SlideShare a Scribd company logo
1 of 16
Download to read offline
ARTIFICIAL INTELLIGENCE
AND MACHINE LEARNING
IN CYBERSECURITY
By Anirudh Srinivas Balaji
INTRODUCTION
What is ML?
What is AI?
How companies deploy AI and ML for strengthening security ?
A Brief of AI and ML
Google definition : Artificial Intelligence (AI) is the branch of computer sciences that
emphasizes the development of intelligence machines, thinking and working like humans.
For example, speech recognition, problem-solving, learning and planning.
Application of AI:
Machine learning is an application of artificial intelligence (AI) that provides systems the
ability to automatically learn and improve from experience without being explicitly
programmed. Machine learning focuses on the development of computer programs that
can access data and use it learn for themselves.
How AI and ML works in CyberSec
AI allows you to automate the detection of threat and combat even
without the involvement of the humans. Powering your data to stay
more secure than ever. Since AI is totally machine language driven,
it assures you complete error-free cyber-security services.
Moreover, companies have also started to put more resources than
ever for boosting AI driven technologies.
Untitled presentation
Machine Learning tasks and Cybersecurity
Let’s see the examples of different methods that can be used to solve machine learning
tasks and how they are related to cybersecurity tasks.
Regression
Regression (or prediction) is simple. The knowledge about the existing data is utilized to
have an idea of the new data. Take an example of house prices prediction. In cybersecurity,
it can be applied to fraud detection. The features (e.g., the total amount of suspicious
transaction, location, etc.) determine a probability of fraudulent actions.
As for technical aspects of regression, all methods can be divided into two large
categories: machine learning and deep learning. The same is used for other tasks.
Let’s look at the common cybersecurity tasks and machine learning opportunities. There
are three dimensions (Why, What, and How).The first dimension is a goal, or a task (e.g.,
detect threats, predict attacks, etc.).
According to Gartner’s PPDR model, all security tasks can be divided into five categories:
● prediction;
● prevention;
● detection;
● response;
● monitoring
The second dimension is a technical layer and an answer to the “What” question (e.g., at
which level to monitor issues). Here is the list of layers for this dimension:
● network (network traffic analysis and intrusion detection);
● endpoint (anti-malware);
● application (WAF or database firewalls);
● user (UBA);
● process (anti-fraud).
Each layer has different subcategories. For example, network security can be
Wired,Wireless or Cloud. Restassured thatyou can’t apply the same algorithms with the
same hyper parameters to both areas, at least in near future. The reason is the lack of data
and algorithms to find better dependencies of the three areas so that it’s possible to change
one algorithm to different ones.
The third dimension is a question of “How” (e.g., how to check security of a particular
area):
● in transit in real time;
● at rest;
● historically;
● etc.
For example, if you are about endpoint protection, looking for the intrusion, you can
monitor processes of an executable file, do static binary analysis, analyze the history of
actions in this endpoint, etc.
Some tasks should be solved in three dimensions. Sometimes,there are no values in some
dimensions for certain tasks. Approaches can be the same in one dimension. Nonetheless,
each particular point of this three-dimensional space of cybersecurity tasks has its
intricacies.
Cybersecurity is a promising area for AI/ML. In theory, if a machine has access to
everything you currently know is bad, and everything you currently know is good,
you can train it to find new malware and anomalies when they surface. In practice,
there are three fundamental requirements for this to work. First, you need access
to data -- lots of it. The more malware and benign samples you have, the better
your model will be. Second, you need data scientists and data engineers to be
able to build a pipeline to process the samples continuously and design models
that will be effective. Third, you need security domain experts to be able to classify
what is good and what is bad and be able to provide insights into why that is the
case. In my opinion, many companies touting AI/ML-powered security solutions
lack one or more of these pillars.
Network protection refers to well-known Intrusion Detection System (IDS) solutions.
Some of them used a kind of ML years ago and mostly dealt with signature-based
approaches.
ML in network security implies new solutions called Network Traffic Analytics (NTA)
