Charmi Chokshi, ML Engineer @Shipmnts.com @charmichokshi Cyber Intelligence, when Security meets AI DevFest Bangalore 2019

Why we have gathered today?

How do we humans learn?

Learning from humans is just not enough now!

No content

The world’s most valuable resource is no longer oil, but data

Okay, I have the Data. So, what do I do with it?

Artificial Intelligence Deep Learning Machine Learning Any technique that enables computers to mimic human intelligence & behaviour A subset of ML, exposing multilayered neural networks to vast amount of data A subset of AI, including statistical techniques to solve the tasks using experience AI vs ML vs DL

Classical Programming Machine Learning Rules Rules Data Data Answers Answers Machine Learning

But from where these systems are getting data?

What gadgets know about you ● A few clicks, and suddenly we given away all of our rights ● How much data we give organisations for free? ● Your phone knows you better than you know yourself* ● Your phone knows: where you went to, who you met, what you read, and what you looked at? ● We are being sorted up in algorithms! *at least true for me :-P

The Search for your Identity ● YOU AND ME ARE NOW A COMMODITY! :-) ● The data we generate does not evaporate but are being mined into a trillion-dollar-a-year company :-| ● Credit card swipes, web searches, locations, likes, purchase history, they are all collected in real-time and are connected to our identity, giving any buyer direct access to our emotional pulse :-(

You can clear your cookies, delete browser history, but your digital footprints will remain forever...

Do I really need to hide my Data? ● You and your data are becoming used to create algorithms as a training example ● You might not face the consequences today itself, but it would affect you and millions of other users gradually ● Are you okay to be judged by a computer?

No content

The Problem: We let our Data go to the Model

The Problem: We care about analytics & recommendations

The Solution: Let the Model come to our Data!

Federated Learning ● When privacy is needed ● Bandwidth or power consumptions are a concern ● High cost of data transfer ● When model improves with more data ● On-device training (mini-tensorflow) ○ Device is idle ○ Plugged-in ○ On wi-fi connection

Can AI become our new Cybersecurity Sheriff?

Cyber Security ● Practices designed to Protect ○ Networks ○ Devices ○ Programs ○ Data ● From ○ Attack ○ Damage ○ Unauthorized access

How security is typically done? ● Signature / String Matching ● Heuristics defined by the “Experts” ● Binary decision - Pass vs Block ● Security operation analysts (humans) take final decisions

How is AI trained for Cybersecurity? ● Like us, hackers leave their digital footprint while attempting to access internal systems too ● Security specialists compile large databases of digital footprints for future reference, to aid in detecting vulnerabilities, and specific patterns by attackers ● With a large enough database of signatures and intrusion patterns, AI can be trained to recognize intrusions as they’re occurring

How is AI trained for Cybersecurity? ● Like us, hackers leave their digital footprint while attempting to access internal systems too ● Security specialists compile large databases of digital footprints for future reference, to aid in detecting vulnerabilities, and specific patterns by attackers ● With a large enough database of signatures and intrusion patterns, AI can be trained to recognize intrusions as they’re occurring

How is AI trained for Cybersecurity? ● Like us, hackers leave their digital footprint while attempting to access internal systems too ● Security specialists compile large databases of digital footprints for future reference, to aid in detecting vulnerabilities, and specific patterns by attackers ● With a large enough database of signatures and intrusion patterns, AI can be trained to recognize intrusions as they’re occurring ● However, AI is just a tool, it still requires human interference, not only to train AI, but step in if AI makes mistakes

ML’s main use in security is to understand what is normal for a system, flag anything unusual, and route it to humans for review

No content

No content

No content

No content

No content

No content

Use Cases: Black-hat Hacker vs White-hat Hacker

Use Cases: White-hat Hacker ● Spam filter application ● Bypassing ML Anti Virus ● CAPTCHA solving ● Steganography ● Program Analysis ● Fraud Detection ● Vulnerability / Malware Scanning ● Data driven Social Engineering

Use Cases: Black-hat Hacker ● Hackers are able to display fully automated cyber attacks, such as generating exploits, patch generation, and launching attacks ● Furthermore, hackers are able to fool learning-based systems ● As an example, hackers can fool self-driving vehicles, by exploiting the vehicle’s road sign detection system, which the AI is trained on

Use Cases: Black-hat Hacker ● Hackers are able to display fully automated cyber attacks, such as generating exploits, patch generation, and launching attacks ● Furthermore, hackers are able to fool learning-based systems ● As an example, hackers can fool self-driving vehicles, by exploiting the vehicle’s road sign detection system, which the AI is trained on ● Plausible Solution: Blockchain technology can prevent log file tampering

Q&A Comments | Suggestions DevFest Bangalore 2019

Charmi Chokshi, ML Engineer @Shipmnts.com @charmichokshi Thank you! Happy learning :) DevFest Bangalore 2019