learning
AI
More
computing
power
More data
New
algorithms
What has changed?
A new paradigm
When using machine learning, human developers no longer program
an algorithm to tell the computer how to solve a given problem
but instead they program it to teach the computer to learn how
to solve the problem.
8. 8
Cybersecurity and AI & DT: 4 angles of influence
Conceptual model depicting the logical links between the different components of the
cybersecurity risk in the context of the influence of AI and Digital Transformation
Opportunities Challenges
Resilience
1. AI to create smarter
cybersecurity
E.g. more effective security controls
(antivirus, intrusion detection and
prevention, email scanning),
automatic discovery of vulnerabilities,
automatic malware analysis, smarter
cyber defence, etc.
2. Robustness/Vulnerability
of AI algorithms
E.g. adversarial machine learning (i.e.
exploitation of weaknesses in AI
algorithms to change their behavior),
attacks against AI powered cyber-
physical systems, etc.
Deterrence
4. Use of AI to fight cyber
attackers & criminals
E.g. better biometrics, smarter
forensics, fraud analysis, encryption
challenge, fight against fake news,
etc.
3. Misuse of AI
E.g. creation of deep audio video
fakes, AI powered malware, smarter
social engineering attacks, etc.
3
4
2
1
9. 9
ANGLE 1 | Smarter Cybersecurity
Smarter cybersecurity controls
• Better biometric controls
• Network Intrusion Detection and
Prevention systems
• Malware detection
• Email filters (spam, phishing, etc.)
Automatization in labour intensive tasks
• Automatic discovery of vulnerabilities
• Automatic exploitation of vulnerabilities
• AI applied to malware analysis
• Security logs and event correlation
• Automatization of security operations
(e.g. incident response)
• Cybersecurity exercises
(attack/defense) and training
• Awareness raising
AI to create smarter cybersecurity
10. 10
DARPA Cyber Grand Challenge (CGC)
URL: https://www.darpa.mil/program/cyber-grand-challenge
ANGLE 1 Example | Smarter Cybersecurity
Autonomous security operations
Real time visualisation of a buffer overflow exploit in CGC
2016 Cyber Grand Challenge Final Event
11. 11
Machine learning: a new paradigm
ANGLE 2 | Robustness/Vulnerability of AI algorithms
• AI cannot be made unconditionally safe, like
any other technology.
• AI software based on machine learning
techniques is found to not be robust against
malicious attacks that exploit a specific set of
AI vulnerabilities.
• Thus: AI itself will likely be exploited and
misused, for example by criminals.
• Of highest importance: securing cyber-
physical systems employing AI.
12. 12
Classified as: ostrich.
Classified as: dog. Add crafted noise.
Fooling a state-of-the-art object recognition neural network through the simple act of
Introducing specially crafted noise (Szegedy et al. 2013)
Example of adversarial Machine Learning in image recognition
Adversarial Machine Learning
ANGLE 2 Example | Robustness/Vulnerability of AI algorithms
13. 13
“Robust Physical World Attacks on Deep Learning Models” (Eykholt et al. 2018)
Left: real graffiti on STOP sign.
Right: designed stickers to mimic the situation and fool an object recognition AI.
>= 83 % success rate in fooling a state-of-the-art object recognition
system in real drive-by tests
Example of a real life adversarial attacks
Adversarial Machine Learning
ANGLE 2 Example| Robustness/Vulnerability of AI algorithms
14. 14
New type of cyberattacks
• Usage of AI for the evasion of cybersecurity controls
(e.g. captcha solvers, antispam/antiphising filters,
malware detection)
• Autonomous / automatic decision making in
cyberattacks (e.g. autonomous lateral movements in
cyberattacks)
• Enhanced social engineering and identity theft (i.e.
realistic imitation of drafting style, voices and video)
• Abuse of AI limitations
Automatization of labour
• Some cybercrime labour intensive tasks can be
automated, enabling for example:
• Massive spear phishing attacks (highly targeted)
• Highly interactive and scalable social engineering
attacks (e.g. chat bots over IM, email or social media)
• Automatic botnet management
• Faster, more interactive and scalable attacks
• Automatization of cybercrime processes (e.g.
ransomware payments)
More effective
Scalable
Faster
More
interactive
More
autonomous
More targeted
More difficult
to attribute
Cheaper
AI can make
cyberattacks …
Influence of AI in cybersecurity threats
ANGLE 3 | Misuse of AI
15. 15
Captchas
https://github.com/mwrlabs/captcha_cracking
AI applied to malware
Social Engineering, deception and Identity theft
AI-based attacks against authentication systems
Identity theft and social engineering
Phishing and cyber extortion
Automated interactive attacks
• More targeted (e.g. impersonation of friends;
location of targets in social media)
• More contextualized (e.g. language translation,
use of personal information)
Brundage, Miles, et al., "The malicious use of artificial intelligence: forecasting,
prevention, and mitigation”, arXiv preprint arXiv:1802.07228 (2018)
Sivakorn, Suphannee, Jason Polakis, and Angelos D. Keromytis, "I’m not a human:
Breaking the Google reCAPTCHA”, Black Hat (2016)
• Massive spear phishing
• Automatic ransom negotiation and assistance
• Deep video fakes
• Fake audio voice
• Fake news
• Autonomous decision making in malware (lower dependence on
remote control)
• Evasion of malware detection controls
• Self-maintained, self-protecting and evolving botnets
AI-enhanced cyberattacks
ANGLE 3 Examples | Misuse of AI
16. 16
AI can help in:
• Reinforcing investigative capabilities
• Strengthen digital evidence-making in court
New AI based tools:
• Biometrics
• Image / audio / video analytics
• Localisation fingerprinting
• Evidence identification and correlation
• Encryption challenge
• Automatic scanning
• Digital forensics (data in transit, data at rest)
• Analysis of local and global context
AI will help not only in the fight against cybercrime but also cyber-dependant crime and more
generally crime
AI in Law Enforcement
ANGLE 4 | AI to fight (cyber)crime
WHO
WHERE
WHAT
17. 17
From classical text-based search (keywords) …
To JRC ML / Deep Learning feature-based approach …
• Human image interpretation is subjective
• The process is tedious and therefore error-prone
• The precision of recognition depends on the tattoo description
Keyword DB
Keyword(s) Matches
Visual Tattoo Inspection
HUMAN/SKULL,
OBJECT/FIRE,
OBJECT/WEAPON
Tattoo Detection
Segmentation
Learnt
features
1st candidate 2nd 3rd
1st candidate 2nd 3rd
Tattoo
Description
Tattoo
Identification
Deep
Learning
Model
Real datasets used: FBI Tattoo Database (NIST/Tatt-C)
JRC's research on Automatic Tattoo recognition
Automatic Tattoo recognition
ANGLE 4 Example | AI to fight (cyber)crime
Deep
Learning
Model
Deep
Learning
or SVM
18. 18
From picture to video
Camera fingerprinting
JRC's research on smarter image / audio / video forensics
Smarter image /audio/video forensics
ANGLE 4 Example | Camera identification
SPN extraction
19. 19
Stay in touch
•EU Science Hub: ec.europa.eu/jrc
•Twitter: @EU_ScienceHub
•Facebook: EU Science Hub - Joint Research Centre
•LinkedIn: Joint Research Centre
•YouTube: EU Science Hub