aimed at in-depth analysis of all the traffic at each layer and detect attacks and anomalies.
How can ML help here? There are some examples:
● regression to predict the network packet parameters and compare them with the
normal ones;
● classification to identify different classes of network attacks such as scanning and
spoofing;
● clustering for forensic analysis.
4 tools company specific tools that employ Ai for cybersec
TAA tool (Symantec’s Targeted Attack analytics):
This tool was developed by Symantec and is used to uncover hidden and targeted attacks. It
applies AI and machine learning to the processes, knowledge and capabilities of Symantec
security experts and researchers.
The TAA tool was used by Symantec to fight a Dragonfly 2.0 attack last year. This attack
targeted several energy companies and tried to gain access to operational networks.
The TAA tool analyzes incidents in the network against incidents found on their Symantec
threat data lake. TAA reveals suspicious activities at each endpoint and compiles the
information to determine whether each action indicates hidden evil activity. The TAA tool is
now available for Symantec Advanced Threat Protection (ATP) customers.
X Sophos Intercept Tool:
The tool, the Intercept X, uses deep learning neural networks that work similar to the
human brain.In 2010, the US Defense Advanced Research Project Agency (DARPA)
created their first Cyber Genome Program to uncover ‘DNA’ of malware and other cyber
threats, which led to the creation of algorithms on the Intercept X.
Before the file is executed, the Intercept X can extract millions of features from the file,
conduct in-depth analysis, and determine whether the file is benign or dangerous in 20
milliseconds. This model is trained about real-world feedback and sharing two-way threat
intelligence through access to millions of samples provided by data scientists. This results
in a high level of accuracy for existing malware and zero-day malware, and a lower false
positive level. Intercept X uses behaviour analysis to limit new ransomware and
boot-record attacks. Intercept X has been tested on several third parties such as the NSS
laboratory and received a high score. It was also proven in VirusTotal since August 2016.
Darktrace Antigena:
Darktrace Antigena is Darktrace’s active self-defence product. Antigena extends
Darktrace’s core capabilities to detect and replicate digital antibody functions that identify
and neutralize threats and viruses. Antigena utilizes Darktrace’s Enterprise Immune
System to identify suspicious activities and respond in real-time, depending on the severity
of the threat. With the help of the underlying machine learning technology, Darktrace
Antigena identifies and protects against unknown threats as they develop.
This does this without the need for human intervention, prior knowledge of attacks, rules
or signatures. With such automatic response capabilities, organizations can respond to
threats quickly, without disrupting normal business activity patterns. The Darktrace
Antigena module helps manage user and machine access to the internet, messaging
protocols and machine and network connectivity through various products such as
Antigena Internet, Antigena Communication, and Antigena networks.
IBM QRadar Advisor:
QRadar Advisor IBM uses IBM Watson technology to fight cyber attacks. Using AI to automatically investigate
indicators of all compromises or exploits. QRadar advisors use cognitive reasoning to provide critical insight and
further accelerate the response cycle. With the help of IBM QRadar Advisor, security analysts can assess threat
incidents and reduce their risk of losing.
IBM QRadar Advisor features: Automatic incident investigation, Give smart reasons, High priority risk
identification, Key insights about users and important assets.
The QRadar advisor with Watson investigated threat incidents by mining local data using what could be observed in
the incident to gather a broader local context. This then quickly assessed the threat about whether they had passed a
layered or blocked defence. QRadar identifies possible threats by applying cognitive reasoning. It connects threat
entities associated with genuine incidents such as malicious files, suspicious IP addresses, and malicious entities to
attract relationships between these entities. With this tool, one can get critical insights about an incident, such as
whether the malware has been executed or not, with supporting evidence to focus your time on the threat of higher
risks. Then make a quick decision about the best response method for your business. QRadar IBM can detect
suspicious behaviour from people through integration with the User Behavior Analysis Application (UBA) and
understand how certain activities or profiles affect the system.
THANK YOU

