![Attacker’s Use of AI Today
ME: Model Extraction
DE: Data Extraction
Ev: Model Evasion
Po: Model Poisoning
• Generate: DeepHack tool learned
SQL injection [DEFCON’17]
• Automate: generate targeted
phishing attacks on Twitter
[Zerofox Blackhat’16]
• Refine: Neural network powered
password crackers
• Evade: Generative adversarial
networks learn novel
steganographic channels
AI Powered Attacks
• Poison: Microsoft Tay chatbot
poisoning via Twitter (and Watson
“poisoning” from Urban
Dictionary) [Po]
• Evade: Real-world attacks on
computer vision for facial
recognition biometrics [CCS’16]
and autonomous vehicles
[OpenAI] [Ev]
• Harden: Genetic algorithms and
reinforcement learning (OpenAI
Gym) to evade malware detectors
[Blackhat/DEFCON’17] [Ev]
Attacking AI
• Theft: Stealing machine learning
models via public APIs
[USENIX’16] [DE]
• Transferability: Practical black-
box attacks learn surrogate
models for transfer attacks
[ASIACCS’17]
[ME, Ev]
• Privacy: Model inversion attacks
steal training data [CCS’15] [DE]
Theft of AI](https://image.slidesharecdn.com/20190603-ibm-sec-ai-for-cybersecurity-241108090611-b86573cf/85/AI-for-Cyber-Security-and-Adversarial-AI-17-320.jpg)
AI for Cyber Security and Adversarial AI
- 1. AI for Cyber Security and Adversarial AI Domenico Raguseo June 2019 @domenicoraguseo IBM Security / © 2019 IBM Corporation
- 2. 2 © 2018 IBM Corporation Grow Business Stop Threats Prove Compliance Get Ahead of Compliance Enhance Security Hygiene Detect & Stop Advanced Threats Orchestrate Incident Response Master Threat Hunting Secure Hybrid Cloud Protect Critical Assets Prevent Advanced Fraud Govern Users and Identities Let’s focus on the most critical security use cases Outcome Outcome Outcome Outcome- - - -driven driven driven driven security security security security 2 © 2018 IBM Corporation
- 3. 3 Reactive strategies driven by threats Products and processes deployed in silos Organizations and teams continue to work alone Complexity continues to be today’s top concern
- 4. 4 © 2018 IBM Corporation SECURITY SECURITY SECURITY SECURITY ORCHESTRATION ORCHESTRATION ORCHESTRATION ORCHESTRATION & ANALYTICS & ANALYTICS & ANALYTICS & ANALYTICS THREAT THREAT THREAT THREAT INTEL INTEL INTEL INTEL ENDPOINT ENDPOINT ENDPOINT ENDPOINT NETWORK NETWORK NETWORK NETWORK MOBILE MOBILE MOBILE MOBILE ADVANCED ADVANCED ADVANCED ADVANCED FRAUD FRAUD FRAUD FRAUD DATA DATA DATA DATA APPS APPS APPS APPS IDENTITY IDENTITY IDENTITY IDENTITY & ACCESS & ACCESS & ACCESS & ACCESS Build an integrated security immune system Criminal detection Fraud protection Data access control Application security management Application scanning Data protection Device management Transaction protection Content security Malware protection Endpoint detection and response Endpoint patching and management Network forensics and threat management Firewalls and intrusion prevention Network visibility and segmentation Access management Identity governance and administration Privileged user management IDaaS Mainframe security Threat sharing Vulnerability management Security analytics Threat and anomaly detection Incident response User behavior analytics Threat hunting and investigation IoCs | |
- 5. Analysis of an Incident
- 6. Activities performed during Business Email Compromise – Case A SECURITY SECURITY SECURITY SECURITY ORCHESTRATION ORCHESTRATION ORCHESTRATION ORCHESTRATION & ANALYTICS & ANALYTICS & ANALYTICS & ANALYTICS THREAT THREAT THREAT THREAT INTEL INTEL INTEL INTEL ENDPOIN ENDPOIN ENDPOIN ENDPOINT T T T NETWORK NETWORK NETWORK NETWORK MOBILE MOBILE MOBILE MOBILE ADVANCED ADVANCED ADVANCED ADVANCED FRAUD FRAUD FRAUD FRAUD DATA DATA DATA DATA APPS APPS APPS APPS IDENTITY IDENTITY IDENTITY IDENTITY & ACCESS & ACCESS & ACCESS & ACCESS Data access control Application security management Application scanning Data protection Device management Transaction protection Content security Malware protection Endpoint detection and response Endpoint patching and management Access management IDaaS Mainframe security Threat sharing IoCs | | Email is received with malicious attachment and “payload” macro is executed (malware defenses fail) Unpatched vulnerabilit y is exploited Command and control is allowed to be established Credentia l are stooled Kill Chain – Case A
- 7. Email is received with malicious attachment and “payload” macro is executed (malware defenses fail) File is Downloade d from a web site SECURITY SECURITY SECURITY SECURITY ORCHESTRATION ORCHESTRATION ORCHESTRATION ORCHESTRATION & ANALYTICS & ANALYTICS & ANALYTICS & ANALYTICS THREAT THREAT THREAT THREAT INTEL INTEL INTEL INTEL ENDPOIN ENDPOIN ENDPOIN ENDPOINT T T T NETWORK NETWORK NETWORK NETWORK MOBILE MOBILE MOBILE MOBILE ADVANCED ADVANCED ADVANCED ADVANCED FRAUD FRAUD FRAUD FRAUD DATA DATA DATA DATA APPS APPS APPS APPS IDENTITY IDENTITY IDENTITY IDENTITY & ACCESS & ACCESS & ACCESS & ACCESS Data access control Application security management Application scanning Data protection Device management Transaction protection Content security Malware protection Endpoint detection and response Endpoint patching and management Access management IDaaS Mainframe security Threat sharing IoCs | | Email is received with malicious attachment and “payload” macro is executed (malware defenses fail) Unpatched vulnerabilit y is exploited Identity and Access Command and control is allowed to be established Watering hole .. A change in attach strategy . Case B Kill Chain - Case B Case B =! Case A Kill Chain – Case A Case B =! Case A Attach Pattern A + B
