The National Academies Press

Currently Skimming:

7 Wrap-Up Discussion: Identifying Key Implications and Open Questions
Pages 61-70

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 61... ... Jay Stokes mentioned recent work from Microsoft Research toward concrete applications of AI and ML across the cyber kill chain. One study1 presented a new system -- tested on data sets that included one targeted, real-world attack -- for detecting an adversary's lateral movement 2 within a network. Read the entire page →
From page 62... ... In the prevention space, he said ML is poised to help with user authentication, including with biometric data, as well as with automatically generating firewall or intrusion prevention rules. For detection, both industry and academic researchers are looking at ML to help with attack detection, intrusion detection, malware detection, clustering, and anomaly detection. Read the entire page →
From page 63... ... In order to make progress, for example, on collecting measurements and risk analysis, the ML community needs help from others: it needs to be able to share data privately and anonymously and to use that shared data to produce aggregate models, predictions, and forecasts that still manage to keep the data de-identified. She identified technology and policy for secure, private, and trustworthy data sharing as a fundamental problem for ML researchers working in cybersecurity. Read the entire page →
From page 64... ... He compared the use of a deep neural networks to a practical deployment of a decision tree, which would in practice include thousands of decision trees with thousands of leaves. Looking at the layers of a deep neural network reveals some representation of the data, and while we may not be able to explain different features extracted by individual neurons, that might not be necessary. Read the entire page →
From page 65... ... While micro controls focus on individual defense techniques, macro controls are the patterns that would be deployed into an environment to limit the "blast radius" when a system is under attack and things go wrong. Lastly, he suggested that the ML community sets its focus too narrowly on certain aspects of cybersecurity, overlooking opportunities to apply AI and ML more generally to functions like auditing, managing information technology (IT) Read the entire page →
From page 66... ... The business sectors that are applying the technology in the area of cybersecurity are the big technology companies, the big financial companies, and in many cases the security vendors that work with those technology and financial companies. He reiterated that AI and ML technologies are sometimes used even when simpler solutions exist; on the other hand, they may be underused in some areas that could benefit, such as natural language processing for encoding and analyzing data about security incidents, large-scale Web crawling for sentiment analysis, and brand protection. Read the entire page →
From page 67... ... Kambhampati identified the AI research topics of sequential decision-making and planning as potentially useful on the strategy front. He also emphasized penetration testing -- testing a system to find security vulnerabilities that an attacker could exploit and then trying to figure out what an attacker will do -- as an example of a more strategic approach to cybersecurity that could be addressed via AI and automation beyond ML. Read the entire page →
From page 68... ... He added that technologies such as automation can be valuable, but the whole field is complicated by the fact that one is facing adaptable human adversaries while at the same time facing the challenge of convincing users on the defense side to believe in an automated or AI system. Lura Danley, MITRE Corporation, also highlighted the human aspects of cybersecurity, noting that many of the words used in research and application -- such as privacy, security, and trust -- are being used in a mathematical and statistical context and might not have the same meaning for the human user. Read the entire page →
From page 69... ... Kantchelian suggested that no real progress can be made without real data. For security, that means heterogenous massive data across the computing stack, and from low-level network flows and CPU activity to high-level application-specific activity, capturing all observable human behavior of interest. Read the entire page →
From page 70... ... in AI so that the approach, applicability, governance process, risks, and complexity are all applicable to the national security mission -- particularly important with the launch of DoD's Joint Artificial Intelligence Center and the IC's Augmenting Intelligence using Machines (AIM Initiative) strategy, which represent a significant investment on their own, independent of Intelligence Advanced Research Projects Activity, DARPA, NSF, and other R&D funding. Read the entire page →

From page 61...

... Jay Stokes mentioned recent work from Microsoft Research toward concrete applications of AI and ML across the cyber kill chain. One study1 presented a new system -- tested on data sets that included one targeted, real-world attack -- for detecting an adversary's lateral movement 2 within a network.

Read the entire page →

From page 62...

... In the prevention space, he said ML is poised to help with user authentication, including with biometric data, as well as with automatically generating firewall or intrusion prevention rules. For detection, both industry and academic researchers are looking at ML to help with attack detection, intrusion detection, malware detection, clustering, and anomaly detection.

Read the entire page →

From page 63...

... In order to make progress, for example, on collecting measurements and risk analysis, the ML community needs help from others: it needs to be able to share data privately and anonymously and to use that shared data to produce aggregate models, predictions, and forecasts that still manage to keep the data de-identified. She identified technology and policy for secure, private, and trustworthy data sharing as a fundamental problem for ML researchers working in cybersecurity.

Read the entire page →

From page 64...

... He compared the use of a deep neural networks to a practical deployment of a decision tree, which would in practice include thousands of decision trees with thousands of leaves. Looking at the layers of a deep neural network reveals some representation of the data, and while we may not be able to explain different features extracted by individual neurons, that might not be necessary.

Read the entire page →

From page 65...

... While micro controls focus on individual defense techniques, macro controls are the patterns that would be deployed into an environment to limit the "blast radius" when a system is under attack and things go wrong. Lastly, he suggested that the ML community sets its focus too narrowly on certain aspects of cybersecurity, overlooking opportunities to apply AI and ML more generally to functions like auditing, managing information technology (IT)

Read the entire page →

From page 66...

... The business sectors that are applying the technology in the area of cybersecurity are the big technology companies, the big financial companies, and in many cases the security vendors that work with those technology and financial companies. He reiterated that AI and ML technologies are sometimes used even when simpler solutions exist; on the other hand, they may be underused in some areas that could benefit, such as natural language processing for encoding and analyzing data about security incidents, large-scale Web crawling for sentiment analysis, and brand protection.

Read the entire page →

From page 67...

... Kambhampati identified the AI research topics of sequential decision-making and planning as potentially useful on the strategy front. He also emphasized penetration testing -- testing a system to find security vulnerabilities that an attacker could exploit and then trying to figure out what an attacker will do -- as an example of a more strategic approach to cybersecurity that could be addressed via AI and automation beyond ML.

Read the entire page →

From page 68...

... He added that technologies such as automation can be valuable, but the whole field is complicated by the fact that one is facing adaptable human adversaries while at the same time facing the challenge of convincing users on the defense side to believe in an automated or AI system. Lura Danley, MITRE Corporation, also highlighted the human aspects of cybersecurity, noting that many of the words used in research and application -- such as privacy, security, and trust -- are being used in a mathematical and statistical context and might not have the same meaning for the human user.

Read the entire page →

From page 69...

... Kantchelian suggested that no real progress can be made without real data. For security, that means heterogenous massive data across the computing stack, and from low-level network flows and CPU activity to high-level application-specific activity, capturing all observable human behavior of interest.

Read the entire page →

From page 70...

... in AI so that the approach, applicability, governance process, risks, and complexity are all applicable to the national security mission -- particularly important with the launch of DoD's Joint Artificial Intelligence Center and the IC's Augmenting Intelligence using Machines (AIM Initiative) strategy, which represent a significant investment on their own, independent of Intelligence Advanced Research Projects Activity, DARPA, NSF, and other R&D funding.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

7 Wrap-Up Discussion: Identifying Key Implications and Open Questions Pages 61-70

7 Wrap-Up Discussion: Identifying Key Implications and Open Questions
Pages 61-70