More Related Content

Recently uploaded

KCD Costa Rica 2024 - Nephio para parvulitos
KCD Costa Rica 2024 - Nephio para parvulitosKCD Costa Rica 2024 - Nephio para parvulitos
KCD Costa Rica 2024 - Nephio para parvulitosVictor Morales
 
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...Sumanth A
 
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.pptROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.pptJohnWilliam111370
 
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithm
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithmComputer Graphics Introduction, Open GL, Line and Circle drawing algorithm
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithmDeepika Walanjkar
 
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENTFUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENTSneha Padhiar
 
Turn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxTurn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxStephen Sitton
 
signals in triangulation .. ...Surveying
signals in triangulation .. ...Surveyingsignals in triangulation .. ...Surveying
signals in triangulation .. ...Surveyingsapna80328
 
OOP concepts -in-Python programming language
OOP concepts -in-Python programming languageOOP concepts -in-Python programming language
OOP concepts -in-Python programming languageSmritiSharma901052
 
Ch10-Global Supply Chain - Cadena de Suministro.pdf
Ch10-Global Supply Chain - Cadena de Suministro.pdfCh10-Global Supply Chain - Cadena de Suministro.pdf
Ch10-Global Supply Chain - Cadena de Suministro.pdfChristianCDAM
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 
Comprehensive energy systems.pdf Comprehensive energy systems.pdf
Comprehensive energy systems.pdf Comprehensive energy systems.pdfComprehensive energy systems.pdf Comprehensive energy systems.pdf
Comprehensive energy systems.pdf Comprehensive energy systems.pdfalene1
 
Paper Tube : Shigeru Ban projects and Case Study of Cardboard Cathedral .pdf
Paper Tube : Shigeru Ban projects and Case Study of Cardboard Cathedral .pdfPaper Tube : Shigeru Ban projects and Case Study of Cardboard Cathedral .pdf
Paper Tube : Shigeru Ban projects and Case Study of Cardboard Cathedral .pdfNainaShrivastava14
 
Artificial Intelligence in Power System overview
Artificial Intelligence in Power System overviewArtificial Intelligence in Power System overview
Artificial Intelligence in Power System overviewsandhya757531
 
Virtual memory management in Operating System
Virtual memory management in Operating SystemVirtual memory management in Operating System
Virtual memory management in Operating SystemRashmi Bhat
 
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMSHigh Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMSsandhya757531
 
System Simulation and Modelling with types and Event Scheduling
System Simulation and Modelling with types and Event SchedulingSystem Simulation and Modelling with types and Event Scheduling
System Simulation and Modelling with types and Event SchedulingBootNeck1
 
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...Erbil Polytechnic University
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionMebane Rash
 
SOFTWARE ESTIMATION COCOMO AND FP CALCULATION
SOFTWARE ESTIMATION COCOMO AND FP CALCULATIONSOFTWARE ESTIMATION COCOMO AND FP CALCULATION
SOFTWARE ESTIMATION COCOMO AND FP CALCULATIONSneha Padhiar
 

Recently uploaded (20)

KCD Costa Rica 2024 - Nephio para parvulitos
KCD Costa Rica 2024 - Nephio para parvulitosKCD Costa Rica 2024 - Nephio para parvulitos
KCD Costa Rica 2024 - Nephio para parvulitos
 
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
 
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.pptROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
 
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithm
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithmComputer Graphics Introduction, Open GL, Line and Circle drawing algorithm
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithm
 
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENTFUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
 
Turn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxTurn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptx
 
signals in triangulation .. ...Surveying
signals in triangulation .. ...Surveyingsignals in triangulation .. ...Surveying
signals in triangulation .. ...Surveying
 
OOP concepts -in-Python programming language
OOP concepts -in-Python programming languageOOP concepts -in-Python programming language
OOP concepts -in-Python programming language
 
Ch10-Global Supply Chain - Cadena de Suministro.pdf
Ch10-Global Supply Chain - Cadena de Suministro.pdfCh10-Global Supply Chain - Cadena de Suministro.pdf
Ch10-Global Supply Chain - Cadena de Suministro.pdf
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
 
Comprehensive energy systems.pdf Comprehensive energy systems.pdf
Comprehensive energy systems.pdf Comprehensive energy systems.pdfComprehensive energy systems.pdf Comprehensive energy systems.pdf
Comprehensive energy systems.pdf Comprehensive energy systems.pdf
 
Paper Tube : Shigeru Ban projects and Case Study of Cardboard Cathedral .pdf
Paper Tube : Shigeru Ban projects and Case Study of Cardboard Cathedral .pdfPaper Tube : Shigeru Ban projects and Case Study of Cardboard Cathedral .pdf
Paper Tube : Shigeru Ban projects and Case Study of Cardboard Cathedral .pdf
 
Designing pile caps according to ACI 318-19.pptx
Designing pile caps according to ACI 318-19.pptxDesigning pile caps according to ACI 318-19.pptx
Designing pile caps according to ACI 318-19.pptx
 
