#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Artifical intelligence), Deep learning(DL)" By Pankaj Kumar

#ATAGTR2019
Security Testing using ML(Machine Learning),
AI(Artificial Intelligence) & (DL)Deep Learning
Pankaj Kumar
14th 15th Dec 2019

#ATAGTR2019
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media marketing, publishing it on ATA Blog or ATA social medial
channels(Provided due credit is given to me/us)
Problem Statement:
In recent years, cybercrime has been responsible for more that $400 billion in funds stolen and costs
to mitigate damages caused by crimes.
The increased usage of cloud services, growing number of users, changes in network infrastructure
that connect devices running mobile operating systems, and constantly evolving network technology
cause novel challenges for cyber security that have never been foreseen before.
The world is becoming increasingly digitalized - raising security concerns and the desperate need for
robust and advanced security technologies and techniques to combat the increasing complex nature of
cyber-attacks.

#ATAGTR2019
Solution
With the growing threat of cybersecurity, studies are focusing on machine learning and its vast set of
tools and techniques to identify, stop and respond to sophisticated cyber-attacks. Machine learning can
be leveraged in various domains of cyber security to provide analytical based approaches for attack
detection and response. It can also enhance security processes by automating routine tasks and making
it easy for security analysts to quickly work with semi-automated tasks.
This paper discusses how machine learning is being used in cyber security in both defense and offense
activities, including discussions on cyber-attacks targeted at machine learning models. Specifically, we
discuss the applications of machine learning in carrying out cyber-attacks, such as in smart botnets,
advanced spear fishing and evasive malwares. We also explain the application of machine learning in
cyber security, such as in threat detection and prevention, malware detection and classification, and
network risk scoring.
Using machine learning and AI to help automate threat detection and response can ease the burden on
employees, and potentially help identify threats more efficiently than other software-driven approaches.
.

#ATAGTR2019
Benefit
Machine learning can be used to automate repetitive tasks carried out by security analysts during security activities.
This can be done through analyzing records/reports of past actions taken by security analysts to successfully
identify and respond to certain attacks and using this knowledge to build a model that can identify similar attacks
and respond accordingly without human intervention
Machine learning can be applied in a security context from both a defense and attack perspective as well as the
potential threats targeted at machine learning models. Clearly it can be seen that machine learning is a powerful tool
that can be used for automating complex defense and offense cyber activities.
Hence, with cybercriminals also leveraging machine learning in their arsenal of cyber weapons, we are expected to
experience more sophisticated and big attacks powered by AI. It is therefore of vital importance that security
specialists as well as machine learning practitioners stay abreast with the recent advancements in machine learning
including adversarial machine learning so as to constantly be on the lookout to make use of potential AI related
security applications.
This paper can act as basis for future research that can focus on analyzing existing security solutions and the
various challenges of leveraging machine learning to develop and deploy scalable cybersecurity systems in
production environments
.
.

#ATAGTR2019

#ATAGTR2019
.
.
.

#ATAGTR2019
 Big Terms AI, MI and DI and above all Cyber Security
 AI (Artificial Intelligence) —
 A broad concept.A Science of making things smart or, in other
words, human tasks performed by machines (e.g., Visual
Recognition, NLP, etc.). The main point is that AI is not exactly
machine learning or smart things. It can be a classic program
installed in your robot cleaner like edge detection. Roughly
speaking, AI is a thingthat somehow carry out human tasks.

#ATAGTR2019
Use Of AI for cyber security
Biometric logins are increasingly being used to create secure logins by either scanning fingerprints,
retinas, or palm prints. This can be used alone or in conjunction with a password and is already
being used in most new smartphones. Large companies have been the victims of security
breaches which compromised email addresses, personal information, and passwords. Cyber
security experts have reiterated on multiple occasions that passwords are extremely vulnerable to
cuber attacks, compromising personal information, credit card information, and social security
numbers. These are all reasons why biometric logins are a positive AI contribution to cyber
security.
AI can also be used to detect threats and other potentially malicious activities. Conventional
systems simply cannot keep up with the sheer number of malware that is created every month, so
this is a potential area for AI to step in and address this problem. Cyber security companies are
teaching AI systems to detect viruses and malware by using complex algorithms so AI can then run
pattern recognition in software. AI systems can be trained to identify even the smallest behaviors of
ransomware and malware attacks before it enters the system and then isolate them from that
system. They can also use predictive functions that surpass the speed of traditional approaches.
Systems that run on AI unlock potential for natural language processing which collects information
automatically by combing through articles, news, and studies on cyber threats. This information
can give insight into anomalies, cyber attacks, and prevention strategies. This allows cyber security
firms to stay updated on the latest risks and time frames and build responsive strategies to keep
organizations protected.

