Threat Intelligence

1/11/2018
10:30 AM
Raffael Marty
Raffael Marty
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv

AI in Cybersecurity: Where We Stand & Where We Need to Go

How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.

This visualization of 100GB of network traffic over a period of one week is used to determine 'normal' behavior and identify potential  anomalies by experts.
This visualization of 100GB of network traffic over a period of one week is used to determine 'normal' behavior and identify potential anomalies by experts.

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
cknisley44
100%
0%
cknisley44,
User Rank: Apprentice
1/12/2018 | 4:37:14 PM
Bayesian Belief Networks for Cybersecurity
Really nice article highlighting the exact things we at Haystax Technology talk about with the use of AI in cybersecurity. It seems every vendor has launched a new version of their product in the past year with the tagline of "New and improved with AI". 

There are great places where ML is perfect for cybersecurity, but only as a part of the solution. The heart of our Constellation Analytics Platform is a Bayesian Inference Network built over years of research to reason like a team of cyber experts across weak inputs from disparate sensor systems. Some of those sensors need ML techniques to find the real signal, some don't - but they all come together in a BayesNet that prioritizes the threat and ultimately the risk. 

We believe this is the only viable approach today given what you highlighted of lack of training data, and even if you had some training data, sensor outputs change frequently as the environment changes. Only with additional context can you uncover those malicious events that represent the highest risks. 
cchio
100%
0%
cchio,
User Rank: Apprentice
1/11/2018 | 11:38:23 PM
Great post!
Enjoyed your post. Agree with many of the points you made. Think you will resonate with a lot we have to say in the book we are publishing next month - https://www.amazon.com/Machine-Learning-Security-Protecting-Algorithms/dp/1491979909 Happy to chat more!
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-13435
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest w...
CVE-2018-13446
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. ...
CVE-2018-14567
PUBLISHED: 2018-08-16
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
CVE-2018-15122
PUBLISHED: 2018-08-16
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.
CVE-2018-11509
PUBLISHED: 2018-08-16
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.