influence of AI in IS
- 1. Influence of Artificial Intelligence in IS Riyaz
- 2. Agenda • Artificial Intelligence • Industries and Jobs • Adoption • Drivers and variations • Machine Learning • Training Types • Deep Learning • Implementation & Products • Internet of Things (IoT) • Issues with IoT • Attacks • Security Analytics • Usage of Data • Advantages, Disadvantages, Recommendation & Conclusion • Summary • Q & A 2
- 5. What is AI? 1:a branch of computer science dealing with the simulation of intelligent behavior in computers 2:the capability of a machine to imitate intelligent human behavior • AI Effect Problems already resolved are considered not AI. • Originally coined by Standard computer scientist in 1956 • https://en.wikipedia.org/wiki/Artificial_intelligence 5
- 6. Continued (1).. • AI is a science and technology based on disciplines such as: • Data science • Biology • Psychology • Mathematics • Engineering • Linguistics 6
- 7. Continued (2).. • The main goal of AI is to create technology that allows computers and machines to function in an intelligent manner. Following are the problems AI tries to resolve: • Learning • Natural Language Processing • Reasoning and problem solving • Planning • Creativity • Social Intelligence • General Intelligence • Knowledge representation • Perception • Motion and manipulation 7
- 8. Around Us • Product Recommendation Amazon, Netflix • Natural language translation Google, Microsoft • Spam detection Google, Yahoo, MS, FB, Twitter • Siri Apple’s personal assistant • Games Call of Duty and Far Cry • Customer Support Chat Bots 8
- 11. Regional Adoption • TAQNIA can automatically detect and monitor unusual activities across vast amounts of terrain using Simularity AI software • Dubai Electricity and Water Authority use AI to answer customer enquiries in both English and Arabic, through a 24- hour chatbot. • AI Gernas – Drone for traffic mgmt. 11
- 12. AI Jobs • Manufacturing workers (19%) • Banking (18%) • Construction (10%) • Public transport (9%) • Financial analysis (9%) • Insurance companies (8%) • Taxi Drivers (7%) • Farming (6%) • Policing/Security (5%) • Healthcare/hospitals (4%) • Science (4%) http://uk.businessinsider.com/industries-most-under-threat-from-artificial-intelligence-2017-6/#11-science-4-1 Oxford University study predicted 47% of jobs could be automated by 2033. 12
- 15. Key Drivers • Computing performance and speed • Advances in the implementation of Algorithms • Ease of collecting data 15
- 16. AI Variations • Strong AI Simulate the actual human intelligence (Not Yet) • Weak AI Exhibit certain criteria but not all (Deep Blue) • AI between Inspired by human reasoning (IBM Watson) • General AI Ability to reason in general (Solve any problem) • Narrow AI Machines designed for specific purpose (Many) 16
- 19. What is ML? 19 In a 2015 report, ISACA defined machine learning as: The use of computing resources that have the ability to learn (acquire and apply knowledge and skills that maximize the chance of success). These cognitive systems have the potential to learn from business related interactions and deliver evidence-based responses to transform how organizations think, act and operate. http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/innovation-insights.aspx
- 20. Continued (1) 20
- 21. Malware Detection • From Incident Response • Is a file or event malicious? (Yes, No) • If malicious, what type of malware is it? (Trojan, Worm, etc.) • How can I quantify the risks of the attach? (High, Medium, Low) • How can I determine if the attack is part of a larger campaign against my infrastructure? (APT, spear phishing) • How likely am I to get hit again? (Next hour, week, month) 21
- 22. Traditional Approaches • Static • Packet, file type and size • Static property signatures • Scalable but lacks coverage • Behavioral • Manually create “behavioral signatures” • Better coverage, but not always scalable • Reputation • “Crowdsourcing” the detection • Can’t detect targeted threats 22
- 24. Continued .. 24
- 25. ML Training Methods • Supervised Learning • Unsupervised Learning • Semi-supervised Learning • Reinforcement Learning 25
- 27. Continued 27
- 29. Continued 29
- 30. Reinforcement Learning • Deep Mind’s Go Game is based on this. 30 https://youtu.be/TnUYcTuZJpM
