Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
© British Telecommunications plc 2019
AI & Security
Dr Robert Hercock
Chief Researcher – BT Labs Security Group
1 © British Telecommunications plc 2019
© British Telecommunications plc 2019
Beginning of AI
The Past - Colossus
2 © British Telecommunications plc 2019
© British Telecommunications plc 2019
The Future
Robotics
Big data
AI
Drones
AR
Cloud
Hosting
Intelligence
Quantum / QKD
3
© British Telecommunications plc 2019
AI in Fiction
4
1927
Fritz Lang’sMetropolis
1950
Isaac Asimov’sI, Robot
1968
2001: A Space Odyssey
1984
The Terminator
2013
Her Ghost in the Shell
2017
© British Telecommunications plc 2019
History of AI
5
1940s
Programmable computers
1950s
Symbolic AI
1960s
Neural networks
1990s
Deep neural networks
Big data / GPU / deep learning
2000s1980s
Behaviour-based robotics
Shifted focus onto non-symbolic reasoning
© British Telecommunications plc 2019
AI and Security
6
AI and Security
© British Telecommunications plc 2019
AI as a Catalyst
7
AI is a catalytic technology.
Prior examples: • Gunpower
• Printing press• Steam engines• Vacuum tubes• Computers.
All revolutionised warfare and security.
© British Telecommunications plc 2019
MoD AI JCN
https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/709359/20180517-
concepts_uk_human_machine_teaming_jcn_1_18.pdf
8
© British Telecommunications plc 2019
Security Futures – Powered by AI
Securing Future Converged Networks.
• IoT market will reach $724.2 billion by 2023, 5G worth $33.72 billion by 2026.
• IoT Security technologies - Low-power crypto
• Next generation security as a service capabilities for NfV and SDN environments.
• End-to-end Security of 5G networks
• Security of Critical National Infrastructure
• Data protection including Post Quantum Crypto
Future Cyber Defence.
• By 2024, security analytics expected to generate $12 billion in revenue.
• Automated anomaly detection based on deep learning and pattern recognition.
• Automated/semi-automated response to future threats - - enterprise immune response
Emerging Paradigms.
• Blockchain market is forecast to grow to $2.3 billion by 2021.
• Proof of concept to demonstrate Blockchain integration with data protection enforcement, IoT services and revenue/number management.
• Malware propagation modelling and simulation.
• Next generation identity and access management – world beyond passwords.
• Self-healing models for cyber defence.
• Assessment of Quantum Computing threats to Encryption.
9
Securing Future
Converged Networks
Emerging Paradigms
Future Cyber Defence
Response
Detection/
Prediction
Prevention
• Cyber Security market worldwide is to grow to £200 billion by 2023 from £120 billion today, BT’s ambition is to achieve £1 billion in 3 years• Global cost of Cyber attacks > £92 billion, average total financial cost of incidents in 2018 £857,000, Average response time is 31 Days• BT deals with 125,000 attacks per month on our Network
© British Telecommunications plc 2019
Cyber Security Costs
10
NotPetya – June 2017, largest attack so far by cost
$870,000,000 Pharmaceutical company Merck
$400,000,000Delivery company FedEx
(through European subsidiary TNT Express)
$300,000,000Danish shipping
company Maersk
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
© British Telecommunications plc 201911 © British Telecommunications plc 2019
© British Telecommunications plc 2019
Saturn: intelligent interactive data analytics
Give the users the control to do what they need to
do with any data.
Through different visual techniques and
unsupervised machine learning, patterns of interest
are made more apparent.
Analysts remain in the problem space rather than
having to think about speaking the language of
the database.
12
© British Telecommunications plc 2019
Cyber Hunting Scenario
Unsupervised Event Clustering
13
© British Telecommunications plc 2019
Intelligence Augmentation (IA)
Instead of fully automating the process, build and use tools that augment and integrate both human and machine strengths
14 © British Telecommunications plc 2019
Machine-led Human-led
Interactive Visualisation
Automated Processing
Validation and Triage
Visual Analytics
© British Telecommunications plc 2019
Cyber Security Platform
Presentation
Case management Reporting
Visual analyticsSelf-servicedashboards
Cyber SOC
Data ingestionand enrichment
Data Lake
• We break down the data so that it is placed in a common framework
• That data is enriched with contextualizing information from both inside and outside the organisation
• It is then analysed by machine learning technology and stored in the data lake.