- 8. 8 © 2018 IBM Corporation The future of Incident Analysis in Cyber Security is AI Use AI to gain a head start Automatically investigate incidents and anomalies to identify the most likely threats – Quickly gather insights from millions of external sources – Apply cognitive reasoning to build relationships
- 9. 9 | Welcome to the cognitive era. 9 Incident Analysis #2 most challenging area today is optimizing accuracy alerts (too many false positives) #3 most challenging area due to insufficient resources is threat identification, monitoring and escalating potential incidents (61% selecting) Speed gap The top cybersecurity challenge today and tomorrow is reducing average incident response and resolution time This is despite the fact that 80% said their incident response speed is much faster than two years ago Accuracy gap Intelligence gap #1 most challenging area due to insufficient resources is threat research (65% selecting) #3 highest cybersecurity challenge today is keeping current on new threats and vulnerabilities (40% selecting) Addressing gaps while managing cost and ROI pressures
- 10. Watson for cybersecurity unlocks a tremendous amount of security knowledge enabling rapid and comprehensive investigation insights IBM Watson for cyber security Corpus of Knowledge Human Generated Security Knowledge and IBM Research Threat databases Research reports Security textbooks Vulnerability disclosures Popular websites Blogs and social activity Other Threat databases Research reports Security textbooks Vulnerability disclosures Popular websites Blogs and social activity Other • Maintains the currency of • Leverages the power of collaboration and crowdsourcing of threat intelligence and activity for more accurate insights • Security Knowledge • Learns new threat relationships and behaviors • Performs cognitive exploration of suspicious activities and behaviors identifying root cause and additional indicators
- 11. The Corpus of Watson for CyberSecurity in action • Continually growing and adapting through the absorption of new security knowledge • Performs cognitive exploration of suspicious activities and behaviors identifying root cause and additional indicators • Creates and finds paths and linkages easily missed by humans • Learns, adapts and doesn’t forget
- 13. Detect and stop advanced threats Advanced analytics for advanced threat detection and response across the enterprise The User Behavior Analytics dashboard is an integrated part of the QRadar console
- 15. 15 © 2018 IBM Corporation AI and Orchestration What if you could augment your teams’ intelligence and response? Respond quickly with confidence Orchestrate a complete and dynamic response, enabling faster, more intelligent remediation – Create dynamic playbooks built on NIST / CERT / SANS – Deploy response procedures and expertise Rules Recommendations SIEM R ules im port Script ARA
- 16. Attacker’s Use of AI Today
- 17. Attacker’s Use of AI Today ME: Model Extraction DE: Data Extraction Ev: Model Evasion Po: Model Poisoning • Generate: DeepHack tool learned SQL injection [DEFCON’17] • Automate: generate targeted phishing attacks on Twitter [Zerofox Blackhat’16] • Refine: Neural network powered password crackers • Evade: Generative adversarial networks learn novel steganographic channels AI Powered Attacks • Poison: Microsoft Tay chatbot poisoning via Twitter (and Watson “poisoning” from Urban Dictionary) [Po] • Evade: Real-world attacks on computer vision for facial recognition biometrics [CCS’16] and autonomous vehicles [OpenAI] [Ev] • Harden: Genetic algorithms and reinforcement learning (OpenAI Gym) to evade malware detectors [Blackhat/DEFCON’17] [Ev] Attacking AI • Theft: Stealing machine learning models via public APIs [USENIX’16] [DE] • Transferability: Practical black- box attacks learn surrogate models for transfer attacks [ASIACCS’17] [ME, Ev] • Privacy: Model inversion attacks steal training data [CCS’15] [DE] Theft of AI
- 19. 2019+ Security at the Speed of Cloud OPERATIONAL SIMPLICITY GLOBAL-SCALE AI&ANALYTICS CONNECTED ECOSYSTEM Our continued journey 19 2011-2018 Security connected across the enterprise SECURITY SECURITY SECURITY SECURITY ORCHESTRATION ORCHESTRATION ORCHESTRATION ORCHESTRATION &ANALYTICS &ANALYTICS &ANALYTICS &ANALYTICS APPS APPS APPS APPS MOBILE MOBILE MOBILE MOBILE ENDPOINT ENDPOINT ENDPOINT ENDPOINT THREAT THREAT THREAT THREAT INTEL INTEL INTEL INTEL NETWORK NETWORK NETWORK NETWORK ADVANCED ADVANCED ADVANCED ADVANCED FRAUD FRAUD FRAUD FRAUD IDENTITY IDENTITY IDENTITY IDENTITY & ACCESS & ACCESS & ACCESS & ACCESS DATA DATA DATA DATA Before 2011 Security for an IT project
- 20. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2019. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal,and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU ibm.com/security/community