Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Understanding the "Intelligence" in AI


Published on

In this presentation I explore the topic of artificial intelligence in cyber security. What is AI and how do we get to real intelligence in a cyber context. I outline some of the dangers of the way we are using algorithms (AI, ML) today and what that leads to. We then explore how we can add real intelligence through export knowledge to the problem of finding attackers and anomalies in our applications and networks.
Presented at AI 4 Cyber in NYC on April 30, 2019

Published in: Science
  • Login to see the comments

  • Be the first to like this

Understanding the "Intelligence" in AI

  1. 1. Understanding the "Intelligence" in AI RAFFAEL MARTY VP Research and Intelligence Head of X-Labs, Forcepoint AI 4 Cyber | April 2019 | New York City
  2. 2. A BRIEF SUMMARY We don’t have artificial intelligence (yet) Algorithms can be dangerous - Understand your data and your algorithms Build systems that capture “expert knowledge” and augment human capabilities Escape the cat and mouse game between attackers and security Copyright © 2019 Raffael Marty. | 2
  3. 3. RAFFAEL MARTY Sophos PixlCloud Loggly Splunk ArcSight IBM Research Security Visualization Big Data ML & AI SIEM Corp Strategy Leadership Zen Copyright © 2019 Raffael Marty | 3
  4. 4. BEAT WORLD CHAMPION AT GO DESIGN MORE EFFECTIVE DRUGS MAKE SIRI SMARTER ARTIFICIAL INTELLIGENCE Deep Learning Statistics Unsupervised Machine Learning Natural Language Processing
  5. 5. THE DANGERS OF AI SECURITY EXAMPLES Fooling Facial Recognition Hack Crash Tweet Blacklisting of Windows Executable Pentagon AI Fail Algorithm Bias NOTIFY_SOCKET=/run/syst emd/notify systemd-notify "" Data Biases
  6. 6. WHAT MAKES ALGORITHMS DANGEROUS? Algorithms make assumptions about the data. Algorithms are too easy to use. Algorithms do not take domain knowledge into account. History is not a predictor of the future. Copyright © 2019 Raffael Marty. | 6
  7. 7. UNDERSTAND YOUR DATA dest port! Port 70000? src ports!
  8. 8. CHOOSING THE CORRECT ALGORITHM PARAMETERS The dangers of not understanding algorithmic parameters t-SNE clustering of network traffic from two types of machines perplexity = 3 epsilon = 3 No clear separation perplexity = 3 epsilon = 19 3 clusters instead of 2 perplexity = 93 epsilon = 19 What a mess Copyright © 2019 Raffael Marty. | 8
  10. 10. IOCs to Behaviors IOCs / Traditional Threat Intel Behavior ESCAPING THE SECURITY CAT AND MOUSE GAME CnC Bot Bot IOC: Compromised IP addresses • Characterizing machine and human behavior • Leverage risk-based approaches • From reactive to proactive • From detection to protection / automation Behavior: Botnet characteristics Traffic size: 200-350bytes Periodicity: 2 minutes Jitter: 12 seconds IPv4 proto: 6 App protocol: HTTPS
  11. 11. TAKEAWAYS “Algorithms are getting ‘smarter’, but experts are more important” “Understand your data, your algorithms, and your data science process” “History is not a predictor – but knowledge can be”
  12. 12. @raffaelmarty QUESTIONS? Copyright © 2019 Raffael Marty. | 15