AI & Security - Royalsignals€¦ · Self-service Visual analytics dashboards Cyber SOC Data ingestion and enrichment ... • It is then analysed by machine learning technology and

© British Telecommunications plc 2019

AI & Security

Dr Robert Hercock

Chief Researcher – BT Labs Security Group

1 © British Telecommunications plc 2019


Beginning of AI

The Past - Colossus



The Future

Robotics

Big data

AI

Drones

AR

Cloud

Hosting

Intelligence

Quantum / QKD

3


AI in Fiction

4

1927

Fritz Lang’sMetropolis

1950

Isaac Asimov’sI, Robot

1968

2001: A Space Odyssey

1984

The Terminator

2013

Her Ghost in the Shell

2017


History of AI

5

1940s

Programmable computers

1950s

Symbolic AI

1960s

Neural networks

1990s

Deep neural networks

Big data / GPU / deep learning

2000s1980s

Behaviour-based robotics

Shifted focus onto non-symbolic reasoning


AI and Security

6

AI and Security


AI as a Catalyst

7

AI is a catalytic technology.

Prior examples: • Gunpower

• Printing press• Steam engines• Vacuum tubes• Computers.

All revolutionised warfare and security.


MoD AI JCN

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/709359/20180517-

concepts_uk_human_machine_teaming_jcn_1_18.pdf

8

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/709359/20180517-concepts_uk_human_machine_teaming_jcn_1_18.pdf


Security Futures – Powered by AI

Securing Future Converged Networks.

• IoT market will reach $724.2 billion by 2023, 5G worth $33.72 billion by 2026.

• IoT Security technologies - Low-power crypto

• Next generation security as a service capabilities for NfV and SDN environments.

• End-to-end Security of 5G networks

• Security of Critical National Infrastructure

• Data protection including Post Quantum Crypto

Future Cyber Defence.

• By 2024, security analytics expected to generate $12 billion in revenue.

• Automated anomaly detection based on deep learning and pattern recognition.

• Automated/semi-automated response to future threats - - enterprise immune response

Emerging Paradigms.

• Blockchain market is forecast to grow to $2.3 billion by 2021.

• Proof of concept to demonstrate Blockchain integration with data protection enforcement, IoT services and revenue/number management.

• Malware propagation modelling and simulation.

• Next generation identity and access management – world beyond passwords.

• Self-healing models for cyber defence.

• Assessment of Quantum Computing threats to Encryption.

9

Securing Future

Converged Networks

Emerging Paradigms

Future Cyber Defence

Response

Detection/

Prediction

Prevention

• Cyber Security market worldwide is to grow to £200 billion by 2023 from £120 billion today, BT’s ambition is to achieve £1 billion in 3 years• Global cost of Cyber attacks > £92 billion, average total financial cost of incidents in 2018 £857,000, Average response time is 31 Days• BT deals with 125,000 attacks per month on our Network


Cyber Security Costs

10

NotPetya – June 2017, largest attack so far by cost

$870,000,000 Pharmaceutical company Merck

$400,000,000Delivery company FedEx

(through European subsidiary TNT Express)

$300,000,000Danish shipping

company Maersk

https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

© British Telecommunications plc 201911 © British Telecommunications plc 2019


Saturn: intelligent interactive data analytics

Give the users the control to do what they need to

do with any data.

Through different visual techniques and

unsupervised machine learning, patterns of interest

are made more apparent.

Analysts remain in the problem space rather than

having to think about speaking the language of

the database.

12


Cyber Hunting Scenario

Unsupervised Event Clustering

13


Intelligence Augmentation (IA)

Instead of fully automating the process, build and use tools that augment and integrate both human and machine strengths


Machine-led Human-led

Interactive Visualisation

Automated Processing

Validation and Triage

Visual Analytics


Cyber Security Platform

Presentation

Case management Reporting

Visual analyticsSelf-servicedashboards

Cyber SOC

Data ingestionand enrichment

Data Lake

• We break down the data so that it is placed in a common framework

• That data is enriched with contextualizing information from both inside and outside the organisation

• It is then analysed by machine learning technology and stored in the data lake.