Artificial Intelligence in Power System overview
Artificial Intelligence in Power System overviewArtificial Intelligence in Power System overview
Artificial Intelligence in Power System overview
 
Virtual memory management in Operating System
Virtual memory management in Operating SystemVirtual memory management in Operating System
Virtual memory management in Operating System
 
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMSHigh Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
 
System Simulation and Modelling with types and Event Scheduling
System Simulation and Modelling with types and Event SchedulingSystem Simulation and Modelling with types and Event Scheduling
System Simulation and Modelling with types and Event Scheduling
 
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of Action
 
SOFTWARE ESTIMATION COCOMO AND FP CALCULATION
SOFTWARE ESTIMATION COCOMO AND FP CALCULATIONSOFTWARE ESTIMATION COCOMO AND FP CALCULATION
SOFTWARE ESTIMATION COCOMO AND FP CALCULATION
 

Featured

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellSaba Software
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming LanguageSimplilearn
 

Featured (20)

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
 

Untitled presentation

  • 1. ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING IN CYBERSECURITY By Anirudh Srinivas Balaji
  • 2. INTRODUCTION What is ML? What is AI? How companies deploy AI and ML for strengthening security ?
  • 3. A Brief of AI and ML Google definition : Artificial Intelligence (AI) is the branch of computer sciences that emphasizes the development of intelligence machines, thinking and working like humans. For example, speech recognition, problem-solving, learning and planning. Application of AI: Machine learning is an application of artificial intelligence (AI) that provides systems the ability to automatically learn and improve from experience without being explicitly programmed. Machine learning focuses on the development of computer programs that can access data and use it learn for themselves.
  • 4. How AI and ML works in CyberSec AI allows you to automate the detection of threat and combat even without the involvement of the humans. Powering your data to stay more secure than ever. Since AI is totally machine language driven, it assures you complete error-free cyber-security services. Moreover, companies have also started to put more resources than ever for boosting AI driven technologies.
  • 6. Machine Learning tasks and Cybersecurity Let’s see the examples of different methods that can be used to solve machine learning tasks and how they are related to cybersecurity tasks. Regression Regression (or prediction) is simple. The knowledge about the existing data is utilized to have an idea of the new data. Take an example of house prices prediction. In cybersecurity, it can be applied to fraud detection. The features (e.g., the total amount of suspicious transaction, location, etc.) determine a probability of fraudulent actions. As for technical aspects of regression, all methods can be divided into two large categories: machine learning and deep learning. The same is used for other tasks.
  • 7. Let’s look at the common cybersecurity tasks and machine learning opportunities. There are three dimensions (Why, What, and How).The first dimension is a goal, or a task (e.g., detect threats, predict attacks, etc.). According to Gartner’s PPDR model, all security tasks can be divided into five categories: ● prediction; ● prevention; ● detection; ● response; ● monitoring
  • 8. The second dimension is a technical layer and an answer to the “What” question (e.g., at which level to monitor issues). Here is the list of layers for this dimension: ● network (network traffic analysis and intrusion detection); ● endpoint (anti-malware); ● application (WAF or database firewalls); ● user (UBA); ● process (anti-fraud). Each layer has different subcategories. For example, network security can be Wired,Wireless or Cloud. Restassured thatyou can’t apply the same algorithms with the same hyper parameters to both areas, at least in near future. The reason is the lack of data and algorithms to find better dependencies of the three areas so that it’s possible to change one algorithm to different ones.
  • 9. The third dimension is a question of “How” (e.g., how to check security of a particular area): ● in transit in real time; ● at rest; ● historically; ● etc. For example, if you are about endpoint protection, looking for the intrusion, you can monitor processes of an executable file, do static binary analysis, analyze the history of actions in this endpoint, etc. Some tasks should be solved in three dimensions. Sometimes,there are no values in some dimensions for certain tasks. Approaches can be the same in one dimension. Nonetheless, each particular point of this three-dimensional space of cybersecurity tasks has its intricacies.
  • 10. Cybersecurity is a promising area for AI/ML. In theory, if a machine has access to everything you currently know is bad, and everything you currently know is good, you can train it to find new malware and anomalies when they surface. In practice, there are three fundamental requirements for this to work. First, you need access to data -- lots of it. The more malware and benign samples you have, the better your model will be. Second, you need data scientists and data engineers to be able to build a pipeline to process the samples continuously and design models that will be effective. Third, you need security domain experts to be able to classify what is good and what is bad and be able to provide insights into why that is the case. In my opinion, many companies touting AI/ML-powered security solutions lack one or more of these pillars.
