AI for CyberSecurity
In the last few years, when the cybercrooks have speeded their execution plan on making quick money by ransomware attacks. All enterprises, including banks, government offices, police stations, big and small businesses, have witnessed WannaCry, Petya, NotPetya ransomware attacks. The question for us is what we can do to defend from cyber threats? The cybersecurity industry is pitching heavily to leverage AI to combat cyber threats. Almost every cybersecurity vendor is claiming to have AI in its product. This makes it difficult for end-user enterprises to choose the product, and they need to evaluate the AI capabilities of multiple vendors. In this talk, I will cut the hype and discuss the reality of what AI can do for cybersecurity? I will share use cases, data pipeline, architecture, algorithms that are proven for information security along with the challenges in deploying them in the wild. The audience will be able to learn how to combine AI with domain knowledge to make an enterprise AI solution.
Outline/Structure of the Talk
This talk focuses on how AI can be leveraged to solve some of the subproblems in cybersecurity. The talk will start with a discussion on why there is a surge in data breaches, and cybersecurity attacks? Then I will discuss some of the use cases, data pipeline, and architectural details of AI solutions for the cybersecurity. Here is a detailed plan for the talk:
(1) The current state of Information security and tools (5 mins).
(2) A brief history and current status of using AI for the InfoSec (5 mins).
Currently, security data science tools primarily process raw data from multiple data sources such as network flows, authentication logs, firewall logs, endpoints, and detect anomalous events. These tools generate a large number of false positives, and they need to be further investigated by security analysts. Specifically, I will address the following questions:
- What is the foundation of current security data science tools?
- What are the pros and cons of existing tools?
(3) AI use cases, data pipeline, architecture, and data experiments (15 mins): Following questions will be addressed:
- What are the different use cases that can be enabled by AI?
- How would it transform the incident response?
- What's a typical data pipeline and architecture of cybersecurity AI solution?
- Demo 1: PowerShell Obfuscation Detection using Deep Learning Neural Networks
- Demo 2: Malicious URL Detection using Recurrent Neural Networks
(4) Challenges and limitations of using AI alone for cybersecurity (5 mins)
- AI generates too many false positives
- Enterprises can investigate only 2-5% of alerts due to the limited number of security analysts
- Need for an automated response, not just detection
(5) Our approach: fuse deception with AI (10 mins):
A key objective of the deception is to deceive the inside-network attacks and threats to detect, engage, trap, and remediate them. Deception provides high fidelity alerts, and AI delivers an ability to construct context about the alert. By fusing deception and data science, security analysts can do proactive defense. We shall demonstrate our approach with specific case studies:
- Demo 3- Detecting and Inferring threats in a high interaction decoy using AI engine
(6) Q&A (5 mins)
- A broad, high-level view of the cybersecurity industry and use cases of AI for cybersecurity
- Learn about open research problems that exist at the intersection of domain knowledge and AI
- Know more about a new expert "Security Data Scientist" who is needed in the security team
Information Security Practitioners, Data Science Practitioners, CIOs