Artificial Intelligence & Cybersecurity: Math Not Magic


Wayne Chung
CTO
FBI

Introduction

The field of cybersecurity has slowly progressed from an art to a science. It has been a long and complicated journey that is still punctuated by misunderstandings and lack of rigor. 

The field of artificial intelligence, however, has further transformed from a science to something more akin to magic. The combination of the two has led to a complex, nuanced, and buzzword-laden field that may leave many of us insecure and overly reliant on tools we fundamentally don’t understand. 

This talk will cover some of the realities of AI systems in cybersecurity and how they can be leveraged as a force multiplier for the time-and-resource-limited cyber security analyst.

Watch Wayne Chung’s full presentation here

What you need to do right off the bat to make AI effective for your business

  • Make sure your data is useful. AI is all about data, and it’s hard to get utility out of your data. You need to do a lot of work. 
  • Make sure you are working with accurate labeling. Data is not useful unless it’s labeled for supervised systems. It needs to be labeled tag retrievable. 
  • Know who is giving you your data. A lot of big data companies use their customers for data. However, if you’re not one of these big players, you have to pay someone for data. Most AI is built on people. Do we know who is building our data sets, and should we care? How are they manipulating the data that it may change the way our models react? 

Is AI math or magic? 

AI is math, not magic. It’s about identifying features and performing separations. 

Problem: we don’t know when the model fails. We don’t yet have an underlying understanding of these deep learning systems to know when they are weak, when they’re not weak, and when their failure modes are fundamentally different from the failure modes we understand. 

Why it’s important to listen to your experts:

AI has become really good at finding what we’re asking it to find. 

Problem: the environment is not stationary. The subject we were once telling AI to find may no longer be relevant as the situation changes. We need a way of differentiating the features we care about. 

There is a danger in AI experts spending time and money in building programs that may already exist. If you just ask an expert, you could have avoided the wasted time and money. 

  • Work with your experts from the very start. When you are working with unsupervised learning, you are trying to figure out what is normal for your network. If you have a small office, eventually, you can figure out what is supposed to be on your network (usually). If you have a larger office or multiple offices, you may never be able to figure out every single thing that needs to be on your network. Those larger networks are so complex that it’s often hard to figure out what’s going on. 
  • Bottom line: experts can tell us what is normal and what isn’t normal in what they’re seeing. 

The Internet is really weird! 

Like many things on the Internet, remember that just because it’s weird and an anomaly doesn’t mean that it’s necessarily bad. 

  • Work with your analysts to make sure they know what it is that they’re looking for. 
  • Don’t just work with AI experts but also your subject matter experts. Your AI experts may just ignore things or turn them off, because the AI is not finding anything they care about. 

AI and Cybersecurity

How do we validate what we are doing given that we have people trying to sneak in and manipulate our networks? There are people who are intentionally trying to do bad things. How will these attacks affect our data? When do we even realize that it’s happening?

In the first quarter of 2019 alone, there were over $10 million in losses reported by the three major banks. This was due to a business email compromise. 

  • Keep in mind that your business partners and your bank accounts are not constantly changing. If they are, it’s a red flag. Email should never move money. This would not even technically be considered fraud, because you personally told the banks to move money to a certain place. They did what you told them to do. That money is gone. You are accountable for that loss. 

How can AI actually be used with cybersecurity in mind? 

  • Focus on specific narrow tasks. 
  • Use data that will actually make it useful. 
  • Use both domain and AI expertise, not just one or the other. Build a team. 
  • Weigh the consequences. Test with real-world data and real-world conditions, but never with real-world consequences. 

Bottom line: AI does what you ask it to do, so be prepared for that. 

If you think you’ve been a victim of a crime, please contact your local FBI field office. If you don’t have a relationship with them now, reach out — agents love having a working relationship.