  • 11. Network protection refers to well-known Intrusion Detection System (IDS) solutions. Some of them used a kind of ML years ago and mostly dealt with signature-based approaches. ML in network security implies new solutions called Network Traffic Analytics (NTA) aimed at in-depth analysis of all the traffic at each layer and detect attacks and anomalies. How can ML help here? There are some examples: ● regression to predict the network packet parameters and compare them with the normal ones; ● classification to identify different classes of network attacks such as scanning and spoofing; ● clustering for forensic analysis.
  • 12. 4 tools company specific tools that employ Ai for cybersec TAA tool (Symantec’s Targeted Attack analytics): This tool was developed by Symantec and is used to uncover hidden and targeted attacks. It applies AI and machine learning to the processes, knowledge and capabilities of Symantec security experts and researchers. The TAA tool was used by Symantec to fight a Dragonfly 2.0 attack last year. This attack targeted several energy companies and tried to gain access to operational networks. The TAA tool analyzes incidents in the network against incidents found on their Symantec threat data lake. TAA reveals suspicious activities at each endpoint and compiles the information to determine whether each action indicates hidden evil activity. The TAA tool is now available for Symantec Advanced Threat Protection (ATP) customers.
  • 13. X Sophos Intercept Tool: The tool, the Intercept X, uses deep learning neural networks that work similar to the human brain.In 2010, the US Defense Advanced Research Project Agency (DARPA) created their first Cyber Genome Program to uncover ‘DNA’ of malware and other cyber threats, which led to the creation of algorithms on the Intercept X. Before the file is executed, the Intercept X can extract millions of features from the file, conduct in-depth analysis, and determine whether the file is benign or dangerous in 20 milliseconds. This model is trained about real-world feedback and sharing two-way threat intelligence through access to millions of samples provided by data scientists. This results in a high level of accuracy for existing malware and zero-day malware, and a lower false positive level. Intercept X uses behaviour analysis to limit new ransomware and boot-record attacks. Intercept X has been tested on several third parties such as the NSS laboratory and received a high score. It was also proven in VirusTotal since August 2016.
  • 14. Darktrace Antigena: Darktrace Antigena is Darktrace’s active self-defence product. Antigena extends Darktrace’s core capabilities to detect and replicate digital antibody functions that identify and neutralize threats and viruses. Antigena utilizes Darktrace’s Enterprise Immune System to identify suspicious activities and respond in real-time, depending on the severity of the threat. With the help of the underlying machine learning technology, Darktrace Antigena identifies and protects against unknown threats as they develop. This does this without the need for human intervention, prior knowledge of attacks, rules or signatures. With such automatic response capabilities, organizations can respond to threats quickly, without disrupting normal business activity patterns. The Darktrace Antigena module helps manage user and machine access to the internet, messaging protocols and machine and network connectivity through various products such as Antigena Internet, Antigena Communication, and Antigena networks.
  • 15. IBM QRadar Advisor: QRadar Advisor IBM uses IBM Watson technology to fight cyber attacks. Using AI to automatically investigate indicators of all compromises or exploits. QRadar advisors use cognitive reasoning to provide critical insight and further accelerate the response cycle. With the help of IBM QRadar Advisor, security analysts can assess threat incidents and reduce their risk of losing. IBM QRadar Advisor features: Automatic incident investigation, Give smart reasons, High priority risk identification, Key insights about users and important assets. The QRadar advisor with Watson investigated threat incidents by mining local data using what could be observed in the incident to gather a broader local context. This then quickly assessed the threat about whether they had passed a layered or blocked defence. QRadar identifies possible threats by applying cognitive reasoning. It connects threat entities associated with genuine incidents such as malicious files, suspicious IP addresses, and malicious entities to attract relationships between these entities. With this tool, one can get critical insights about an incident, such as whether the malware has been executed or not, with supporting evidence to focus your time on the threat of higher risks. Then make a quick decision about the best response method for your business. QRadar IBM can detect suspicious behaviour from people through integration with the User Behavior Analysis Application (UBA) and understand how certain activities or profiles affect the system.