#ATAGTR2019
 ML (Machine Learning) —
 an Approach(just one of many approaches) to AI thatuses a system that is
capable of learning from experience. It is intended not only for AI goals
(e.g., copying human behavior) but it can also reduce the efforts and/or
time spent for both simple and difficult tasks like stock price prediction. In
other words, ML is a system that can recognize patterns by using
examples rather than by programming them. If your system learns
constantly, makes decisions based on data rather than algorithms, and
change its behavior, it’s Machine Learning.

#ATAGTR2019
 DL (Deep Learning)
 a set of Techniques for implementing machine learning that
recognize patterns of patterns -•like image recognition. The
systems identify primarily object edges, a structure, an object
type, and then an object itself. The point is that Deep Learning is
not exactly Deep Neural Networks. There are other algorithms,
which were improved to learn patterns of patterns, such as Deep
Q Learning in Reinforcement task.

#ATAGTR2019
Deep Learning
1.Deep Learning is a subset of Machine Learning.
2.It solves complex problems.
3. It works on high end machines.
4. It works on artificial neural network to solve the problems.
5. It wants enormous amount of input data (Unlabeled).
6. It takes lots of time to solve the problem.
7. It solves the complete problem on end to end system and
produce output.
8. Example: Number Plate Detection, Automatic Language
Translation etc
.

#ATAGTR2019
Approaches to Solving ML Tasks
Trends of the past:
Supervised learning. Task Driven approach. First of all, you should label data like feeding a model
with examples of executable files and saying that this file is malware or not. Based on this labelled
data, the model can make decisions about the new data. The disadvantage is the limit of the
labelled data.
Eensemble learning.This is an extension of supervised learning while mixing different simple models
to solve the task. There are different methods of combining simple models.
Current trends
Unsupervised Learning. Data Driven approach. The approach can be used when there are no
labelled data and the model should somehow mark it by itself based on the properties. Usually it is
intended to find anomalies in data and considered to be more powerful in general as it’s almost
impossible to mark all data. Currently it works less precisely than supervised approaches.
Semi-supervised learning. As the name implies, semi-supervised learning tries to combine benefits
from both supervised and unsupervised approaches, when there are some labelled data.
Future trends (well, probably)

#ATAGTR2019
Approaches to Solving ML Tasks(Contd.)
Future trends (well, probably)
Reinforcement learning. Environment Driven approach can be used when the behavior should
somehow react on the changing environment. It’s like a kid who is learning environment by trial and
error.
Active learning. It’s more like a subclass of Reinforcement learning that probably will grow into a
separate class. Active learning resembles a teacher who can help correct errors and behavior in
addition to environment changes.

#ATAGTR2019
Machine learning means solving certain tasks with the use of an approach and particular
methods based on data you have.
Most of tasks are subclasses of the most common ones, which are described below.
Regression (or prediction)— a task of predicting the next value based on the previous values.
Classification — a task of separating things into different categories.
Clustering— similar to classification but the classes are unknown, grouping things by their similarity.
Association rule learning (or recommendation) — a task of recommending something based on the previous
experience.
Dimensionality reduction— or generalization, a task of searching common and most important features in
multiple examples.
Generative models— a task of creating something based on the previous knowledge of the distribution

#ATAGTR2019
Machine Learning tasks and Cybersecurity
Let’s see the examples of different methods that can be used to solve machine learning tasks and how
they are related to cybersecurity tasks.
Regression
Regression (or prediction) is simple. The knowledge about the existing data is utilized to have an idea of
the new data. Take an example of house prices prediction. In cybersecurity, it can be applied to fraud
detection. The features (e.g., the total amount of suspicious transaction, location, etc.) determine a
probability of fraudulent actions.
As for technical aspects of regression, all methods can be divided into two large categories: machine
learning and deep learning. The same is used for other tasks.
For each task, there are the examples of ML and DL methods.