- 31. Machine Learning Flow • Data Collection Collecting data ahead of time • Data Cleaning Combining multiple data source, normalize • Generate features Max info is extracted from the data • Model Supervised / Unsupervised Learning • Label events output • Use feedback to improve model 31
- 32. ML Algorithms • Linear Regression • Logistic Regression • Decision Tree • SVM • Naive Bayes • KNN • K-Means • Random Forest • Dimensionality Reduction Algorithms • Gradient Boosting algorithms • GBM • XGBoost • LightGBM • CatBoost 32
- 33. Deep Learning • Study of artificial neural networks and related machine learning algorithms that contain more than one hidden layer • Type of machine learning inspired by the connections between neurons in the human brain. Researchers developed a man-made imitation of this biological connectivity known as artificial neural networks (commonly known as neural nets). • Deep learning can use both the common supervised learning technique and the more complex and cutting edge alternative of unsupervised learning. 33
- 34. ML Vs DL 34
- 37. Continued (2) • Common considerations include whether the tool will be a standalone solution or integrated with an SIEM. • It can also be part of a security operations center (SOC) with red and blue teams harnessing it or another layer in the architecture where resources are tight. • It can be connected through a network switch SPAN port and collect the data • A stand-alone server or VM with lots of training data, huge processing power & python https://securityintelligence.com/why-machine-learning-is-an-essential-tool-in-the-cisos-arsenal/ 37
- 38. Implementation Approach • Use case definition Determine the requirement you would want to address (phishing, privilege users, malware, etc.) • Pick Organization subsets For PoC, pick couple of departments from company • Get Source access Solutions need access to certain files, to operate • Understand the results ML solutions deliver probabilistic results based on a percentage. The solution must provide supporting evidence when it flags an event so that analysts can act on it. 38
- 39. Choosing a AI Vendor • Vendor is using ML or AI ( Strong, Narrow) • Technology used for Machine Learning (Deep learning, Reinforcement) • Limits of vendor’s ML • Maintenance cost of ML Technology https://www.csoonline.com/article/3211594/machine-learning/how-artificial-intelligence-fits-into-cybersecurity.html 39
- 40. Security Products (AI & ML) • Password management • https://cups.cs.cmu.edu/meter/ • Windows 10 • Google Recaptcha • AI Powered AntiVirus Software • Oracle Identity SOC & Management cloud https://rasoolirfan.com/2017/05/02/ai-cybersecurity/ 40
- 41. Issues with ML • ML is bad when there’s massive variation in the data that makes training useless. • Like any other technology, machine learning is not something you can install once and forget about. You need to assure continuous training with new datasets • If data is not reviewed, attack code can be injected in to a dataset. • If normal behavior is not defined properly, attack is missed due to false positive 41
- 42. ML Summary • Machine learning is a type of artificial intelligence that enables computers to detect patterns and establish baseline behavior using algorithms that learn through training or observation. • Ideal for detecting insider threats, zero day attacks coupled with behavioral analysis machine learning is able to process and analyze vast amounts of data that are simply impractical for humans. • Know your data. Without applying domain expertise to your dataset, the result will be an overload of alerts and false positives. 42
- 43. Internet of Things (IoT) 43 https://youtu.be/uFy_Pi1Smxk
- 45. Growth of IoT • The IoT’s growth will in turn drive an exponential rise in the volumes of data being generated. • IDC estimating that the number of devices connected to the Internet will surge from 11 billion in 2016 to 80 billion in 2025 • Generating 180 zettabytes of data every year, up from 4.4 zettabytes in 2013 and 44 zettabytes in 2020. https://www.pwc.com/gx/en/industries/communications/assets/pwc-ai-and-iot.pdf 45
