Implications of Artificial Intelligence for Cybersecurity Proceedings of a Workshop (2019) / Chapter Skim
Currently Skimming:
3 Currently Deployed Artificial Intelligence and Machine Learning Tools for Cyber Defense Operations
3 Currently Deployed Artificial Intelligence and Machine Learning Tools for Cyber Defense Operations
Pages 22-30
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 22... ...
Could they help defenders evaluate the strength of their defenses, forecast attacks, assess the impacts of an attack, or use knowledge about what went wrong to defend better against the next attack? To explore these issues more deeply with concrete examples, Manferdelli introduced the three panelists: Alex Kantchelian, software engineer, Google, Inc.; Dave Baggett, founder and CEO, INKY Technology Corporation; and Sven Krasser, chief scientist at CrowdStrike, Inc.
|
From page 23... ...
To address these shortcomings, Kantchelian's team developed and applied a more dynamic approach to catching unauthorized file access events, making use of ML-driven anomaly detection. Machine Learning- and Artificial Intelligence-Based Solutions Before describing the system his team developed, Kantchelian provided some background about potential ML-based solutions, beginning with supervised learning.
|
From page 24... ...
He concluded by commenting that this anomaly detection approach succeeded using pre-existing supervised learning methods (but with a new approach to the training data) and that his team is currently working to apply a similar approach to lower-level problems that are more subtle than document access.
|
From page 25... ...
Companies have also aimed to deal with these threats through phishing awareness training, sending human users examples of phishing emails to help teach them to be more cautious. However, Baggett noted that it is increasingly difficult for users to tell the difference between genuine and fraudulent emails, as attackers have become better and better at creating realistic fakes.
|
From page 26... ...
SELECTED MACHINE LEARNING APPLICATIONS AT CROWDSTRIKE Sven Krasser, CrowdStrike, Inc. Krasser, who has been applying ML in the information security industry for nearly 15 years, discussed ML-based methods used by CrowdStrike in its security products, with an emphasis on their use for malware detection.
|
From page 27... ...
Krasser showed example data based on the daily performance of a single model on new, unseen malware files. The model showed continuous performance in the high nineties to close to 100 percent detection rate over several months without visible decay in efficacy.
|
From page 28... ...
Some malicious processes like exploitations are easier to detect than others, but sequence learning techniques can be used to detect stack outliers, he said. Krasser stressed the importance of continuously updating the ground truth, especially for behavioral artifacts.
|
From page 29... ...
Building on this point, O'Reilly noted that gradual narrowing could be analogous to a common phenomenon in economics in which markets become more homogeneous over time. False Positives and Human Factors Rao Kambhapati noted that the three speakers had addressed similar types of applications, focused on identification of anomalies or outliers -- in particular, malware and phishing emails.
|
From page 30... ...
He noted the importance of including some way to deal with false positives in product designs -- the spam folder being the common example in the context of emails. Krasser added that a model might not have included important factors that would indicate a message is valid, or might have accounted for them but still somehow yielded an incorrect output.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.