#ATAGTR2019
Machine learning for regression
Below is a short list of machine learning methods (having their own advantages and disadvantages)
that can be used for regression tasks.
 Liner regression
 Polynomial regression
 Ridge regression
 Decision trees
 SVR (Support Vector Regression)
 Random forest

#ATAGTR2019
Classification
Classification is also straightforward. Imagine you have two piles of pictures classified by type (e.g., dogs and cats). In terms of
cybersecurity, a spam filter separating spams from other messages can serve as an example. Spam filters are probably the first ML
approach applied to Cybersecurity tasks.
The supervised learning approach is usually used for classification where examples of certain groups are known. All classes should
be defined in the beginning.
Below is the list related to algorithms.
Machine learning for classification
 LogisticRegression (LR)
 K-Nearest Neighbors (K-NN)
 Support Vector Machine (SVM)
 KernelSVM
 NaiveBayes
 DecisionTreeClassification
 Random Forest Classification
It’s considered that methods like SVM and random forests work best. Keep in mind that there are no one-size-fits-all rules, and they
probably won’t operate properly for your task

#ATAGTR2019
Deep learning for classification
 Artificial Neural Network
 Convolutional Neural Networks
Deep learning methods work better if you have more data. But they consume more
resources especially if you are planning to use it in production and re-train systems
periodically.

#ATAGTR2019
Clustering
Clustering is similar to classification with the only but major difference. The information
about the classes of the data is unknown. There is no idea whether this data can be
classified. This is unsupervised learning.
Supposedly, the best task for clustering is forensic analysis. The reasons, course, and
consequences of an incident are obscure. It’s required to classify all activities to find
anomalies. Solutions to malware analysis (i.e., malware protection or secure
email gateways) may implement it to separate legal files from outliers.
Another interesting area where clustering can be applied is user behavior analytics. In this
instance, application users cluster together so that it is possible to see if they should belong
to a particular group.
Usually clustering is not applied to solving a particular task in cybersecurity as it is more
like one of the subtasks in a pipeline (e.g., grouping users into separate groups to adjust risk
values).

#ATAGTR2019
Machine learning for clustering
 K-nearest neighbours (KNN)
 K-means
 Mixturemodel(LDA)
 DBSCn
 Bayesian
 GaussianMixtureModel
 Agglomerative
 Mean-shift
Deep learning for clustering
 Self-organized Maps (SOM) or Kohonen Networks

#ATAGTR2019
Association Rule Learning (Recommendation Systems)
Netflix and SoundCloud recommend films or songs according to your movies or music preferences. In cybersecurity,
this principle can be used primarily for incident response. If a company faces a wave of incidents and offers various
types of responses, a system learns a type of response for a particular incident (e.g., mark it as a false positive, change
a risk value, run the investigation). Risk management solutions can also have a benefit if they automatically
assign risk values for new vulnerabilities or misconfigurations built on their description.
There are algorithms used for solving recommendation tasks.
Machine learning for association rule learning
 Apriori
 Euclat
 FP-Growth
Deep learning for association rule learning
 Deep Restricted Boltzmann Machine (RBM)
 Deep Belief Network (DBN)
 Stacked Autoencoder

#ATAGTR2019
Dimensionality Reduction
Dimensionality reduction or generalizationis notas popular as classification, but necessary if you deal with
complex systems with unlabeled data and many potential features. You can’t apply clustering because typical
methods restrict the number of features or they don’t work. Dimensionality reduction can help handle it and cut
unnecessary features. Like clustering, dimensionality reduction is usually one of the tasks in a more complex
model. As to cybersecurity tasks, dimensionality reduction is common for face detection solutions — the ones you
use in your IPhone.
Machine learning dimensionality reduction
 Principal Component Analysis (PCA)
 Singular-value decomposition (SVD)
 T-distributed Stochastic Neighbor Embedding (T-SNE)
 Linear Discriminant Analysis (LDA)
 Latent Semantic Analysis (LSA)
 Factor Analysis (FA)
 Independent Component Analysis (ICA)
 Non-negative Matrix Factorization (NMF)

#ATAGTR2019
Generative Models
The task of generative models differs from the above-mentioned ones. While those tasks deal with the existing information and associated decisions, generative
models are designed to simulate the actual data (not decisions) based on the previous decisions.
The simple task of offensive cybersecurity is to generate a list of input parameters to test a particular application for Injection vulnerabilities.
Alternatively, you can have a vulnerability scanning tool for web applications. One of its modules is testing files for unauthorized access. These tests are able to
mutate existing filenames to identify the new ones. For example, if a crawler detected a file called login.php, it’s better to check the existence of any backup or test
its copies by trying names like login_1.php, login_backup.php, login.php.2017. Generative models are good at this.
Machine learning generative models
 Markov Chains
 Genetic algorithms
Deep learning generative models
 Variational Autoencoders
 Generative adversarial networks (GANs)
 Boltzmann Machines
Recently, GANs showed impressive results. They successfully mimic a video. Imagine how it can be used for generating examples for fuzzing.

