Artificial Intelligence & Cybersecurity: Math Not Magic
The field of cybersecurity has slowly progressed from an art to a science. It has been a long and complicated journey that is still punctuated by misunderstandings and lack of rigor.
The field of artificial intelligence, however, has further transformed from a science to something more akin to magic. The combination of the two has led to a complex, nuanced, and buzzword-laden field that may leave many of us insecure and overly reliant on tools we fundamentally don’t understand.
This talk will cover some of the realities of AI systems in cybersecurity and how they can be leveraged as a force multiplier for the time-and-resource-limited cyber security analyst.
What you need to do right off the bat to make AI effective for your business
- Make sure your data is useful. AI is all about data, and it’s hard to get utility out of your data. You need to do a lot of work.
- Make sure you are working with accurate labeling. Data is not useful unless it’s labeled for supervised systems. It needs to be labeled tag retrievable.
- Know who is giving you your data. A lot of big data companies use their customers for data. However, if you’re not one of these big players, you have to pay someone for data. Most AI is built on people. Do we know who is building our data sets, and should we care? How are they manipulating the data that it may change the way our models react?
Is AI math or magic?
AI is math, not magic. It’s about identifying features and performing separations.
Problem: we don’t know when the model fails. We don’t yet have an underlying understanding of these deep learning systems to know when they are weak, when they’re not weak, and when their failure modes are fundamentally different from the failure modes we understand.
Why it’s important to listen to your experts:
AI has become really good at finding what we’re asking it to find.
Problem: the environment is not stationary. The subject we were once telling AI to find may no longer be relevant as the situation changes. We need a way of differentiating the features we care about.
There is a danger in AI experts spending time and money in building programs that may already exist. If you just ask an expert, you could have avoided the wasted time and money.
- Work with your experts from the very start. When you are working with unsupervised learning, you are trying to figure out what is normal for your network. If you have a small office, eventually, you can figure out what is supposed to be on your network (usually). If you have a larger office or multiple offices, you may never be able to figure out every single thing that needs to be on your network. Those larger networks are so complex that it’s often hard to figure out what’s going on.
- Bottom line: experts can tell us what is normal and what isn’t normal in what they’re seeing.
The Internet is really weird!
Like many things on the Internet, remember that just because it’s weird and an anomaly doesn’t mean that it’s necessarily bad.
- Work with your analysts to make sure they know what it is that they’re looking for.
- Don’t just work with AI experts but also your subject matter experts. Your AI experts may just ignore things or turn them off, because the AI is not finding anything they care about.
AI and Cybersecurity
How do we validate what we are doing given that we have people trying to sneak in and manipulate our networks? There are people who are intentionally trying to do bad things. How will these attacks affect our data? When do we even realize that it’s happening?
In the first quarter of 2019 alone, there were over $10 million in losses reported by the three major banks. This was due to a business email compromise.
- Keep in mind that your business partners and your bank accounts are not constantly changing. If they are, it’s a red flag. Email should never move money. This would not even technically be considered fraud, because you personally told the banks to move money to a certain place. They did what you told them to do. That money is gone. You are accountable for that loss.
How can AI actually be used with cybersecurity in mind?
- Focus on specific narrow tasks.
- Use data that will actually make it useful.
- Use both domain and AI expertise, not just one or the other. Build a team.
- Weigh the consequences. Test with real-world data and real-world conditions, but never with real-world consequences.
Bottom line: AI does what you ask it to do, so be prepared for that.
If you think you’ve been a victim of a crime, please contact your local FBI field office. If you don’t have a relationship with them now, reach out — agents love having a working relationship.