15

Analytics

Advanced analytics

Alertingrule engine

Intelligencecorrelation

Internal and externaldata sources

Email Netflow

Firewalls

Vulnerability

SIEM

Chats / phone logs

IDS / IPS

Social media Threat intelligence

“Other” sources


Nexus: next generation graph analytics

Model relationships that exist

or can be derived from data and

allow resultant graphs to be

visually explored by analysts

benefit from graph theoretic

algorithms for filtering and

styling the data at scale.

Underpinned by AI-based big

data analytics techniques to

preserve the most salient

aspects of data before pushing

to analysts.

16


.

Sampled NetFlow5 minutes, 9,000 devicesRaw network connections

Before machine learning applied

17


After machine learning applied

Unsampled NetFlow5 hours, 200,000 devicesMillions of flowsBehavioural anomalies highlighted

The most suspicious activity is selected for human triage

It takes the analyst seconds to verify a previously unknown botnet attack affecting just nine devices for a matter of minutes and dismiss a false positive

18


Bitcoin transactions modelled as a graph to show ransomware payments for WannaCry and NotPetya

19


Consolidation Donation Distribution

Linked Ownership Obfuscation20


Contextualising Anomalies using Nexus

Suspicious vs Malicious

Normal Hour

21

Attack Hour


Deep Learning to Detect Network Anomalies

10:00-11:00 11:00-12:00 12:00-13:00 13:00-14:00 14:00-15:00 15:00-16:00

Botnet computer Victim computer

Hosts positioned according to their behaviour, e.g. connecting hosts, destination ports, flow size, …

22


Deep Learning

Large Neural Networks

Deep Mind

• AlphaGo

• AlphaZero

• AlphaStar

23


Fake Everything

Figure 2: Increasingly realistic synthetic faces generated by variations on Generative Adversarial Networks (GANs). In order, the images are from papers by Goodfellow et al. (2014), Radford et al. (2015), Liu and Tuzel(2016), and Karras et al. (2017).

24


Threat Landscape

Autonomous defence systems will be essential for emerging threats

25


UUV and AI

26



China and AI

“Intelligence supremacy will be the core of future warfare” and that “AI may completely

change the current command structure, which is dominated by humans” to one that is

dominated by an “AI cluster.”

“China’s government sees AI as a promising military “leapfrog development” opportunity,

meaning that it offers military advantages over the US and will be easier to implement in

China than the United States.”

“China’s AI leapfrog strategy is its prioritized investment and technology espionage for low-

cost, long-range, autonomous, and unmanned submarines. China believes these systems

will be a cheap and effective means of threatening U.S. aircraft carrier battlegroups and an

alternative path to projecting Chinese power at range.” p.9

28


Security, Chips and AI

“In the Samsung semiconductor lab, they noted that all of

the printer paper in the building was laced with a metallic

thread to set off the exit door metal detectors, a potent

illustration of Samsung’s view that intellectual property

theft is a significant threat.”

“…all major technology firms in China cooperate

extensively with China’s military and state security

services and are legally required to do so. Article 7 of

China’s National Intelligence Law gives the government

legal authority to compel such assistance, though the

government also has powerful non-coercive tools to

incentivize cooperation.”29


Summary

30

AI is reshaping cyber security at all levels

Longer term: the HAL problem – AI can be benign, but has conflicting instructions

Is your AI biased, has it been deceived?Q.


Will have a major impact on society: i.e. employment and wealth balance

Key development – explainable AI required

Documents

AI & Security - Royalsignals€¦ · Self-service Visual analytics dashboards Cyber SOC Data ingestion and enrichment ... • It is then analysed by machine learning technology and