#ATAGTR2019
Deep learning for regression
For regression tasks, the following deep learning models can be used:
 Artificial Neural Network (ANN)
 Recurrent Neural Network (RNN)
 Neural Turing Machines (NTM)
 Differentiable Neural Computer (DNC)
Approaches to Solving ML Tasks

#ATAGTR2019
Relevance of each security analytics to top threats

#ATAGTR2019
Cybersecurity Tasks and Machine Learning
Instead of looking at ML tasks and trying to apply them to cybersecurity, let’s look at the common cybersecurity tasks and machine
learning opportunities. There are three dimensions (Why, What, and How).
The first dimension is a goal, or a task (e.g., detect threats, predict attacks, etc.). According to Gartner’s PPDR model, all security
tasks can be divided into five categories:
 prediction;
 prevention;
 detection;
 response;
 monitoring.
The second dimension is a technical layer and an answer to the “What” question (e.g., at which level to monitor issues). Here is the
list of layers for this dimension:
 network (network traffic analysis and intrusion detection);
 endpoint (anti-malware);
 application (WAF or database firewalls);
 user (UBA);
 process (anti-fraud).

#ATAGTR2019
Machine learning for Application Security
Application security is my favourite area, by the way, especially ERP Security.
Where to use ML in app security? — WAFs or Code analysis, both static and dynamic. To remind you,
Application security can differ. There are web applications, databases, ERP systems, SaaS applications,
micro services, etc. It’s almost impossible to build a universal ML model to deal with all threats effectively in
near future. However, you can try to solve some of tasks.

#ATAGTR2019
Examples Of Machine Learning for application security:
 regression to detect anomalies in HTTP requests (for example, XXE and SSRF attacks and auth bypass);
 classification to detect known types of attacks like injections (SQLi, XSS, RCE, etc.);
 clustering user activity to detect DDOS attacks and mass exploitation.
Conclusion
There are moreareas left. I have outlined the basics. On the one hand, machine learning is definitely not a silver-bullet solution if
you want to protect your systems. Undoubtedly, there are many issues with interpretability (particularly for deep learning
algorithms), but humans also cannot interpret their own decisions, right?
On the other hand,with the growing amount of data and decreasing number of experts, ML is an only remedy. It works now and will
be mandatory soon. It is better to start right now.
.

#ATAGTR2019
Machine Learning: Practical Applications for Cybersecurity
Key Takeaways
Despite what you’ve seen in the movies, machines are not about to replace the need for human intelligence.
 The future of cybersecurity isn’t about man OR machine — it’s about man AND machine. In chess, a team of amateurs operating even
standard desktop PCs dramatically outperforms both the strongest human players and the most powerful supercomputers in isolation.
 The secret to actionable threat intelligence lies in playing to the individual strengths of machines and human analysts. Machines
perform the heavy lifting (data aggregation, pattern recognition, etc.) and provide a manageable number of actionable insights. From
there, human analysts make decisions on how to act.
 One of the biggest barriers to human intelligence is language. With modern natural language processing, machines can process text
irrespective of language, including slang and industry jargon.
 The battle in threat intelligence is balancing time and context. Analysts need intelligence promptly, but they also need enough
information to make a decision on how to act. This is only possible using modern AI and machine-learning processes.

#ATAGTR2019
Specifically, AI encompasses any case where a machine is designed to complete tasks which,
if done by a human, would require intelligence. Within AI there are a variety of technologies,
including:
Machine learning — Machines which “learn” while processing large quantities of data,
enabling them to make predictions and identify anomalies.
Knowledge representations — Systems of data representation that enable machines to solve
complex problems (e.g., ontologies).
Rule-based systems — Machines that process inputs based on a set of predetermined rules.

#ATAGTR2019
This type of system offers huge benefits to the field of
cybersecurity, where it can process a huge number of data points
very quickly, irrespective of source language.

#ATAGTR2019
Breaking the Language Barrier

#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Artifical intelligence), Deep learning(DL)" By Pankaj Kumar

More Related Content

What's hot

Similar to #ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Artifical intelligence), Deep learning(DL)" By Pankaj Kumar

More from Agile Testing Alliance

Recently uploaded

#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Artifical intelligence), Deep learning(DL)" By Pankaj Kumar