ciber espionaje y la ciber delincuencia Inteligencia Artificial para frenar...
Transcript of ciber espionaje y la ciber delincuencia Inteligencia Artificial para frenar...
Inteligencia Artificial para frenar el ciber espionaje y la ciber delincuencia
PatternEx | April 2017
1
2
••••
3
•»»»
•••••
4
User authentication
Applications
Endpoints
Network
Servers
PATTERNEX CONFIDENTIAL 5http://techstory.in/security-operations-center/
PATTERNEX CONFIDENTIAL 6
Detection Investigation ResponseBuild knowledge
7
8
•»»
•»
•»»»
•»»
9
••
»»
•
10
•»
oo
»
…
•»
11
12http://www.zonalider.com/tecnologia/no-es-broma-el-zapatofono-del-super-agente-86-sera-una-realidad
••
13
•»»
•»
»
•»
»
•»»
14
a3q4lz8p.comz29e4az.com19wbl12.comb2vql89i.como39elba8.com
google.com
twitter.com
default allow
baddomain.com block
... ...
lastbadomain.com blockz29e4az.com
15
••
»»
•»»»
17http://inside-out.xyz/technology/how-dns-tunneling-works.html
•»»»
18
80% 86%
PATTERNEX CONFIDENTIAL 19
•»
False positives
False negatives Dwell time
•
20
PATTERNEX CONFIDENTIAL 21
Step Example:
Determine Tactic/technique Command and control via DGA
Determine the entity (User, file, host etc.)
Host / Internal IP
Feature engineering 1. Randomness of visited domains2. How many domains did the host try to visit?
Data Labeling/annotating ● DGA ● Benign
Model Classifier
Prediction Benign or DGA
PATTERNEX CONFIDENTIAL 22
ModelJane: AttackJohn: Benign…Smith: Attack
Labels
Million dollar question: Where do these labels come from?
PATTERNEX CONFIDENTIAL 23
ModelJane: AttackJohn: Benign…Smith: Attack
Predictions
PATTERNEX 24
Teaching a computer to see Feature Engineering Labeling Models
TURKERS
Cla
ssifi
catio
nC
AT
vs. N
OT
VISION EXPERT
DATA SCIENTIST Model
25
PATTERNEX 26
Computer vision vs InfoSecData Property Computer Vision InfoSec
Available
Universal
Labeled
Static/Dynamic
PATTERNEX 27
Data Property Computer Vision InfoSec
Available
Universal
Labeled
Static/Dynamic
PATTERNEX 28
Data Property Computer Vision InfoSec
Available
Universal
Labeled
Static/Dynamic
PATTERNEX CONFIDENTIAL 29
PATTERNEX 30
Data Property Computer Vision InfoSec
Available
Universal
Labeled
Static/Dynamic
PATTERNEX CONFIDENTIAL 31
•
•»
»
•
PATTERNEX CONFIDENTIAL 32
•
•
•»»
PATTERNEX 33
Data Property Computer Vision InfoSec
Available
Universal
Labeled
Static/Dynamic
34
User authentication
Applications
Endpoints
Network
Servers
SecurityAnalyst
PATTERNEX CONFIDENTIAL 35
https://blog.acolyer.org/2016/06/23/ai2-training-a-big-data-machine-to-defend/
1.2.3.
4.»»»
36K. Veeramachaneni, I. Arnaldo et al., AI^2: Training a Big Data Machine to Defend, 2016 IEEE 2nd International Conference on Big Data Security on Cloud, 2016
37
Reduce Operating Expenses
•
»
»•
»
PATTERNEX CONFIDENTIAL 38
Transfer learning
39
40
41
AI - Data Science
Go-to-market
Sec OpsDistributed systems/products
42
● Ai2 among the 16 coolest innovations that came out of CSAIL, MIT in 2016: “A deep-learning system called AI2 was shown to be able to predict 85 percent of cyberattacks with the help of some human input.”
● CSO: “AI will transform information security, but it won’t happen overnight”
43
…
•»»»
Thank You