Tags   •   Cybersecurity

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Recent Posts

Does Healthcare AI Meet Basic Ethics Principles? - Ingrid Vasiliu-Feltes Chief Quality and Innovation Officer MEDNAX, Health Solutions Partner Over the past decade we have noticed an exponential…
“Ask Me Anything” with Zappos’s Head of AI/ML Research & Platforms, Ameen Kazerouni - Ameen Kazerouni Head of AI/ML Research & Platforms Zappos Family of Companies Ai4 recently hosted an "Ask Me Anything" session…
Top AI Conferences - Interested in learning the latest in AI this year? We’ve compiled a list of the top artificial intelligence conferences in…
Securing Personal Data for AI/ML Computing in the Cloud - Serge Vilvovsky Cybersecurity & Big Data Engineer MIT Startup Exchange Overview In this presentation, Serge Vilvovsky, a Cyber Security and…
Secure Your Code Via AI - Eliezer Kanal Technical Manager, Cyber Security Foundations, CERT Division Carnegie Mellon University Software Engineering Institute Introduction In this presentation Eliezer…
Leveraging AI in Cybersecurity Risk Modeling & Mitigation - Christopher Novak Director, Threat Advisory Research Verizon Wireless Introduction Originally, there was a poor understanding of why cyber breaches were…
Using AI to Build More Secure Software - Mark Sherman Technical Director, Cyber Security Foundations, CERT Division Carnegie Mellon University Software Engineering Institute Introduction MITRE's Common Vulnerabilities and…
Artificial Intelligence & Cybersecurity: Math Not Magic - Wayne Chung CTO FBI Introduction The field of cybersecurity has slowly progressed from an art to a science. It has…
Life Hacks for Thrilling the Customer with Your Data Science Technical Summary Products - Anne Lifton Manager of Data Science Nordstrom Overview Anne Lifton is a Manager of Data Science at Nordstrom and in…
Machine Learning for Pricing and Inventory Optimization @ Macy’s - Jolene Mork Senior Data Scientist Macy's Iain Stitt Data Scientist Macy's Bhagyesh Phanse VP, Data Science Macy's Overview In this…

Popular Posts

Leveraging AI in Cybersecurity Risk Modeling & Mitigation - Christopher Novak Director, Threat Advisory Research Verizon Wireless Introduction Originally, there was a poor understanding of why cyber breaches were…
Machine Learning for Pricing and Inventory Optimization @ Macy’s - Jolene Mork Senior Data Scientist Macy's Iain Stitt Data Scientist Macy's Bhagyesh Phanse VP, Data Science Macy's Overview In this…
Machine Learning and Artificial Intelligence in Banking - Artit "Art" Wangperawong Distinguished Engineer US Bank Introduction Every company’s AI journey is different. We’re all trying to figure out…
Convergent AI in Reducing Overdiagnosis, Overtreatment, and Misdiagnosis - Stephen Wong Chief Research Information Officer & Chair Professor Houston Methodist The current healthcare situation:  High-cost/low-quality healthcare is now a…
Figuring Out Applied ML: Building Frameworks and Teams to Operationalize ML at Scale - Dr. Nels Lindahl Director of Clinical Systems CVS Health How do you operationalize machine learning at scale? How do you…
The Autonomous Pharmacy: Applying AI and ML to Medication Management Across the Care Continuum - Ken Perez VP of Healthcare Policy Omnicell, Inc. Ken applies artificial intelligence (AI) and machine learning (ML) solutions to medication…
Unleashing the Power of AI on R&D: The Potential, The Pitfalls, The Progress - Dr. Jim Weatherall VP, Data Science & AI Astrazeneca R&D Intro to AstraZeneca R&D Here we see an end-to-end case…
Advancements at Siemens Healthineers in AI for Medical Imaging - Bimba Rao Head of Global Artificial Intelligence Engineering Siemens Healthineers Ultrasound Siemens Healthineers background  Siemens Healthineers builds healthcare products and…
What AI Will Bring to Medicine and Why Human Experts Are Here to Stay - Hakima Ibaroudene Group Leader - Research & Development Southwest Research Institute Overview Hakima Ibaroudene discusses how she and her team…
Does Healthcare AI Meet Basic Ethics Principles? - Ingrid Vasiliu-Feltes Chief Quality and Innovation Officer MEDNAX, Health Solutions Partner Over the past decade we have noticed an exponential…