- 46. IoT Devices • Smartphones • Tablets • Smart TVs • Smart Lighting Systems • Smart HVAC Systems • Security Cameras and Systems • Wireless Keyboards • Wireless Mouses' • Wireless Headsets • DVRs • Smart Cameras • MiFi-like Routers and Hotspots 46
- 47. Security Issues.. • Encryption IoT & Cloud is open • Authentication Unsecure end points • Firmware updates Outdated version • Privacy Personal data is readily available • Web interface Prone to SQL & cross-site scripting • Backdoor Poorly developed system https://www.networkworld.com/article/3200030/internet-of-things/researchers-find-gaps-in-iot-security.html 47
- 48. Attack on IoT Devices • Continuously scan the internet for the IP address of Internet of things (IoT) devices. • Using a table of more than 60 common factory default usernames and passwords, and logs into them to infect them with the Mirai malware. • This piece of malicious code took advantage of devices running out-of-date versions of the Linux kernel and relied on the fact that most users do not change the default usernames/passwords on their devices • Took down GitHub, DYN, Netflix, Krebs, Twitter, and a number of other major websites 48
- 49. IoT Data 49
- 50. IoT Data 50
- 51. IoT Summary • Access controls for IoT devices • Endpoint devices has to be hardened • Information flow control has to be controlled • Encryption between IoT and Cloud has to be with SSL/TLS • Vendor patches to be rigorously tested and applied • Authentication has to strong • Data collected for AI need to be protected 51
- 53. Too Much of Data • The global median time from compromise to discovery has dropped significantly from 146 days in 2015 to 99 days 2016, but it is still not good enough. • So it still takes 99 days to fix a critical vulnerability. • Big Data is differentiated from traditional technologies in three ways: the amount of data (volume), the rate of data generation and transmission (velocity), and the types of structured and unstructured data (variety) https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html 53
- 54. Security Detection • 1st Generation IDS • Layered security • Prevention impossible • 2nd Generation Security Information & Event Management (SIEM) • Present actionable information to security analyst • Correlate alerts from different IDS sensors • 3rd Generation Security Analytics for Security • Contextual security analytics • Long-term correlation https://www.infosecurity-magazine.com/opinions/big-data-security-privacy/ 54
- 57. Security Analytics Summary • Time to Respond • Key Arsenal for Incident Responders • Integrate with existing security products • Continuous feedback • Know to reduce False Positives 57
- 59. Advantages • User Behavior Analysis (UBA) • Data Theft • Prediction of Threats • Risk Assessment • Management of data • Anomaly Detection • Better Incident Response 59 http://www.securityweek.com/role-artificial-intelligence-cyber-security
- 60. Disadvantages • Limitations of Data (CIA) • AI driven ransomware/malware • Privacy of Data • Legal aspects of data analysis • Unable to predict the possibilities 60
- 61. Recommendation • The four critical steps they can take to do this are: • Define a clear strategy on the expectations and value from the AI systems. This should be clear and approved by the board. • Perform a risk assessment that highlights the financial, regulatory, brand reputation implications from a malfunction in the AI system. • Recognize clearly that the Business requires a strategic Security & Privacy posture for the AI system to fully transform the business. • Intelligent systems have to be Cyber resilient to support the intelligent systems, without which there is more potential for a negative impact as opposed to the intended positive value from AI systems. 61
- 62. Conclusion • Synergy. Program computers to do the grunt work and leave humans to the decision-making, incident management and follow-up. • AI is not a silver bullet. Experts suggest using it to automate mundane and repetitive tasks, not as a replacement for human judgment. • Hackers are still using old standbys—stealing passwords, simple malware, social engineering, etc. AI-generated attacks in the wild aren’t (yet) common. 62 https://youtu.be/TnUYcTuZJpM
- 63. Summary • Artificial Intelligence • Machine Learning • Internet of Things (IoT) • Security Analytics • Advantages & Disadvantages 63
- 64. Q & A? 64