15
Analytics
Advanced analytics
Alertingrule engine
Intelligencecorrelation
Internal and externaldata sources
Email Netflow
Firewalls
Vulnerability
SIEM
Chats / phone logs
IDS / IPS
Social media Threat intelligence
“Other” sources
© British Telecommunications plc 2019
Nexus: next generation graph analytics
Model relationships that exist
or can be derived from data and
allow resultant graphs to be
visually explored by analysts
benefit from graph theoretic
algorithms for filtering and
styling the data at scale.
Underpinned by AI-based big
data analytics techniques to
preserve the most salient
aspects of data before pushing
to analysts.
16
© British Telecommunications plc 2019
.
Sampled NetFlow5 minutes, 9,000 devicesRaw network connections
Before machine learning applied
17
© British Telecommunications plc 2019
After machine learning applied
Unsampled NetFlow5 hours, 200,000 devicesMillions of flowsBehavioural anomalies highlighted
The most suspicious activity is selected for human triage
It takes the analyst seconds to verify a previously unknown botnet attack affecting just nine devices for a matter of minutes and dismiss a false positive
18
© British Telecommunications plc 2019
Bitcoin transactions modelled as a graph to show ransomware payments for WannaCry and NotPetya
19
© British Telecommunications plc 2019
Consolidation Donation Distribution
Linked Ownership Obfuscation20
© British Telecommunications plc 2019
Contextualising Anomalies using Nexus
Suspicious vs Malicious
Normal Hour
21
Attack Hour
© British Telecommunications plc 2019
Deep Learning to Detect Network Anomalies
10:00-11:00 11:00-12:00 12:00-13:00 13:00-14:00 14:00-15:00 15:00-16:00
Botnet computer Victim computer
Hosts positioned according to their behaviour, e.g. connecting hosts, destination ports, flow size, …
22
© British Telecommunications plc 2019
Deep Learning
Large Neural Networks
Deep Mind
• AlphaGo
• AlphaZero
• AlphaStar
23
© British Telecommunications plc 2019
Fake Everything
Figure 2: Increasingly realistic synthetic faces generated by variations on Generative Adversarial Networks (GANs). In order, the images are from papers by Goodfellow et al. (2014), Radford et al. (2015), Liu and Tuzel(2016), and Karras et al. (2017).
24
© British Telecommunications plc 2019
Threat Landscape
Autonomous defence systems will be essential for emerging threats
25
© British Telecommunications plc 2019
UUV and AI
26
© British Telecommunications plc 201927
© British Telecommunications plc 2019
China and AI
“Intelligence supremacy will be the core of future warfare” and that “AI may completely
change the current command structure, which is dominated by humans” to one that is
dominated by an “AI cluster.”
“China’s government sees AI as a promising military “leapfrog development” opportunity,
meaning that it offers military advantages over the US and will be easier to implement in
China than the United States.”
“China’s AI leapfrog strategy is its prioritized investment and technology espionage for low-
cost, long-range, autonomous, and unmanned submarines. China believes these systems
will be a cheap and effective means of threatening U.S. aircraft carrier battlegroups and an
alternative path to projecting Chinese power at range.” p.9
28
© British Telecommunications plc 2019
Security, Chips and AI
“In the Samsung semiconductor lab, they noted that all of
the printer paper in the building was laced with a metallic
thread to set off the exit door metal detectors, a potent
illustration of Samsung’s view that intellectual property
theft is a significant threat.”
“…all major technology firms in China cooperate
extensively with China’s military and state security
services and are legally required to do so. Article 7 of
China’s National Intelligence Law gives the government
legal authority to compel such assistance, though the
government also has powerful non-coercive tools to
incentivize cooperation.”29
© British Telecommunications plc 2019
Summary
30
AI is reshaping cyber security at all levels
Longer term: the HAL problem – AI can be benign, but has conflicting instructions
Is your AI biased, has it been deceived?Q.
© British Telecommunications plc 2019
Will have a major impact on society: i.e. employment and wealth balance
Key development – explainable AI required