Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

1/11/2018
10:30 AM
Raffael Marty
Raffael Marty
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv

AI in Cybersecurity: Where We Stand & Where We Need to Go

How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.

This visualization of 100GB of network traffic over a period of one week is used to determine 'normal' behavior and identify potential  anomalies by experts.
This visualization of 100GB of network traffic over a period of one week is used to determine 'normal' behavior and identify potential anomalies by experts.

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
cknisley44
100%
0%
cknisley44,
User Rank: Apprentice
1/12/2018 | 4:37:14 PM
Bayesian Belief Networks for Cybersecurity
Really nice article highlighting the exact things we at Haystax Technology talk about with the use of AI in cybersecurity. It seems every vendor has launched a new version of their product in the past year with the tagline of "New and improved with AI". 

There are great places where ML is perfect for cybersecurity, but only as a part of the solution. The heart of our Constellation Analytics Platform is a Bayesian Inference Network built over years of research to reason like a team of cyber experts across weak inputs from disparate sensor systems. Some of those sensors need ML techniques to find the real signal, some don't - but they all come together in a BayesNet that prioritizes the threat and ultimately the risk. 

We believe this is the only viable approach today given what you highlighted of lack of training data, and even if you had some training data, sensor outputs change frequently as the environment changes. Only with additional context can you uncover those malicious events that represent the highest risks. 
cchio
100%
0%
cchio,
User Rank: Apprentice
1/11/2018 | 11:38:23 PM
Great post!
Enjoyed your post. Agree with many of the points you made. Think you will resonate with a lot we have to say in the book we are publishing next month - https://www.amazon.com/Machine-Learning-Security-Protecting-Algorithms/dp/1491979909 Happy to chat more!
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14994
PUBLISHED: 2019-09-19
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version...
CVE-2019-15000
PUBLISHED: 2019-09-19
The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6....
CVE-2019-15001
PUBLISHED: 2019-09-19
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.1.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain rem...
CVE-2019-16398
PUBLISHED: 2019-09-19
On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.
CVE-2019-11779
PUBLISHED: 2019-09-19
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.